No video and sound with more than two participants

Hi Team!
I have a problem (i think it’s JVB Problem).
I installed Jitisi-Meet on a fresh Ubuntu 20.04.2 LTS on a hosted Server (Keyweb).
When i open a conference and a second person is joining this conference, Video and Sound are availible with very good qualitiy (i think Jitsi is useing P2P). When a third person is entering this conference, Video is only displayed on a small edge by every person self and Sound is muted on all participants. When the third person is leaving this conference, after a few seconds, Video and Sound is availible again. I think JVB is not working fine.
Browser Chrome and Android App are working fine, we tested this in meet.jit.si, here we can using with more than 2 persons a conference with Video and Sound.
Is there any point where i can start for looking this issue?
Thank you!
Regards Mercy

Check your firewall to make sure the necessary ports are open and properly forwarded. Check port 10000/UDP especially - make sure it’s open and forwarded if you’re behind a NAT.

Good Morning Freddie!
Thank you for your mail. Our server is directly reachable via IP v4 address and I opened these ports using UFW. Thus no NAT etc.
I read yesterday in a thread that maybe the video bridge is not addressed. Do you have an idea how I can check this? From the log file /etv/var/jitsi/jvb.log I can’t figure it out :frowning:
Best regards
Mercy!
UFW Ports

check your connectivity like this (it has been posted many times on this forum):

(server)
sudo systemctl stop jitsi-videobridge2
nc -l 10000 -u
(workstation)
echo "123" | nc -u (your public address) 10000

if it does not work go to your hoster console to manage the firewall.

Hi!
Thank you for your answer. The result is (1) via IP and (2) via FQDN!
This echo signs will displayed on Server.
Regards Mercy

UFW result

Check your jicofo log (/var/log/jitsi/jicofo.log) and jvb.log (/var/log/jitsi/jvb.log) for errors. If the problem is not clear, get these logs on your workstation, rename them to .txt and upload them with the upload button (up arrow). If they are too big, stop services, delete them, restart services, redo a test to get fresh logs.

Here are fresh log files. I can see some warnings but i have no idea :frowning:
Regards Mercyful

jicofo.log.txt (242.0 KB) jvb.log.txt (272.5 KB)

LOL your Jicofo log is full of SEVERE errors… Did you install adoptopenjdk by any chance ? If yes remove it and install openjdk-11 from your standard Ubuntu repository.

Hi!
When i am right than i have Ubuntu focal and openJDK 14 installed (our ISP did this)


Regards Mercyful

what a gory mess they did then. OpenJdk 14 should not have problem with certificates. It’s not officially supported anyway, so uninstall it and install jdk 11.

OK, I uninstalled openJDK-14 and installed openJDK-11. No change, P2P works but as soon as a third participant comes into the meeting, the picture and sound is gone.
Attached the LogFiles.

jicofo.log.txt (924.4 KB) jvb.log.txt (1.2 MB)

Are you by any chance using a self-signed certificate?

Hi Freddie!
Yes, i am using self-signed Certificate.
Regards Mercy

That’s likely where your problem lies. If you haven’t done too much customization on your server, I recommend reinstalling using letsencrypt. If that works fine, then you can work on using your self-signed cert, if you prefer.

did you (attempt to) manage yourself the certificates used by Prosody ? these self-signed certificates are normally created by the Jitsi-meet install process and are working fine. Some people try to replace these certificates with usually bad results.

I made a standard installation with this self-signed certificate procedure at installation.
How can i check which certifificate jitsi is using at this moment because there is a certificate from our hoster?
Regards Mercyful

openssl

** certificate for the nginx web server (from your workstation)

openssl s_client -connect yourpublichostname:443 -showcerts | openssl x509 -text

as I don’t use it I don’t remember exactly what are the properties for Jitsi-meet self signed certificate

** private certificate for jicofo (automatically generated by prosody install), from the server itself:

openssl s_client -connect localhost:5222 -starttls xmpp -showcerts | openssl x509 -text

You should see a 10-year certificate with Subject: CN = (yourhost).
If not the Prosody install is defective.
If yes, the Java installation is defective (Jicofo is a Java application)

What I find interesting is that if I display the certificate from the client. then the FQDN is correct <meet.example.com> and if I display the certificate from the server, then the FQDN is a different <notmeet.example.com>. But the host name is meet.example.com. The public key displayed on the client is 4096 bits and the one displayed on the server is 2048 bits.

show_from_client.txt (2.3 KB) show_from_server.txt (916 Bytes)

that’s not a problem. Let’s Encrypt certificate is a real ‘internet’ certificate, Prosody certificates are for internal use. Let’sEncryp certificate name is (should be) the real public name of your server, internal name (what’s in the hostname file) can be different (it’s better when it’s the same but after you have started with different names if you want to change the internal name you have to regenerate certificates for services such as Prosody).
Now it seems you have a valid certificate for your Prosody client service; if not going the Attila way, what’s the best way to test/fix Java part (Jicofo) ? there are elegant ways but I don’t remember them just now, try this crappy fix : add in jicofo.conf:

 xmpp {
    service {
    disable-certificate-verification = true
    }
 }

and restart it.

I hope you all had happy eastern!
I had installed a fresh Ubuntu 20.04 System on a root Server by another Provider.
I installed openJDK-11, configured UFW Firewall
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
10000/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
10000/udp (v6) ALLOW IN Anywhere (v6)
and installed Jitsi-Meet with this instructions

and got a certificate from Let’s encrypt CA.
So far so good. I saw no errors on the installation procedure.
I started a first time meeting with myself (only me in this meeting) and i have a video.
When a second person is joining this meeting, my video is off and from the second person it’s off, too.
I have a fresh logfile from jicofo and jvb uploaded.
I am at a loss and i hope anybody can help me to find a solution.
Regards Mercy
jicofo.log (40.4 KB)
jvb.log (34.2 KB)