Jigasi not working - failed to connect with xmpp service

Hi everyone.
I am new to jitsi world. Conference is working fine in my setup. I am able to create users who will be allowed to create a conference.
I have been asked to give a sample demonstration of jitsi integration with our already setup SIP infrastructure. I installed jitsi-meet (and jigasi too) using the self-hosting guide
https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-quickstart
Currently I can’t change the SIP server to create custom SIP tags for joining a particular conference room, so i am using the default jvb room configuration.
I am unable to make any dial-in or dial-out calls to a subscriber. On incoming call, the setup is replying with SIP-RINGING message, but nothing is coming on my default jvb conference room. Dial-out is failing straight-away with message “Failed to add participants”.
On checking logs, i found out that Jigasi is unable to connect to xmpp service with the following error on starting the jigasi service:

SEVERE: [48] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service

the full file log is attached:
jigasi.log (46.5 KB)

the prosody and jigasi configurations are also attached. (i am not using any DNS, it is a private network which will be used for demo)
192.168.12.20.cfg.lua.txt (4.3 KB)
sip-communicator.properties.txt (14.3 KB)

I am assuming this has something to do with my jigasi configurations, especially with xmpp authentication related.

Also, can someone please tell the difference between

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID/PASSWORD

and

org.jitsi.jigasi.xmpp.acc.USER_ID/PASS

Thanks in advance.

One mistake in my configurations i was able to find out. According to @damencho reply:
[Cannot make or receive a SIP call via Jigasi in "secure domain" setup; looks like a certificate issue? - #8 by damencho]
The jigasi userid for xmpp registeration should be of the type jigasi@auth.domain.com. I have updated the same in my sip-communicator.properties file. A new exception comes now while making or receiving call to sip subscriber:

SEVERE: [81] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS]. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].

Apart from this

SunCertPathBuilderException: unable to find valid certification path to requested target

exception also comes. I have set
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

Try this

Hi @damencho, Thanks for helping out.
I tried it, but still the same exception comes while making call.

According to your answer here
https://community.jitsi.org/t/jigasi-failing-to-dial/71684/77?u=sitlate

i commented out
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BOSH_URL_PATTERN

The certificate error doesn’t come now, though the following error is still coming:

SEVERE: [81] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS]. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].

Also, should i be able to create a conference room, if I use the jigasi credentials for xmpp? I am not able to currently.
I tried making an outgoing sip call from a conference, below are the logs for that. Also the jigasi configuration.

jigasi.log (46.9 KB)
sip-communicator.properties.txt (14.2 KB)

I created the jigasi user on prosody with command:

prosodyctl register jigasi auth.my-domain.com some_password

in the sip-communicator.properties for jigasi, i added

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.my-domain.com
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=<base64_encoded<some_password>>
org.jitsi.jigasi.xmpp.acc.USER_ID=jigasi@auth.my-domain.com
org.jitsi.jigasi.xmpp.acc.PASS=some_password

Is this the correct configuration?
I am not able to create a conference room using jigasi as username and some_pass as password.

But,
if i create the jigasi(or any other) user with command

prosodyctl register jigasi my-domain.com some_other_password

(“my-domain.com”, not “auth.my-domain.com”), I am able to create the conference room with same credentials. Does this help in debugging?

When you have this, is jigasi connecting to the control room?

These are the credentials for the client connection, if your server is using secure domain you need there my-domain.com not auth.my-domain.com

Yes, i believe so, because when i keep this configuration, jigasi logs print

INFO: [47] org.jitsi.jigasi.xmpp.CallControlMucActivator.joinCommonRoom().291 Joining call control room: JigasiBrewery@internal.auth.my-domain.com pps:ProtocolProviderServiceJabberImpl(Jabber:jigasi@auth.my-domain.com)
INFO: [58] impl.protocol.jabber.ChatRoomJabberImpl.joined().1361 jigasibrewery@internal.auth.my-domain.com/focus has joined the jigasibrewery@internal.auth.my-domain.com chat room.

OK. I am using secure domain, so i changed it to my-domain.com. But there was no effect on the error.

For dial-in and dial-out both times, same error is coming:
Server supports PLAIN, SCRAM-SHA1, SCRAM-SHA-1-PLUS, while enabled sasl mechanism is ANONYMOUS.

I am attaching the logs for one outgoing and one incoming call made.
jigasi.log (50.9 KB)

Also my new jigasi and prosody properties
sip-communicator.properties.txt (14.2 KB)
my-domain.com.lua.txt (4.3 KB)

In several places you use the internal address instead of the domain why is that? Fix that and try again.

Hi @damencho
Sorry for that, I can see how my comments were misleading. I don’t have a DNS setup. Rather the whole jitsi setup (jvb, jicofo, jigasi, prosody) are in same machine with a static IP address - 192.168.12.20. Only the SIP server has a separate address - 192.168.12.22. Sorry for this confusion.
This setup is just for displaying the jitsi integration with our SIP architecture.

You need to uncomment
org.jitsi.jigasi.xmpp.acc.USER_ID
org.jitsi.jigasi.xmpp.acc.PASS
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH

Oh. I had originally done the same.
I was observing logs while i commented these lines. The error is same whether i comment or uncomment these lines. “Server supports PLAIN, SCRAM-SHA1, SCRAM-SHA-1-PLUS, while enabled sasl mechanism is ANONYMOUS.”
I am thinking maybe these credentials have some problem. but i have deleted and created the account again on prosody using prosodyctl. It is not having any effect.

Is prosody listening on that private IP?
Edit: it must be, as you can join meetings. Ignore this.

A tip: Even if one has no dns setup, you can use hosts file(in both windows and Linux), create your local dns, and install using that, instead of IP.

@damencho I reinstalled it. I purged the installation and did just the minimal changes. Now it seems to work. Maybe earlier i changed something i am not supposed to.
For the working setup, i did following changes:

Commented:
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BOSH_URL_PATTERN

Uncommented:
org.jitsi.jigasi.xmpp.acc.USER_ID
org.jitsi.jigasi.xmpp.acc.PASS
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true

Outgoing and incoming SIP calls works now. Through an exception is still coming both times (attached logs for reference - with updated static ip:192.168.12.200):

SEVERE: [84] org.jitsi.jigasi.JvbConference.inviteFocus().1734 [ctx=1622182383031799774577] Could not invite the focus to the conference
jigasi.log (58.3 KB)

I am sorry for taking up so much of your time. I still have one doubt about this property:

net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD

I didn’t change this property. When i decode the value of this Base64 encoded string, i get an unknown string. Which password is this? and where can we configure it?

Hi @Prashanth
Thanks for the tip. For now i have installed jitsi and it seems to be working fine. But i will make sure for the next installation I will use domain names rather than static IPs.

You do not need to change it. It is the sip user name and password you entered.

For verifying, encode your sip password and compare. It should be same.

Decoding it should show your password though! A little strange…!

Note: echo adds a new line character… you should use ‘echo -n…’

@Prashanth There is already one property with SIP account Password required for registration with SIP server:
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD
which when i decoded gives the correct SIP account Password.

Does
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD also require the same SIP password(base64 encoded)?

This is the jigasi user at auth.domain.com used to connect to the brewery room so participants can do outbound calls

Thanks for clearing that up @damencho