Project

General

Profile

Error: creating connection for: {cert-required-domain=4989, cid=myvirtualhost.mydomain.net@4989

Hamid Alimohammadi
Added about 3 years ago

Hello,

I have been receiving this error in console-log file. As I saw the port-no=5269 in the log file, I though it may be related to a misconfiguration in my cluster, so I changed the init.porperties to non-cluster mode.

Strangely I still get this error.

I checked the database tables, the cluster_nodes table was empty and I could not find any database entry for "4989" as a domain or remote-hostname.

As the server is running in non-cluster mode, I am wondering why there is a s2s remote-ip=0.0.19.125 (a sort of broadcast address?) and remote-hostnmae-4489 in the console log.

Could you please help me to find the reason?

015-06-07 11:04:29.503 [ConnectionOpenThread]  ConnectionOpenThread.addAllWaiting()  WARNING: Error: creating connection for: {cert-required-domain=4989, cid=myvirtualhost.mydomain.net@4989, ifc=[Ljava.lang.String;@53987706, local-hostname=myvirtualhost.mydomain.net, port-no=5269, remote-hostname=4989, remote-ip=0.0.19.125, s2s-connection-key=S2S: null, socket=plain, srv-type=_xmpp-server._tcp, type=connect}
java.net.SocketException: Invalid argument
        at sun.nio.ch.Net.connect0(Native Method)
        at sun.nio.ch.Net.connect(Net.java:465)
        at sun.nio.ch.Net.connect(Net.java:457)
        at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:670)
        at tigase.net.ConnectionOpenThread.addISA(ConnectionOpenThread.java:352)
        at tigase.net.ConnectionOpenThread.addPort(ConnectionOpenThread.java:373)
        at tigase.net.ConnectionOpenThread.addAllWaiting(ConnectionOpenThread.java:306)
        at tigase.net.ConnectionOpenThread.run(ConnectionOpenThread.java:235)
        at java.lang.Thread.run(Thread.java:745)

The init.properties file:

config-type=--gen-config-all
--vhost-anonymous-enabled = false
--virt-hosts=myvirtualhost.mydomain.net
--admins=admin@myvirtualhost.mydomain.net
--user-db=mysql
--user-db-uri=jdbc:mysql://10.1.1.68/tigasedb?user=tigase&password=tigase12
message-archive/archive-repo-uri=jdbc:mysql://10.1.1.68/tigasedb?user=tigase&password=tigase12
--message-archive/auto=true
--cluster-mode=false
basic-conf/logging/tigase.db.level=FINEST
--debug=db
--monitoring=jmx:9050,http:9080,snmp:9060
--sm-plugins=+message-archive-xep-0136,+jabber:iq:auth,+urn:ietf:params:xml:ns:xmpp-sasl,+urn:ietf:params:xml:ns:xmpp-bind,+urn:ietf:params:xml:ns:xmpp-session,-jabber:iq:register,+jabber:iq:roster,+presence,+jabber:iq:privacy,-jabber:iq:version,-http://jabber.org/protocol/stats,+starttls,+amp,-msgoffline,+vcard-temp,+http://jabber.org/protocol/commands,+jabber:iq:private,+urn:xmpp:ping,-basic-filter,-domain-filter,-pep,-zlib,-jabber:iq:last
--amp-security-level=NONE
sess-man/plugins-conf/message-archive-xep-0136/required-store-method=body
sess-man/plugins-conf/message-archive-xep-0136/component-jid=message-archive@myvirtualhost.mydomain.net
c2s/processors[s]=urn:xmpp:sm:3
c2s/watchdog_delay[L]=60000
c2s/watchdog_timeout[L]=40000
c2s/watchdog_ping_type=xmpp
c2s/max-inactivity-time[L]=100
--comp-class-6=tigase.archive.MessageArchiveComponent
--comp-name-6=message-archive
--comp-name-5=http
--comp-class-5=tigase.http.HttpMessageReceiver
--api-keys=open_access
--comp-class-1=tigase.muc.MUCComponent
--comp-name-1=muc
muc/default_room_config/muc#roomconfig_persistentroom=true
muc/default_room_config/muc#roomconfig_publicroom=false
muc/default_room_config/muc#roomconfig_membersonly=true
muc/default_room_config/muc#roomconfig_changesubject=true
muc/default_room_config/muc#maxhistoryfetch=500
muc/default_room_config/muc#roomconfig_roomname=Group
muc/muc-allow-chat-states[B]=true

Replies (5)

Added by Wojciech Kapcia TigaseTeam about 3 years ago

Most likely one of your users has a contact added with domain @@4989@, and Tigase tries to send presence probe to it, and it does that by trying to open connection to such host. Because it doesn't exists, it fails continuously.

Added by Hamid Alimohammadi about 3 years ago

Thank you for help,

I checked and found out there was a false domain @4989 created by a user.

Is there any way to filter these kind of false domain by server to avoid over-load? I mean, can we configure server to block/filter these requests (instead of trying to send presence probe or opening new connections)?

Added by Wojciech Kapcia TigaseTeam about 3 years ago

Well, you can configure user communication only to local domains for example. As for external domains - allowing federation is inherent capability of the XMPP protocol / server implementations therefore attempts to make a connections to such domains. However - Tigase only tries a number of times (spread over time) to establish such connections (in case remote server is down).

Added by Hamid Alimohammadi about 3 years ago

Actually I enabled +domain-filter in the init.properties, but still server is trying to open connection to the not valid domain=4989

It seems I misunderstood +domain-filter plug-in, I am trying to find proper documentation.

May I ask where I can find a Tigase documentation or link to allow only local domains?

Added by Wojciech Kapcia TigaseTeam about 3 years ago

It's described here: Packet Filtering

You can change this on per-VHost basis.

    (1-5/5)