Troubleshooting Openfire chat issues

When you use Openfire chat, you might face issues such as the chat icon not appearing on the Smart IT home page or connection issues. Use this information to understand and resolve the problem or to create a BMC Support case.

Symptoms

  • The chat icon does not appear on the Smart IT home page.
  • The chat icon is red in Smart IT.
  • When you send a message in Openfire chat, the users or buttons are not accessible.

Scope

  • One or more users experience these problems.

Resolution

Perform the following steps to troubleshoot the Openfire chat issues:

Step

Task

Description

1

Troubleshoot

 

  1. Check the following properties in Centralized Configuration:

    chat.server.cm.host = <openfire single server host>
    chat.server.client.port = 5222
    chat.server.admin.login = admin
    chat.server.admin.password = admin
    chat.server.admin.pool.size = 6
    chat.server.groupChatService = conference
    chat.server.domain = <Single server url>
    chat.server.boshUrl = http://<single server url pointing to 7070>/http-bind/

  2. When using a load balancer, change the following properties:

    chat.server.cm.host = <loadbalancer url pointing to 5222>
    chat.server.domain = <loadbalancer url pointing to 5222>
    chat.server.boshUrl = http://<loadbalancer url pointing to 7070>/http-bind/
  3. Check the following parameters:

    • The chat.server.boshUrl parameter contains a valid value.
      To verify that the value is valid, open the bind URL, that is, the server name without the bind port information.
      Example:
      http://cld-rwx-t49agn.abc.com:7070/ 
      You should see the following message:
      Openfire HTTP Binding service.
    • The chat.server.cm.host parameter is in lower case and has a fully qualified name.
    • The value specified in the chat.server.domain parameter is correct.

2

Gather the log files

If the issue is not resolved, gather the Openfire log files and ux.log.

In the <installDirectory>/SmartIT/openfire/logs/ location, the following files are present:

  • openFire_error.log
  • openFire_debug.log
  • openFire_info.log
  • openFire_warn.log     

To generate the Openfire debug logs:

  1. Navigate to the <installDirectory>\openfire\lib.

  2. Open the log4j.xml file and search for the following text:

    <root>
    <level value="info" />
    <appender-ref ref="all-out" />
    <appender-ref ref="debug-out" />
    <appender-ref ref="info-out" />
    <appender-ref ref="warn-out" />
    <appender-ref ref="error-out" />
    </root>
  3. Change the level value to Debug and set the log path.
  4. Restart the Openfire service.
  5. Check if the debug logs are generated in the openfire/logs folder.
  6. Verify that Smart IT can connect to Openfire by reviewing the debug ux.log file after restarting Smart IT. Search for strings such as Openfire or chatting.

The following message should be displayed:
 Smart IT was able to make connections to the Openfire server.

3

Verify whether the Openfire service is enabled and check settings in the Openfire Admin console.

You must be able to log in to the Admin console (http://<serverName>:7001) when the service is up.

Check the parameters in Admin console. The default password is admin.

If the Openfire instance uses some other password for the admin user account, you can enter this value in clear text in the Centralized configration.

Verify the following property settings in the Openfire Admin console.

  1. Navigate to Server Manager, System Properties.

    Property name

    Value

    hybridAuthProvider.primaryProvider.className

    org.jivesoftware.openfire.auth.DefaultAuthProvider

    hybridAuthProvider.secondaryProvider.className

    com.bmc.bsm.galileo.chat.openfire.AuthPlugin

    provider.auth.className

    org.jivesoftware.openfire.auth.HybridAuthProvider

    provider.auth.authResource

    http://<smart-it-server>:9000/smartit/rest/users/chat/

    xmpp.domain (Smart IT server domain name)

    This value must match the chat.server.cm.host parameter in the connect.properties file

  2.   If there is a load balancer, make the following changes to these properties:
    • provider.auth.authResource: http://<LoadBalancerSever>:LBPort/smartit/rest/users/chat/
    • xmpp.domain: Load balancer server domain name
  3. Ensure that there are no leading and trailing spaces added to these properties and its value.

  4. Ensure that the values in the \external-conf\connect.properties file are the same as those in the Centralized configuration and Openfire Admin console.

    chat.server.cm.host = <openfire_host>
    chat.server.client.port = 5222
    chat.server.admin.login = admin
    chat.server.admin.password = 5Vi0vg7XpfaK6i3frg2WGw%3D%3D
    (this is the encrypted string 'admin')
    chat.server.groupChatService = conference
    chat.server.admin.pool.size = 6
    chat.server.boshUrl = http://<openfire_host>:7070/http-bind/
    chat.server.domain =   <xmpp.domain value from Openfire>

4

Run the netstat command.

At the command line, run the following command:

netstat -an | find <somePort>

We recommend running this command when the service is down. By running this command, you can verify if the port is not in use. Start the service and confirm that your system is listening.

Check the server.xml file to see the ports Tomcat is configured to use, and check the ports configured in the Openfire Admin console.

5

Configure SSL

When Smart IT is configured to use SSL, the Openfire should also use SSL. If SSL does not work for the Openfire server, perform the follow steps:

  1. Obtain a valid, signed certificate from a trusted certificate authority (CA).
    The certificate can be in any format, such as .pem.cer, or .crt.
  2. Import the certificate provided by the CA. Perform the following steps for all Openfire nodes, if installed in a cluster.
  3. Import the signed root certificate and private key to the Openfire keystore, located by default in <Openfire_installation_directory>/resources/security/keystore.
  4. Import the Smart IT server certificate to the Openfire truststore, located by default in <Openfire_installation_directory>/resources/security/truststore.
  5. Also, import the Smart IT certificate to the client.truststore, if available.
    This step is required for the SSL handshake between Openfire and Smart IT that is used for mutual authentication. 
  6. Import the Openfire root certificate to the installed JRE location used by Smart IT for the mutual handshake: <JRE_installation_directory>/lib/security/cacerts.
  7. Change the boshURL in Centralized configuration to https
  8. From the Openfire Admin Console, navigate to Server > Server Manager > System Properties.
  9. Change the provider.auth.authResource property to https://<Smart_IT_host>:<Smart_IT_port>/ux/rest/users/chat/
     Example: https://smartit-vm2.calbro.com:8443/ux/rest/users/chat/
  10. Restart the Openfire service. 
  11. Restart the Smart IT service.

Note: If SSL is enabled on the Openfire server, ensure that Smart IT runs on https as well.

6

Enable Openfire clustering by using the HazelCast plugin

Clustering is used when Openfire is installed on more than one server.

  1. Install the Hazelcast plugin on all the servers.

  2. To add members, edit the hazelcast-local-config.xml file on all the servers in the cluster.

    <join>
         <multicast enabled="false"/>
         <tcp-ip enabled="true">
           <member>smart1.risd.org:5701</member>      
           <member>smart2.risd.org:5701</member>
          </tcp-ip>
    </join>
  3. Restart the Openfire service on all the servers.
  4. After the Hazelcast plugin has been deployed on each of the servers, use the radio button controls located on the Clustering page in the Admin console to activate or enable the cluster. 

    You only need to enable clustering once. The change is propagated to the other servers automatically. After refreshing the Clustering page, you should be able to see all servers that have successfully joined the cluster.

Resolutions for common issues

 After you determine a specific symptom or error message, use the following table to identify the solution:

Symptom

Cause

Action

  • Chat is not available for users in Smart IT.
  • When users log into Smart IT, they see a red dot instead of the chat icon.

The boshURL parameter has an invalid value.

  1. In the Centralized-configuration, specify the Openfire Server in the boshURL.
  2. Restart Openfire and Smart IT Tomcat.

Hazelcast for cluster does not work.

Port 5701 is not open.

Open port 5701 on the firewall and check the cluster servers.

When users log into Smart IT, they are unable to see the chat icon.

Smart IT might be using https via a Load Balancer. Openfire has not been configured to use SSL, but since the Smart IT connection is via SSL, the connection to Openfire ideally should also use SSL. By default, browsers block mixed content, that is, attempts to connect to a non-SSL service from an SSL service.

  • Configure Openfire to use SSL.
  • Configure an SSL port on the load balancer for Openfire, which directs traffic to or from Openfire using http.
    • Open port 7070 on the load balancer to accept HTTPS traffic from the user’s browser and direct to Openfire port 7070 as http.
    • Ensure that session persistence is enabled for this port.
    • In the Openfire Admin console, go to System Properties. Set provider.auth.authResource to http://<SmartITServer>:<port>:/ux/rest/users/chat
      Note: If this connection is to use https, import a suitable certificate into the Openfire truststore.
    • Ensure that the xmpp.domain property in Openfire System Properties matches the chat.server.domain parameter in the Centralized configuration.
    • Set the chat.server.boshUrl to https://<load_balancer_name>:7070/http-bind/
      This is the URL the user’s browser uses to connect to Openfire via the load balancer using SSL.`

The chat icon is not displayed in Smart IT configured to work on SSL.


  • Openfire port 7444 is not open for inbound connections to the Smart IT or Openfire machine.
  • The HTTP and HTTPS ports for client connections in Openfire are both set to 5222.
  1. Check if the boshURL parameter in Centralized configuration is set correctly as
    https://<Smart-it server>:7444/http-bind/.
  2. Check if the URL https://<Smart-it server>:7444 and http://<Smart-it server>:7070 is accessible from client browser (Check on Internet Explorer as well as Chrome browser).
    Note: Override a certificate warning if the certificate is self-signed.
  3. If the preceding URLs are accessible, it indicates that Openfire port 7444 is not open for inbound connections and the port needs to be opened.
  4. Check if the Openfire logs include this error for port 5222: bind failed: Address already in use.
    This error is because the HTTP and HTTPS ports for client connections in Openfire are both set to 5222. Changing the SSL port to 5223 resolves the issue.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*