#177 Connection drops after a few hours

closed-works-for-me
nobody
None
5
2012-12-21
2012-10-25
DanD
No

Greetings,

I'm having an issue where Pidgin running on 12.10 Ubuntu drops the connection to the company's 2010 Lync server. The connection is made when Pidgin is started and works for many hours, then the connection drops and have to manually re-enable the connection. It give an Authentication Error message, but the account's password is ok. As far as I know, there are no networking issues on the ubuntu desktop or the company's Lync server.

The issue seems very similar to http://sourceforge.net/tracker/index.php?func=detail&aid=3090663&group_id=194563&atid=949931

The Pidgin build info is in the debug file as well as my user agent from my Lync client. I've tried the user agent in Pidgin and without to the same effect.

The error happens at 13:30:21 in the attached log. Here's the excerpt:
(13:30:21) stun: using server
(13:30:21) stun: using server
(13:30:21) connection: Connection error on 0x7f143acdda50 (reason: 2 description: Authentication failed)
(13:30:21) account: Disconnecting account me@company.com, (0x7f143a15cdc0)
(13:30:21) connection: Disconnecting connection 0x7f143acdda50
(13:30:21) idle: Setting me@company.com, unidle
(13:30:21) connection: Deactivating keepalive.
(13:30:22) stun: using server
(13:30:22) stun: using server
(13:30:22) stun: using server
(13:30:22) stun: using server
(13:30:22) stun: using server
(13:30:22) connection: Destroying connection 0x7f143acdda50

Many Thanks!
Dan

Discussion

  • DanD

    DanD - 2012-10-25

    debug log

     
  • Stefan Becker

    Stefan Becker - 2012-10-26

    Pidgin has been executed without the --debug option and therefore the debug log is useless. Best guess is that re-authentication, which happens periodically after a few hours, failed for some reason.

    Please attach the complete log. Make sure it doesn't contain your password.

     
  • DanD

    DanD - 2012-10-26

    Doh!! I'll launch it with the option and report back. Thanks again for looking at this!

     
  • DanD

    DanD - 2012-10-26
    • priority: 5 --> 2
     
  • DanD

    DanD - 2012-11-03
    • priority: 2 --> 5
     
  • DanD

    DanD - 2012-11-03

    Hi Stefan,

    I wasn't logging because I was using an external script to launch pidgin. Do you still recommend to use the following for pidgin?

    Now the script is looking like the following to catch the --debug arg.

    #!/bin/sh
    NSS_SSL_CBC_RANDOM_IV=0
    export NSS_SSL_CBC_RANDOM_IV
    pidgin $*

    I'll post back again when I catch the drop, thanks for your patience.

     
  • DanD

    DanD - 2012-11-20

    Trying to attach the debug log

     
  • DanD

    DanD - 2012-11-20

    full debug log - connection drops at about 11:03 AM

     
  • Stefan Becker

    Stefan Becker - 2012-11-21

    Thanks.

    Log shows a TLS-DSK setup and that the usual re-register attempt after 2 hours is rejected with

    reason="Final handshake failed";HRESULT="0xC3E93EDF(SIP_E_AUTH_STALE_SA)"

    Best guess is that the certificate is only valid for 2 hours. That would be the first installation where it is valid less than the usual 8 hour re-authentication period. I'll have to make a more detailed analysis.

     
  • Stefan Becker

    Stefan Becker - 2012-11-21

    Interesting: [MS-SIPAE] Section 3.2.2 Timers

    ... For an SA established using the TLS-DSK authentication protocol, the client MUST retrieve the expiration time of its certificate. The expiration timer value is the lesser of the interval to the certificate expiration and eight hours, ...

    Looking in the log at the certificate that has been generated for TLS-DSK by the CertProv service:

    MESSAGE START <<<<<<<<<< HTTP - 2012-11-20T16:02:57.548043Z
    Validity
    Not Before: Nov 20 16:02:56 2012 GMT
    Not After : May 19 16:02:56 2013 GMT

    The certificate is valid for 6 months but your Lync server expires the Security Association already after 2 hours. So even I implement what is said in [MS-SIPAE] section 3.2.2 it would still fail for your case. I guess another misconfigured OCS/Lync installation :-(

     
  • Stefan Becker

    Stefan Becker - 2012-11-21

    Fixed in commit 03dce92. Please fetch git HEAD, compile and retry.

    It would be nice if you could keep a --debug log running and make sure that the original error situation happens again and this time it is handled correctly. You should see the following message in the log:

    process_register_response: RE-REGISTER rejected, triggering re-authentication

     
  • DanD

    DanD - 2012-11-21

    Thanks for the quick fix! I'll figure out howto fetch from the git and compile and post my results.

     
  • DanD

    DanD - 2012-12-21

    Hi Stefanb2, I didn't get a chance to get the git version, but I did just get the update from the PPA and have been running very smoothly the past few days. Thanks for the fix!

     
  • DanD

    DanD - 2012-12-21
    • status: open --> closed-works-for-me
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks