MQTT/Push Notifications not working with public address/domain

[MHShetty-AA1-1]

We tried adding an app with the admin panel to check if it installs as per what the GUI/docs suggest, but then unfortunately the app doesn't get installed on the client device nor does it actually receive any push notifications sent to it.

On further debugging, we went through the logs and realized that the binding of the MQTT connection itself threw an java.net.Exception with the domain name we were using publicly for our https server/admin panel. I tried using the public IP of our machine, it threw the same exception again.

Public address -

Public domain name -

However, when I instead used the server machine's private IP or localhost instead of the public IP/domain name the MQTT connection no longer throws an Exception.

But then we come back to the same issue of not being able to send push notifications to any of the setup devices, which is most likely because the client device isn't able to interact with the server at port 31000 of our server.

Our firewall does allow TCP connections at port 31000, but this issue still occurs unfortunately

We verified the public address and domain multiple times too, but they were the same once we used on our browser.

Our main ROOT.xml that we updated to vary the MQTT address/uri (with public address that does not work):

<?xml version="1.0" encoding="UTF-8"?>
<Context>
    
    <Resources cachingAllowed="false" />

    <!-- database configurations -->
    <Parameter name="JDBC.driver"   value="org.postgresql.Driver"/>
    <Parameter name="JDBC.url"      value="jdbc:postgresql://localhost:5432/hmdm"/>
            
    <Parameter name="JDBC.username" value="hmdm"/>
    <Parameter name="JDBC.password" value="topsecret"/>

    <!-- This directory is used to store uploaded app files, must be accessible for tomcat user -->
    <Parameter name="files.directory" value="/var/lib/tomcat9/work/files"/>

    <!-- URL used to open Headwind MDM control panel -->
    <Parameter name="base.url" value="https://ethosmdm.aa1technologies.com:8443"/>

    <!-- private / shared; shared can be used only in Enterprise solution -->
    <Parameter name="usage.scenario" value="private" />

    <!-- If set to 1, the device configuration request must be signed by a shared secret (setup in hash.secret and in the Android app) 
         0 or empty value does not require request signature which is less secure -->
    <Parameter name="secure.enrollment" value="0"/>
    <!-- A shared secret between mobile app and control panel. 
         Don't change this unless you know what you're doing -->
    <Parameter name="hash.secret" value="12345"/>

    <!-- This directory is used to store files by plugins, must be accessible for tomcat user -->
    <Parameter name="plugins.files.directory" value="/var/lib/tomcat9/work/plugins"/>

    <!-- Configuration for logging plugin, do not change this -->
    <Parameter name="plugin.devicelog.persistence.config.class" value="com.hmdm.plugins.devicelog.persistence.postgres.DeviceLogPostgresPersistenceConfiguration"/>

    <!-- Don't change this -->
    <Parameter name="role.orgadmin.id" value="2"/>

    <!-- Swagger Docs UI location -->
    <Parameter name="swagger.host" value="ethosmdm.aa1technologies.com:8443"/>
    <Parameter name="swagger.base.path" value="/rest"/>

    <Parameter name="initialization.completion.signal.file" value="/var/lib/tomcat9/work/hmdm_install_flag"/>

    <Parameter name="log4j.config" value="file:///var/lib/tomcat9/work/log4j-hmdm.xml"/>

    <Parameter name="aapt.command" value="aapt"/>

    <!-- MQTT notification service parameters -->
    <Parameter name="mqtt.server.uri" value="52.68.99.135:31000"/>

    <!-- Optional tag for delaying MQTT messages in milliseconds
     to avoid congestion when all devices are updating configuration at the same time -->
    <!-- <Parameter name="mqtt.message.delay" value="100"/> -->

    <!-- Fast device search by last characters, here's the length -->
    <Parameter name="device.fast.search.chars" value="5"/>

    <!-- Optional tag for MQTT authentication for more security
         (supported by Headwind MDM launcher v5.05 and above) -->
    <!-- <Parameter name="mqtt.auth" value="1"/> -->

    <!-- Email parameters are necessary for password recovery -->
    <Parameter name="smtp.host" value=""/>
    <Parameter name="smtp.port" value=""/>
    <Parameter name="smtp.ssl" value="0"/>
    <Parameter name="smtp.starttls" value="0"/>
    <Parameter name="smtp.username" value=""/>
    <Parameter name="smtp.password" value=""/>
    <Parameter name="smtp.from" value=""/>

</Context>

(The initial value for mqtt.server.uri - the domain name for the admin panel too throws the same error as public address along with the domain name instead)

Please help us out with setting up Push notifications/MQTT server correctly and do let us know if any other information is required

Thanks a lot for coming up with this open-source project, and for your valuable help and time!

[h-mdm]

If your server is behind a firewall, you cannot bind a socket to the external address.

There are two possible options.

1. Bind MQTT socket to the internal address. Like this:
2. Add a record binding your server's domain to the internal address in /etc/hosts, and use domain name in mqtt.server.uri.

See more details here: https://qa.h-mdm.com/1714/

[MHShetty-AA1-1]

Hi @h-mdm,

We tried both the solutions out there, but adding the internal address as our domain name would possibly be the same thing as binding to the internal address.

We tried sending push notifications to all our devices from the admin panel, but none of them seem to be received on the other end unfortunately. The device configuration gets loaded, and the manually added apps get installed, but after that passing updates/adding new applications/sending push notifications don't work.

By any chance, do we need to make any additional setup for them on server/android side? (just in case if we are missing out on something)

[h-mdm]

Make sure you see in logs that Headwind MDM is bound to port 31000. You can also check the MQTT traffic by tcpdump.

[MHShetty-AA1-1]

The port does seem to get bind on port 31000 for MQTT as per the startup logs (for the domain name too).

We get these logs from tcpdump at port 31000 when we send a push message of type "custom message" with title/type "Hello World" and payload "Test Message" and to a specific device that's currently active.

(Also, just in case if this is relevant, please note that we are using the second option mentioned in this comment - #63 (comment))

It does seem to be able to send the required packets from server, really unsure if the firewall or app configuration needs to be changed in any way.

Does the build.gradle buildConfig in Android need any changes except the primary and secondary URL of our server? The default port number build.gradle seems to be the same as port 31000, the same that we are using on our server.

At the moment, we are testing the app on a Pixel device running Android 7, and here's how the notification panel looks:

[MHShetty-AA1-1]

Hi @h-mdm,

Here is some additional information we came across,

Hovering over the installation status of the device under test (a red circle) of a brings up this pop-up -
(We tried adding new applications and versions for the test device)

[h-mdm]

I see that you're using some technical domain name instead of the IP address. Please use IP address (IPv4) instead, like this:

<Parameter name="mqtt.server.uri" value="172.31.43.138:31000"/>

The local IP address can be found by a command

ip addr show