Intel® Collaboration Suite for WebRTC
Community support and discussions on the Intel® Collaboration Suite for WebRTC (Intel® CS for WebRTC).

2.8 version Start Error

Artem_M_
New Contributor I
576 Views

Hello. We tryed to start version of MCU 2.8.

We used the same machine as with 2.5.  2.8. was just in new directory.

On start we recieved:

./Release-v2.8/bin/start-all.sh
starting nuve, stdout -> /home/oracle/Release-v2.8/logs/woogeen-nuve.stdout
2884
2901
2015-10-02 15:43:49.352  - INFO: RPC - Conected to rabbitMQ server
2015-10-02 15:43:49.354  - INFO: RPC - Exchange rpcExchange is open
2015-10-02 15:43:49.355  - INFO: RPC - Queue nuveQueue is open
2015-10-02 15:43:49.356  - INFO: RPC - ClientQueue amq.gen-q1Ig0xhxW2U6YrDGZfd4oQ is open
starting mcu, stdout -> /home/oracle/Release-v2.8/logs/woogeen-mcu.stdout
2015-10-02 15:43:55.185  - INFO: RPC - Exchange rpcExchange is open
2015-10-02 15:43:55.188  - INFO: RPC - ClientQueue amq.gen-i4yENeAQh9d062vaN-L9Cw is open
2015-10-02 15:43:55.333  - INFO: RPC - Queue erizoController_1 is open
2015-10-02 15:43:55.334  - INFO: ErizoController - server on
starting agent, stdout -> /home/oracle/Release-v2.8/logs/woogeen-agent.stdout
2015-10-02 15:43:56.213  - INFO: RPC - Exchange rpcExchange is open
2015-10-02 15:43:56.216  - INFO: RPC - ClientQueue amq.gen-fcTkttEuf6hxr6FhWVLaxw is open
2015-10-02 15:43:56.218  - INFO: ErizoAgent - Adding agent to cloudhandler, purpose: general-use
Running process
Running process
2015-10-02 15:43:56.233  - INFO: RPC - Queue ErizoAgent_2 is open
2015-10-02 15:43:56.234  - INFO: ErizoAgent - ErizoAgent rpcID: ErizoAgent_2
starting app, stdout -> /home/oracle/Release-v2.8/logs/woogeen-app.stdout
Failed to setup secured server: [Error: mac verify failure]

 

In attachement - logs files and woogen config file.

0 Kudos
10 Replies
Chunbo_H_Intel1
Employee
576 Views

In most case, "Error: mac verify failure" means that the node.js server wants to set up secure server with the pfx files, but the passphrase is invalid...

Are you using the same pfx files for both v2.5 and v2.8? Or just the sample from the package?

0 Kudos
Artem_M_
New Contributor I
576 Views

Yes, of cause we use the same as with 2.5, and with 2.1.... It's or wildcard certificate

0 Kudos
Chunbo_H_Intel1
Employee
576 Views

Hi Artem,

Any changes in the passphrase for this wildcard cert? Not sure about the root cause on your side.

Another way out is to try a new cert...

Thanks!

0 Kudos
Goran_J_
Beginner
576 Views

Hi there,

we are having the same issue. Our certificate is a wildcard exported from IIS of our platform (www.xplorify.net) in file xplorify.net.pfx. We have successfully imported in on another server with the corresponding passphrase. However we keep getting this error in the WebRTC suit.

Here is our woogeen_config.js

var config = {}

/*********************************************************
 COMMON CONFIGURATION
 It's used by Nuve, ErizoController, ErizoAgent and ErizoJS
**********************************************************/
config.rabbit = {};
config.rabbit.host = 'localhost'; //default value: 'localhost'
config.rabbit.port = 5672; //default value: 5672
config.logger = {};
config.logger.config_file = '../log4js_configuration.json'; //default value: "../log4js_configuration.json"

/*********************************************************
 CLOUD PROVIDER CONFIGURATION
 It's used by Nuve and ErizoController
**********************************************************/
config.cloudProvider = {};
config.cloudProvider.name = '';
//In Amazon Ec2 instances you can specify the zone host. By default is 'ec2.us-east-1a.amazonaws.com'
config.cloudProvider.host = '';
config.cloudProvider.accessKey = '';
config.cloudProvider.secretAccessKey = '';

/*********************************************************
 NUVE CONFIGURATION
**********************************************************/
config.nuve = {};
config.nuve.dataBaseURL = 'localhost/nuvedb'; // default value: 'localhost/nuvedb'
config.nuve.superserviceID = 'our_service_id'; // default value: ''
config.nuve.superserviceKey = 'our_service_key;
config.nuve.testErizoController = 'localhost:443'; // default value: 'localhost:8080'
config.nuve.ssl = true; //default value: false
config.nuve.keystorePath = 'our_certificate_path.pfx';

/*********************************************************
 ERIZO CONTROLLER CONFIGURATION
**********************************************************/
config.erizoController = {};

//Use undefined to run clients without Stun
config.erizoController.stunServerUrl = undefined; // default value: 'stun:stun.l.google.com:19302'

// Default and max video bandwidth parameters to be used by clients
config.erizoController.defaultVideoBW = 300; //default value: 300
config.erizoController.maxVideoBW = 4000; //max value: 4M

// Public erizoController IP for websockets (useful when behind NATs)
// Use '' to automatically get IP from the interface
config.erizoController.publicIP = 'our_IP'; //default value: ''
// Use '' to use the public IP address instead of a hostname
config.erizoController.hostname = ''; //default value: ''
config.erizoController.port = 443; //default value: 8080
// Use true if clients communicate with erizoController over SSL
config.erizoController.ssl = true; //default value: false
config.erizoController.keystorePath = 'our_certificate_path.pfx';

// Use the name of the inferface you want to bind to for websockets
// config.erizoController.networkInterface = 'eth1' // default value: undefined

//Use undefined to run clients without Turn
config.erizoController.turnServer = {}; // default value: undefined
config.erizoController.turnServer.url = 'turn:180.153.223.235:443?transport=tcp'; // default value: null
config.erizoController.turnServer.username = 'woogeen'; // default value: null
config.erizoController.turnServer.password = 'master'; // default value: null

config.erizoController.warning_n_rooms = 15; // default value: 15
config.erizoController.limit_n_rooms = 20; // default value: 20
config.erizoController.interval_time_keepAlive = 1000; // default value: 1000

// Roles to be used by services
config.erizoController.roles =
{"presenter": {"publish": true, "subscribe": true, "record": true},
    "viewer": {"subscribe": true},
    "viewerWithData": {"subscribe": true, "publish": {"audio": false, "video": false, "screen": false, "data": true}}}; // default value: {"presenter":{"publish": true, "subscribe":true, "record":true}, "viewer":{"subscribe":true}, "viewerWithData":{"subscribe":true, "publish":{"audio":false,"video":false,"screen":false,"data":true}}}

// If true, erizoController sends stats to rabbitMQ queue "stats_handler"
config.erizoController.sendStats = false; // default value: false

// If undefined, the path will be /tmp/
config.erizoController.recording_path = undefined; // default value: undefined

// If true, the streams from different clients in a room will be mixed by the media server.
config.erizoController.mixer = false;

// If true and the maxProcesses allows, the mixer will be run in a dedicated process.
config.erizoController.outOfProcessMixer = false;

/*********************************************************
 ERIZO AGENT CONFIGURATION
**********************************************************/
config.erizoAgent = {};

// Max processes that ErizoAgent can run
config.erizoAgent.maxProcesses    = 50; // default value: 13
// Number of precesses that ErizoAgent runs when it starts. Always lower than or equals to maxProcesses.
config.erizoAgent.prerunProcesses = 2; // default value: 2

/*********************************************************
 ERIZO JS CONFIGURATION
**********************************************************/
config.erizo = {};

//STUN server IP address and port to be used by the server.
//if '' is used, the address is discovered locally
config.erizo.stunserver = ''; // default value: ''
config.erizo.stunport = 0; // default value: 0

//note, this won't work with all versions of libnice. With 0 all the available ports are used
config.erizo.minport = 0; // default value: 0
config.erizo.maxport = 0; // default value: 0

// If true and the machine has the capability, the mixer will be accelerated by hardware graphic chips.
config.erizo.hardwareAccelerated = false;

// This configuration is only for software media engine. Hardware graphic acceleration provides H.264 by default.
// "true" means OpenH264 is deployed for H.264. Otherwise no support of H.264 in MCU.
config.erizo.openh264Enabled = true;

config.erizo.keystorePath = 'our_certificate_path.pfx';
/***** END *****/
// Following lines are always needed.
var module = module || {};
module.exports = config;

Here are the commands we run:

bin/initcert.js all` // with our passphrase

bin/start-all.sh

 

Here is the result:

2015-10-20 18:47:29.334  - INFO: RPC - Conected to rabbitMQ server
2015-10-20 18:47:29.339  - INFO: RPC - Exchange rpcExchange is open
2015-10-20 18:47:29.344  - INFO: RPC - Queue nuveQueue is open
2015-10-20 18:47:29.347  - INFO: RPC - ClientQueue amq.gen-pqV5U81yX6ocxhJGsWeOgQ is open
starting mcu, stdout -> /home/gjovanov/intel_webrtc/Release-v2.8/logs/woogeen-mcu.stdout
2015-10-20 18:47:34.861  - INFO: RPC - Exchange rpcExchange is open
2015-10-20 18:47:34.869  - INFO: RPC - ClientQueue amq.gen-sEdGjNmb74NAdslxwR8lMw is open
2015-10-20 18:47:34.886  - INFO: ErizoController - SSL enabled!
2015-10-20 18:47:34.952  - INFO: RPC - Queue erizoController_1 is open
2015-10-20 18:47:34.959  - INFO: ErizoController - server on
starting agent, stdout -> /home/gjovanov/intel_webrtc/Release-v2.8/logs/woogeen-agent.stdout
2015-10-20 18:47:35.888  - INFO: RPC - Exchange rpcExchange is open
2015-10-20 18:47:35.895  - INFO: RPC - ClientQueue amq.gen-29DQozs96Rd0tNe5ye1bRg is open
2015-10-20 18:47:35.899  - INFO: ErizoAgent - Adding agent to cloudhandler, purpose: general-use
Running process
Running process
2015-10-20 18:47:35.931  - INFO: RPC - Queue ErizoAgent_2 is open
2015-10-20 18:47:35.942  - INFO: ErizoAgent - ErizoAgent rpcID: ErizoAgent_2
starting app, stdout -> /some_path/Release-v2.8/logs/woogeen-app.stdout
Failed to setup secured server: [Error: mac verify failure]

 

 

 

Can it be because the certificate is a wildcard? Or any other ideas why this happens?

0 Kudos
Chunbo_H_Intel1
Employee
576 Views

Thanks for reporting. Our QA team is now working on reproducing this one. Stay tuned!

0 Kudos
Chunbo_H_Intel1
Employee
576 Views

Hi,

Could you share how you generate your Wildcard certificate? Our QA team is not able to reproduce it currently.

0 Kudos
Artem_M_
New Contributor I
576 Views

Hello. We don't generate it. We bought it. It was provided by COMODO RSA Domain Validation Secure Server CA

What else can we give you? we can give your team our certi and link any you test server to our *.pruffme.com domain - to allow you to test that issue

0 Kudos
Chunbo_H_Intel1
Employee
576 Views

Thanks!

And, yes, sound good. Your cert would definitely help us identify the problem. Could you send us by the email?

 

0 Kudos
Goran_J_
Beginner
576 Views

In our case we bought the certificate as well (from GeoTrust). However, sharing the certificate would be security flaw as we are already established business. Sorry.

 

Any alternatives?

0 Kudos
Chunbo_H_Intel1
Employee
576 Views

Have you tried a new certificate on our 2.8 release?

Thanks!

0 Kudos
Reply