Jicofo sends 403 access denied by service policy

Hi,
Unfortunatly I get conference.focusDisconnected when I try to join a room and a lot of 403 messages in websocket xmpp messages. This is the full log.

jitsi meet client:

2021-04-20T07:54:04.948Z [conference.js] <ee._onConferenceFailed>: CONFERENCE FAILED: conference.focusDisconnected focus.mydomain.com
jicofo:

jicofo logs:

Summary

Jicofo 2021-04-20 12:04:01.494 INFO: [1] Main.main#65: Starting Jicofo.

Jicofo 2021-04-20 12:04:01.804 INFO: [1] JitsiConfig.#47: Initialized newConfig: merge of ./jicofo.conf: 1,system properties,reference.conf @ jar:file:/jicofo-1.1-SNAPSHOT/jicofo.jar!/reference.conf: 1

Jicofo 2021-04-20 12:04:01.807 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#40: net.java.sip.communicator.SC_HOME_DIR_LOCATION not set

Jicofo 2021-04-20 12:04:01.808 INFO: [1] JitsiConfig.#68: Initialized legacyConfig: sip communicator props (no description provided)

Jicofo 2021-04-20 12:04:01.808 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).

Jicofo 2021-04-20 12:04:02.527 WARNING: [1] [xmpp_connection=client] XmppProviderImpl.createXmppConnection#167: Disabling TLS certificate verification!

Jicofo 2021-04-20 12:04:02.574 INFO: [1] XmppServices.#40: No dedicated Service XMPP connection configured, re-using the client XMPP connection.

Jicofo 2021-04-20 12:04:02.643 INFO: [1] BridgeSelector.#79: Using org.jitsi.jicofo.bridge.SingleBridgeSelectionStrategy

Jicofo 2021-04-20 12:04:02.652 INFO: [1] [type=bridge brewery=jvbbrewery] BaseBrewery.#101: Initialized with JID=jvbbrewery@internal.auth.mydomain.com

Jicofo 2021-04-20 12:04:02.748 INFO: [12] [xmpp_connection=client] XmppProviderImpl.doConnect#204: Connected, JID= null

Jicofo 2021-04-20 12:04:02.947 WARNING: [16] org.jivesoftware.smackx.muc.MultiUserChat$3.processStanza: Presence not from a full JID: jvbbrewery@internal.auth.mydomain.com

Jicofo 2021-04-20 12:04:02.965 WARNING: [16] org.jivesoftware.smackx.muc.MultiUserChat$3.processStanza: Presence not from a full JID: jvbbrewery@internal.auth.mydomain.com

Jicofo 2021-04-20 12:04:02.970 INFO: [12] [type=bridge brewery=jvbbrewery] BaseBrewery.start#172: Joined the room.

Jicofo 2021-04-20 12:04:02.971 INFO: [12] [xmpp_connection=client] XmppProviderImpl.fireRegistrationStateChanged#330: Set replyTimeout=PT15S

Jicofo 2021-04-20 12:04:03.043 INFO: [1] FocusManager.start#143: Initialized octoId=1234

Jicofo 2021-04-20 12:04:03.056 INFO: [1] JicofoServices.createAuthenticationAuthority#191: Starting authentication service with config=AuthConfig[enabled=true, type=XMPP, loginUrl=ejabberd, logoutUrl=null, authenticationLifetime=PT24H, enableAutoLogin=true].

Jicofo 2021-04-20 12:04:03.059 INFO: [1] AbstractAuthAuthority.#112: Authentication lifetime: PT24H

Jicofo 2021-04-20 12:04:03.066 INFO: [1] IqHandler.init#93: Registering IQ handlers with XmppConnection.

Jicofo 2021-04-20 12:04:03.071 INFO: [1] JicofoServices.#153: Starting HTTP server with config: host=null, port=8888, tlsPort=8843, isTls=false, keyStorePath=null.

Jicofo 2021-04-20 12:04:03.140 INFO: [1] org.eclipse.jetty.util.log.Log.initialized: Logging initialized @1969ms to org.eclipse.jetty.util.log.Slf4jLog

Jicofo 2021-04-20 12:04:03.290 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.35.v20201120; built: 2020-11-20T21:17:03.964Z; git: bdc54f03a5e0a7e280fab27f55c3c75ee8da89fb; jvm 1.8.0_282-b08

Jicofo 2021-04-20 12:04:03.922 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.

Jicofo 2021-04-20 12:04:04.286 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@5ac6c4f2{/,null,AVAILABLE}

Jicofo 2021-04-20 12:04:04.315 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@42b64ab8{HTTP/1.1, (http/1.1)}{0.0.0.0:8888}

Jicofo 2021-04-20 12:04:04.316 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @3146ms

Jicofo 2021-04-20 12:04:10.870 INFO: [16] [type=bridge brewery=jvbbrewery] BaseBrewery.addInstance#338: Added brewery instance: jvbbrewery@internal.auth.mydomain.com/jvb1

Jicofo 2021-04-20 12:04:10.884 INFO: [16] BridgeSelector.addJvbAddress#118: Added new videobridge: Bridge[jid=jvbbrewery@internal.auth.mydomain.com/jvb1, relayId=null, region=null, stress=0.00]

Jicofo 2021-04-20 12:04:10.885 INFO: [16] JvbDoctor.addBridge#140: Scheduled health-check task for: jvbbrewery@internal.auth.mydomain.com/jvb1

These are the websocket messages:

<iq xmlns='jabber:client' xml:lang='en' to='cfc3d02d-ccad-4352-be97-b73954f59ee97f5e0d60-ca6d-4dcd-ad0e-36a82974eaf3idmowobt32ivf2icga@mydomain.com/18615075054396656653234' from='focus.mydomain.com' type='error' id='ddb302b7-c093-4dae-919d-292b6ddb5fac:sendIQ'><conference xmlns='http://jitsi.org/protocol/focus' machine-uid='58eb0c649fb437058649e682e955b3e1' room='7f5e0d60-ca6d-4dcd-ad0e-36a82974eaf3@conference.mydomain.com' session-id='27ad2468-1ca2-40b1-84cc-7fc77b7232fb'><property name='call_control' value='callcontrol.mydomain.com'/><property name='disableRtx' value='false'/><property name='enableLipSync' value='false'/><property name='openSctp' value='false'/><property name='startAudioMuted' value='10'/></conference><error code='403' type='auth'><forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Access denied by service policy</text></error></iq>

I get a lot of <error code='403' type='auth'> <forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas' /> <text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Access denied by service policy</text> </error> messages while try to send set messages to xmpp server. Also Jicofo doesn’t log anything after scheduleing health check on jvb.

I have deployed jicofo from commit: GitHub - jitsi/jicofo at adaedbfd013e14462f53f7ffe616a3a186a26d51

Can anyone help?

There are certain configs done when you upgrade jicofo through debian packages. I think your jicofo is misconfigured.

Thanks you for the reply.
I have changed my XMPP server from Prosody so something else. Is it possible to still register the Jicofo as a component via some configuration or something else?

Nope, latest master does not use component just the user connection.