Jitsi works for two but not for three

Sorry to bother.

I have installed a jitsi server that works fine P2P but when a third user joins the video and sound is switched off so each one of us only sees him/herself. Only the chat continues to work.

Configuration

  • Jitsi is installed on a pc behind a NAT (Livebox Orange in France) using the quick install method
  • Server is an Apache2
  • System is Debian Buster
  • The site-enabled conf file was automatically written on install

Ports

Here are the ports open

Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name    
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1022/java           
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      1311/lua5.2         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      775/sshd            
tcp        0      0 127.0.0.1:4822          0.0.0.0:*               LISTEN      777/guacd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      657/cupsd           
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      699/java            
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      895/postgres        
tcp        0      0 127.0.0.1:5433          0.0.0.0:*               LISTEN      894/postgres        
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      2470/dropbox        
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      2470/dropbox        
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      1311/lua5.2         
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      2470/dropbox        
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      1311/lua5.2         
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      1022/java           
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      1311/lua5.2         
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      963/mysqld          
tcp6       0      0 :::80                   :::*                    LISTEN      811/apache2         
tcp6       0      0 :::5269                 :::*                    LISTEN      1311/lua5.2         
tcp6       0      0 :::22                   :::*                    LISTEN      775/sshd            
tcp6       0      0 :::443                  :::*                    LISTEN      811/apache2         
tcp6       0      0 :::17500                :::*                    LISTEN      2470/dropbox        
tcp6       0      0 :::5280                 :::*                    LISTEN      1311/lua5.2         
tcp6       0      0 :::5222                 :::*                    LISTEN      1311/lua5.2         
udp        0      0 0.0.0.0:7460            0.0.0.0:*                           699/java            
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1826/dhclient       
udp        0      0 0.0.0.0:631             0.0.0.0:*                           692/cups-browsed    
udp        0      0 0.0.0.0:17500           0.0.0.0:*                           2470/dropbox        
udp        0      0 0.0.0.0:5000            0.0.0.0:*                           5349/java           
udp        0      0 224.0.0.251:5353        0.0.0.0:*                           7100/chromium --sho 
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           660/avahi-daemon: r 
udp        0      0 0.0.0.0:39755           0.0.0.0:*                           660/avahi-daemon: r 
udp6       0      0 192.x.x.x:10000      :::*                                5349/java           
udp6       0      0 :::5000                 :::*                                5349/java           
udp6       0      0 :::38080                :::*                                660/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                660/avahi-daemon: r 

I can’t figure why tcp6 and udp6 are here because I disabled ipv6 in the system.conf file

The sip-communicator-properties

it looks like this

#org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false
# The videobridge uses 443 by default with 4443 as a fallback, but since we're already
# running nginx on 443 in this example doc, we specify 4443 manually to avoid a race condition
#org.jitsi.videobridge.TCP_HARVESTER_PORT=4443

#org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=metivier.ddns.net
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.metivier.ddns.net
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=Y6KaPUMU
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.metivier.ddns.net
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=a703eb31-041c-4ba4-b699-c180900157f8
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.x.x.x
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=80.x.x.x

Using 4443 or 443 does not change anything

Logs

Eventually here are some logs

jvb

2020-06-16 18:03:26.366 WARNING: [1265] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1324)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1199)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:810)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:384)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:289)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1308)
	... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:379)
	... 22 more
2020-06-16 18:03:26.366 WARNING: [1265] [hostname=metivier.ddns.net id=shard] MucClient$1.connectionClosedOnError#295: Closed on error:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1324)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1199)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
	at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
	at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:810)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1071)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:384)
	at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:289)
	at java.base/sun.security.validator.Validator.validate(Validator.java:264)
	at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1308)
	... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
	at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:379)
	... 22 more
2020-06-16 18:03:27.442 INFO: [30] Videobridge.createConference#320: create_conf, id=6ef67104d6265073 gid=null logging=false
2020-06-16 18:03:27.446 INFO: [30] AbstractHealthCheckService.run#171: Performed a successful health check in PT0.004784S. Sticky failure: false

Jicofo

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.dom4j.io.SAXContentHandler (file:/usr/share/jicofo/lib/dom4j-1.6.1.jar) to method com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy.getEncoding()
WARNING: Please consider reporting this to the maintainers of org.dom4j.io.SAXContentHandler
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Thanks for any help
F

check if your access to port 10000 is working by (on the server)

sudo systemctl stop jitsi-videobridge2
nc -l 10000 -u

(on the client)

echo "123" | nc -u <your public address> 10000

you should see 123 appear on the server console.
If it does not appear, you have a network problem.
It also mean that your turn server is not working but that’s another story.

that’s strange because your IP address should be 86.x.x.x no ?

Your logs don’t seem particularly interesting to me, there are often strange and inconsequential errors in complicated softwares, that seem scary but are not always the real reason of the problem. The first one seems to show that you don’t have a good certificate for your web server but if it works with 2 users that’s probably not the issue.

1 Like