crossdomain.xml policy problems

jz87
edited May 2011 in Photon Server
I'm trying to setup the Policy app to serve crossdomain policy.xml but I'm running into problems. Here's a snippet of the log


6644: 04:39:11.851 - Application will NOT restart if files matching the following are changed: "log4net.config"
6644: 04:39:12.198 - Application: "Policy" started in app domain: 3
6644: 04:39:12.199 - Adding TCP listener on :0.0.0.0: 4530 with a listen backlog of: 150
6644: 04:39:12.199 - Nagle disabled
6644: 04:39:12.199 - TCP inactivity timeout: 5000ms
6644: 04:39:12.199 - UDP address specified as:0.0.0.0 adding listener to each available IPv4 address
6644: 04:39:12.199 - Adding UDP listener on :192.168.25.1: 5055 with a listen backlog of: 500
6644: 04:39:12.199 - Adding UDP listener on :192.168.18.1: 5055 with a listen backlog of: 500
6644: 04:39:12.199 - Adding UDP listener on :192.168.1.4: 5055 with a listen backlog of: 500
6644: 04:39:12.199 - Adding UDP listener on :127.0.0.1: 5055 with a listen backlog of: 500
6644: 04:39:12.199 - Adding TCP Policy listener on :0.0.0.0: 843 with a listen backlog of: 150 and routing to application: "Policy"
6644: 04:39:12.199 - TCP inactivity timeout: 5000ms
6644: 04:39:12.199 - Adding TCP Policy listener on :0.0.0.0: 943 with a listen backlog of: 150 and routing to application: "Policy"
6644: 04:39:12.199 - TCP inactivity timeout: 5000ms
6644: 04:39:12.223 - Service is running...

And relevant portion of my config file

<TCPPolicyListeners>
<!-- multiple Listeners allowed for different ports -->
<TCPPolicyListener
IPAddress="0.0.0.0"
Port="843"
Application="Policy"
InactivityTimeout="5000">
</TCPPolicyListener>
<TCPPolicyListener
IPAddress="0.0.0.0"
Port="943"
Application="Policy"
InactivityTimeout="5000">
</TCPPolicyListener>
</TCPPolicyListeners>

<!-- Defines the Photon Runtime Assembly to use. -->
<Runtime
Assembly="PhotonHostRuntime, Version=2.0.0.0, Culture=neutral"
Type="PhotonHostRuntime.PhotonDomainManager">
</Runtime>


<!-- Defines which applications are loaded on start and which of them is used by default. Make sure the default application is defined. -->
<!-- Application-folders must be located in the same folder as the bin_win32 folders. The BaseDirectory must include a "bin" folder. -->
<Applications Default="MMO">
<Application
Name="MMO"
BaseDirectory="MMO.Server"
Assembly="MMO.Server"
Type="MMO.Server.MMOApplication"
ForceAutoRestart="True"
RestartDelayMillis="1000"
WatchFiles="dll;config"
ExcludeFiles="log4net.config">
</Application>

<Application
Name="Policy"
BaseDirectory="Policy"
Assembly="Policy"
Type="Policy.Policy"
ForceAutoRestart="True"
RestartDelayMillis="1000"
WatchFiles="dll;config"
ExcludeFiles="log4net.config">
</Application>

I checked netstat -a and it shows TCP ports 843 and 943 as being listened on. Yet when I launch my Unity app it gets a security exception saying that no valid crossdomain policy was found. I have confirmed that the Policy.dll was loaded into the photon server process. I'm out of ideas as to what could be wrong.

Comments

  • I should add that this problem occurs even with the default Server SDK and Unity3D demos I downloaded from ExitGames website.
  • It seems that everything loaded and started correctly. In most such cases, it's a security / firewall issue.
    Maybe the Windows firewall or some security package prevents you from connecting.
    If you've got issues with the configuration, let us know which windows you use.
  • I use Windows 7. If this is a firewall issue wouldn't netstat not show port 843 as being actively being listened on?
  • The firewall does not change the listening, afaik. It just changes the rules which messages could get through on both directions.
  • Was this issue ever resolved?

    I'm having a similar issue running mine on Win 7 64-bit. I have the needed ports forwarded to my box and the firewall is open for photonsocketserver.exe in the deploy\bin_Win64 directory.

    I'm using Unity WebPlayer as the client on a remote server. The web player is giving me the following issue in the log:
    SocketPolicyClient2: Incoming GetPolicyStreamForIP
    SocketPolicyClient2: About to BeginConnect to xx.xxx.xxx.xx:843
    SocketPolicyClient2: About to WaitOne
    SocketPolicyClient2: WaitOne timed out. Duration: 3006
    SocketPolicyClient2: Caught exception: BeginConnect timed out
    Connect() failed: System.Security.SecurityException: Unable to connect, as no valid crossdomain policy was found
      at System.Net.Sockets.Socket.Connect_internal (IntPtr sock, System.Net.SocketAddress sa, System.Int32& error, Boolean requireSocketPolicyFile) &#91;0x00000&#93; in &lt;filename unknown&gt;:0 
      at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP, Boolean requireSocketPolicy) &#91;0x00000&#93; in &lt;filename unknown&gt;:0 
      at System.Net.Sockets.Socket.Connect (System.Net.EndPoint remoteEP) &#91;0x00000&#93; in &lt;filename unknown&gt;:0 
      at System.Net.Sockets.Socket.Connect (System.Net.IPAddress address, Int32 port) &#91;0x00000&#93; in &lt;filename unknown&gt;:0 
      at ExitGames.Client.Photon.NConnect.StartConnection () &#91;0x00000&#93; in &lt;filename unknown&gt;:0
    

    Any thoughts? It seems to be timing out but port scans from canyouseeme.org shows it able to connect on 843 and 4530 but times out on 5055.

    My startup shows this:
    5056: 01:04:54.233 - About to load application: Policy from Policy.Application
    5056: 01:04:58.603 - Application: "Policy" started in app domain: 6
    5056: 01:04:58.605 - Adding TCP listener on :0.0.0.0: 4530 with a listen backlog of: 150
    5056: 01:04:58.605 - Nagle disabled
    5056: 01:04:58.605 - TCP inactivity timeout: 5000ms
    5056: 01:04:58.605 - UDP address specified as:0.0.0.0 adding listener to each available IPv4 address
    5056: 01:04:58.606 - Adding UDP listener on :10.10.1.4: 5055 with a listen backlog of: 500
    5056: 01:04:58.606 - Adding UDP listener on :127.0.0.1: 5055 with a listen backlog of: 500
    5056: 01:04:58.606 - Adding TCP Policy listener on :0.0.0.0: 843 with a listen backlog of: 150 and routing to application: "Policy"
    5056: 01:04:58.606 - TCP inactivity timeout: 5000ms
    5056: 01:04:58.606 - Adding TCP Policy listener on :0.0.0.0: 943 with a listen backlog of: 150 and routing to application: "Policy"
    5056: 01:04:58.606 - TCP inactivity timeout: 5000ms
    5056: 01:04:58.632 - Service is running...
    

    Any help would be greatly appreciated.

    EDIT: Also, does the cross domain xml have to be named socket-policy.xml in the Policy App assets folder? I have it there untouched but I also added a crossdomain.xml copy of it to be sure. Not sure if that would do anything or not.
  • Hm, the client obviously can't finish the policy request. That much is sure.
    Did you test canyouseeme.org for port 5055 with udp? If you tested the 4530 successfully with tcp, you might have tested with tcp again? Just making sure...
    I wonder why "Adding TCP Policy listener" is only done for IP 0.0.0.0 but not the other interfaces. The udp listener explicitly names 10.10.1.4. Maybe that is just an output thing, though.

    Can you please edit the PhotonServer.config and in both TCPPolicyListener nodes replace the IP 0.0.0.0 with 10.10.1.4. Restart and test again.
  • Ok. I've updated the config to manually point TCP listeners to 10.10.1.4 as noted. I'm still having the same issue.

    Here is how the log looks now:
    3140: 10:46:15.439 - About to load application: Policy from Policy.Application
    3140: 10:46:19.685 - Application: "Policy" started in app domain: 6
    3140: 10:46:19.686 - Adding TCP listener on :10.10.1.4: 4530 with a listen backlog of: 150
    3140: 10:46:19.686 - Nagle disabled
    3140: 10:46:19.686 - TCP inactivity timeout: 5000ms
    3140: 10:46:19.686 - UDP address specified as:0.0.0.0 adding listener to each available IPv4 address
    3140: 10:46:19.687 - Adding UDP listener on :10.10.1.4: 5055 with a listen backlog of: 500
    3140: 10:46:19.687 - Adding UDP listener on :127.0.0.1: 5055 with a listen backlog of: 500
    3140: 10:46:19.687 - Adding TCP Policy listener on :10.10.1.4: 843 with a listen backlog of: 150 and routing to application: "Policy"
    3140: 10:46:19.687 - TCP inactivity timeout: 5000ms
    3140: 10:46:19.687 - Adding TCP Policy listener on :10.10.1.4: 943 with a listen backlog of: 150 and routing to application: "Policy"
    3140: 10:46:19.687 - TCP inactivity timeout: 5000ms
    3140: 10:46:19.714 - Service is running...
    7148: 10:49:41.218 - CTCPSocketServer::ReadCompleted - Exception - CTCPStreamProcessor::ProcessDataStream() - Invalid message format, expected first byte to be 0xF0 OR 0xFC. Got: 50 - 50 6F 72 74 43 68 65 63 6B 20 66 72 6F 6D 20 50 6F 72 74 46 6F 72 77 61 72 64 2E 63 6F 6D 2E 20 50 6C 65 61 73 65 20 72 65 70 6F 72 74 20 61 62 75 73 65 20 61 74 20 66 6F 72 75 6D 2E 70 6F 72 74 66 6F 72 77 61 72 64 2E 63 6F 6D 2E  - PortCheck from PortForward.com. Please report abuse at forum.portforward.com.
    

    Note the exception at the end of the log. This was me running a test on the ports with a different locally installed port checker tool from portforward.com as the web-based port checkers can't do UDP checks.

    Both 843 and 4530 return as being able to be seen, but 5055 still comes up as not open. The exception was only logged when port check data was sent to 4530, nothing was logged on the successful 843 connection.

    I appreciate your help on this Tobias, any else I can try?

    EDIT: Would also like to note that the Unity Web Player shows SocketPolicyClient1 then immediately jumps to a SocketPolicyClient2 to start the connection, not sure if that means anything but figured I'd note it:
    SocketPolicyClient1: Incoming GetPolicyStreamForIP
    SocketPolicyClient2: Incoming GetPolicyStreamForIP
    SocketPolicyClient2: About to BeginConnect to 72.207.251.90:843
    SocketPolicyClient2: About to WaitOne
    SocketPolicyClient2: WaitOne timed out. Duration: 3006
    SocketPolicyClient2: Caught exception: BeginConnect timed out
    Connect() failed: System.Security.SecurityException: Unable to connect, as no valid crossdomain policy was found
      at System.Net.Sockets.Socket.Connect_internal (IntPtr sock, System.Net.SocketAddress sa, System.Int32& error, Boolean requireSocketPolicyFile) &#91;0x00000&#93; in &lt;filename unknown&gt;:0
    
  • Ok, I have an update. I remoted into another machine elsewhere to try things out and it all seems to be working if I launch the client from outside of my own network. Any other machines within my local network that has the host box running has this issue with the client.

    Any ideas why this may be the case? I'm not sure if there is an obvious workaround for this, but it is at least nice to know that it is actually working. Will just have to use a separate client with the local address for local testing for now.

    Thanks!
  • Sounds like your router doesn't like you to connect from your internal network to your external IP.
  • That it does. I may have to look at it sometime, but for now I can work around it by changing the client to just look at the server locally for now. With regard to the other issue where 0.0.0.0 was not binding to 10.10.1.4 for TCP connections, is there anything you may need me to look at to see why I had to specify the listener IPs manually in the config?

    Thanks for the support Tobias and Boris, it means a lot. :)
  • I think it's just a different log entry and that in fact 0.0.0.0 does bind to all available network interfaces.
    Did you try the external connect with 0.0.0.0?
  • Boris wrote:
    I think it's just a different log entry and that in fact 0.0.0.0 does bind to all available network interfaces.
    Did you try the external connect with 0.0.0.0?

    I put the IPs back to 0.0.0.0 in the config and did a remote connection test and it seems to work fine. I'll leave it at the default then it seems. Thanks Boris. :)
  • I seem to have the same problem.

    I have a photon serveur on a computer with windows 7 64bits that i've put on a fixed IP, and I have a unity client that connect to the photon server.
    If i build the client as a standalone windows there is no problem to connect the photon serveur, but if i build it as a webplayer i have this problem.

    My webplayer is on another server hosted by 1and1. There is a crossdomain policy on both my 1and1 server and my photon server.

    I think my problem come from that my computer with the photon server have indeed a fixed IP, but is on the network of a public organization wich i obsiously don't have full access. I think the policy request must be blocked by a firewall before even reaching my server.

    How could i solve this issue ?
  • Photon's Policy Application can server the policy file. Unity Webplayers by default request the policy file by TCP port 843. Of course this port for TCP must be open in all firewalls the server has, including the Windows Firewall:
    http://developer.exitgames.com/photonse ... llsettings

    The policy app logs all policy requests by default, so you can check the deploy/log/policy.log file.
    The DevNet explains the policy application:
    http://developer.exitgames.com/photonserver/policyapp

    You don't need the crossdomain file on the server which hosts the .unity3d file. Only on the Photon Server this is necessary.