- Topics: Active | Unanswered
#1 2021-04-06 06:12:45
- pompert
Adobe Connect disconnection with users
Hello,
I am working on Adobe Connect 11.
I am having Adobe Connect disconnection problems with users.
In the "MasterLog_9999.log" file of connect, I have the following messages:
(error): Failed to AddListeningUrl for adobeconnect error = 183
(error): Failed to AddListeningUrl for Adobe Connect server IP error = 1214
(error): Failed to AddListeningUrl for RTMP server IP Adobe Connect error = 1214
(error): Failed to AddListeningUrl for ACTS Adobe Connect server IP error = 1214
The ACS, ACTS, AMAS, AMS services are well started.
---
I have configured in the '"custom.ini" file:
ADMIN_PROTOCOL = https: //
SSl_ONLY = yes
RTMP:
DEFAULT_FCS_HOSTPORT =: 1935,9002,443
RTMP_SEQUENCE = rtmps: // external-host: 1935 /? Rtmp: // localhost: 8506 /, rtmps: // external-host: 9002 /? Rtmp: // localhost: 8506 /, rtmps: // external-host: 443 /? Rtmp: // localhost: 8506 /
ACTS:
ACTS_ADMIN_PORT = 8080
ACTS_PROTOCOL = wss: 443
and
in the "stunnel.conf" file the following elements and the rtmps, acts and https sections:
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
options = NO_SSLv2
options = NO_SSLv3
renegotiation = no
; Disable FIPS mode to allow non-approved protocols and algorithms
fips = no
; Some performance tunings
socket = l: TCP_NODELAY = 1
socket = r: TCP_NODELAY = 1
TIMEOUTclose = 0
options = DONT_INSERT_EMPTY_FRAGMENTS
options = CIPHER_SERVER_PREFERENCE
[rtmps-vip]
accept = IP2: 443
connect = 127.0.0.1:1935
; Certificate information for Connect.
; This assumes you put the cert and key in the root folder of stunnel
cert = adobeconnect-rtmp.crt
key = adobeconnect-rtmp.key
ciphers = ALL:! ADH:! LOW:! EXP:! MD5: @STRENGTH
[acts]
accept = IP3: 443
; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1
connect = 127.0.0.1:9002
; Certificate information for Connect.
; This assumes you put the cert and key in the root folder of stunnel
cert = adobeconnect-acts.crt
key = adobeconnect-acts.key
ciphers = ALL:! ADH:! LOW:! EXP:! MD5: @STRENGTH
[https-vip]
; incoming vip for https (This is to secure Web)
; ip address that resolves to the ConnectProHost (Web App FQDN).
; listens on port 443
accept = IP1: 443
; When stunnel is on the same box, simply leave the below IP address as 127.0.0.1
; send the unecrypted request to port 8443
connect = 127.0.0.1:8443
; Certificate information for Connect.
; This assumes you put the cert and key in the root folder of stunnel
cert = adobeconnect.crt
key = adobeconnect.key
ciphers = ALL:! ADH:! LOW:! EXP:! MD5: @STRENGTH
---
Besides, I have a surprising HTTP header error in the "catalina.log" file under tomcat:
http-80-19 (INFO) Error parsing an HTTP request header Note: The following occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP names must be "tokens".
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:418) ~[tomcat-coyote.jar:9.0.35]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260) ~[tomcat-coyote.jar:9.0.35]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.35]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) ~[tomcat-coyote.jar:9.0.35]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) ~[tomcat-coyote.jar:9.0.35]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.35]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_251]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_251]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.35]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_251]
Thank you for your collaboration.
Best regards,
Offline
#2 2021-04-06 10:47:37
- Jorma_at_CoSo
Re: Adobe Connect disconnection with users
Pompert,
There are a few items here that are likely causing the issues.
,
custom.ini
First, remove the spaces in the lines on this file.
You should be able to drop the DEFAULT_FCS_HOSTPORT=1935,9002,443. It is a old line that isn't needed and your ports are not correct. It would be 1935,9002,8443, but those are the defaults so listing them in the custom.ini is just file bloat.
Your RTMP_SEQUENCE is just going to break. If you want the meetings to Connect with RTMPS it will be over port 443. You can force it by putting the line as RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506. If you wanted to have RTMP you could add that before or after the RTMPS option, depending on if you wanted RTMP or RTMPS as the fall back. RTMPS and then RTMP would like like this RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506,rtmp://external-host:1935/?rtmp://localhost:8506.
For the ACTS configuration, I'd just have ACTS_PROTOCOL=wss:443. The admin port should be left as default.
To give a full picture, I'd have this in the custom.ini
ADMIN_PROTOCOL=https://
SSL_ONLY=yes
HTTPS_PORT=8443
RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506
ACTS_PROTOCOL=wss:443
stunnel.conf
This looks good. If Stunnel isn't throwing errors, I'd probably look at Connect first.
Offline
#3 2021-04-07 09:12:56
- pompert
Re: Adobe Connect disconnection with users
Hello,
Thank for your answer and help.
---
I have an error in the "MasterLog_9999.log" connect log file:
Error
[2021-04-07 11: 25: 07.658544] [0x00000f84] (error): Failed to AddListeningUrl for adobeconnect error = 183
and
Correct
[2021-04-07 11: 25: 07.658544] [0x00000f84] (info): listening to IP1 - adobe connect server
[2021-04-07 11: 25: 07.658544] [0x00000f84] (info): listening to IP2 - rtmp server
[2021-04-07 11: 25: 07.658544] [0x00000f84] (info): listening to IP3 - acts server
Why a "Failed to AddListeningUrl for adobeconnect error = 183" error?
---
In the stunnel log file I have the following errors:
2021.04.06 03:37:48 LOG3 [364]: SSL_accept: ssl / statem / statem_srvr.c: 1666: error: 1420918C: SSL routines: tls_early_post_process_client_hello: version too low
2021.04.07 11:42:09 LOG3 [80]: SSL_accept: ssl / statem / statem_srvr.c: 1760: error: 142090C1: SSL routines: tls_early_post_process_client_hello: no shared cipher
2021.04.07 11:42:10 LOG3 [81]: SSL_accept: ssl / statem / extensions_srvr.c: 692: error: 141CF06C: SSL routines: tls_parse_ctos_key_share: bad key share
2021.04.07 13:22:47 LOG3 [345]: SSL_accept: ssl / record / ssl3_record.c: 331: error: 1408F10B: SSL routines: ssl3_get_record: wrong version number
2021.04.07 13:59:54 LOG3 [389]: SSL_accept: ssl / record / rec_layer_s3.c: 1535: error: 14094416: SSL routines: ssl3_read_bytes: sslv3 alert certificate unknown
I have a lot of mistakes !
...
For the stunnel.conf configuration, there are:
sslVersion = all
options = NO_SSLv2
options = NO_SSLv3
Why is the version too low since we don't take SSL ?
Do I need an SSL version ?
I installed an STunnel 5.56 version on the server.
Do I need to install a more recent version ?
Thank you in advance for your help.
Best regards,
Offline
#4 2021-04-08 16:58:19
- Jorma_at_CoSo
Re: Adobe Connect disconnection with users
You'd need to talk to the Adobe Support team to sort out what the 183 error code is.
If your Stunnel logs are showing those errors, then that could lead to errors in Connect that is expecting Stunnel to be working. It looks like there may be an issue with your SSL certificate and key based on the errors you show. Make sure that they are in the location you want and that the file path is correctly placed in the stunnel.conf file. I think it is easier to put the full file location, rather than placing it in the root folder of Stunnel. That way I can have a specific certificates location to mange.
Offline
#5 2021-04-09 09:02:46
- pompert
Re: Adobe Connect disconnection with users
Hello,
Thank you for your reply.
I updated STunnel from 5.56 to 5.59.
I already had the following log stunnel information :
The recognitions of the rtmp, acts and adobeconnect keys are correct :
Date Time LOG6 [main]: Initializing service [rtmps-vip]
Date Time LOG6 [main]: stunnel default security level set: 2
Date Time LOG6 [main]: Loading certificate from file: adobeconnect-rtmp_univ-tlse3_fr.crt
Date Time LOG6 [main]: Certificate loaded from file: adobeconnect-rtmp_univ-tlse3_fr.crt
Date Time LOG6 [main]: Loading private key from file: adobeconnect-rtmp_univ-tlse3_en.key
Date Time LOG6 [main]: Private key loaded from file: adobeconnect-rtmp_univ-tlse3_en.key
Date Time LOG6 [main]: Initializing service [acts]
Date Time LOG6 [main]: stunnel default security level set: 2
Date Time LOG6 [main]: Loading certificate from file: adobeconnect-acts_univ-tlse3_fr.crt
Date Time LOG6 [main]: Certificate loaded from file: adobeconnect-acts_univ-tlse3_fr.crt
Date Time LOG6 [main]: Loading private key from file: adobeconnect-acts_univ-tlse3_en.key
Date Time LOG6 [main]: Private key loaded from file: adobeconnect-acts_univ-tlse3_en.key
Date Time LOG6 [main]: Initializing service [https-vip]
Date Time LOG6 [main]: stunnel default security level set: 2
Date Time LOG6 [main]: Loading certificate from file: adobeconnect_univ-tlse3_fr.crt
Date Time LOG6 [main]: Certificate loaded from file: adobeconnect_univ-tlse3_fr.crt
Date Time LOG6 [main]: Loading private key from file: adobeconnect_univ-tlse3_fr.key
Date Time LOG6 [main]: Private key loaded from file: adobeconnect_univ-tlse3_en.key
Valid links with the 3 servers
Configuration successful
Date Time LOG6 [main]: Service [rtmps-vip] (FD = 520) bound to IP2: 443
Date Time LOG6 [main]: Service [acts] (FD = 504) bound to IP3: 443
Date Time LOG6 [main]: Service [https-vip] (FD = 540) bound to IP1: 443
I only have this error message:
Date Time LOG3 [416]: SSL_accept: ssl / record / ssl3_record.c: 331: error: 1408F10B: SSL routines: ssl3_get_record: wrong version number
Best regards,
Offline