Bbb error ice 1007

ICE error 1007 #9240

I have installed bbb on my intranet behind a NAT/Firewall and i use Chrome browser. It’s work fine in https mode with any station or Smartphone i use in local mode.
When i try with a station in «external» mode (internet) i get «ICE error 1007». I saw in documentation that i need to install a Turn server and i had do it using following this procedure https://docs.bigbluebutton.org/2.2/setup-turn-server.html but error 1007 is staying. Is somebody could help me? See below my check
BigBlueButton Server 2.2.5 (1848)
Kernel version: 4.15.0-96-generic
Distribution: Ubuntu 16.04.6 LTS (64-bit)
Memory: 32925 MB
CPU cores: 16

/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://mydomain.com
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true

/etc/nginx/sites-available/bigbluebutton (nginx)
server name: mydomain.com
port: 80, [::]:80
port: 443 ssl
bbb-client dir: /var/www/bigbluebutton

/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
Port test (tunnel): rtmp://mydomain.com
red5: mydomain.com
useWebrtcIfAvailable: true

/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 192.168.0.16
external_rtp_ip: MON_IP_PUBLIC
external_sip_ip: MON_IP_PUBLIC

/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $$
ext-sip-ip: $$
ws-binding: :5066
wss-binding: :7443

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: mydomain.com
playback_protocol: https
ffmpeg: 4.2.2-1bbb1

/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: MON_IP_PUBLIC

/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
kurento.ip: 192.168.0.16
kurento.url: ws://127.0.0.1:8888/kurento
localIpAddress: 192.168.0.16
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8

/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
build: 874
kurentoUrl: wss://mydomain.com/bbb-webrtc-sfu
enableListenOnly: true

Potential problems described below

IP does not match:

IP from ifconfig: 192.168.0.16

/etc/nginx/sites-available/bigbluebutton: mydomain.com

Источник

BigBlueButton: Fix 1007 and 1020 Errors

I am going to tell you how to fix this complain for good. No more 1007 or 1020!

Running the BigBlueButton client requires a wide range of UDP ports to be available for WebRTC communication.

However, in some network restricted sites, such as those behind NAT or a corporate firewall that restricts UDP connections, users may be unable to make outgoing UDP connections to your BigBlueButton server. These are the users who get 1007 and 1020 errors.

By setting up a separate TURN server, you can allow users to have the TURN server (connected via port 443) proxy their UDP-based WebRTC media (audio, webcam, and screen share) to the BigBlueButton server.

We recommend Ubuntu 20.04 as it has a newer version of Coturn than Ubuntu 16.04.

The server does not need to be very powerful as it will only relay communications from the BigBlueButton client to the BigBlueButton server when necessary. A dual core server virtual server should be sufficient for a dozen BigBlueButton servers.

Installing a Turn server is super simple with bbb-install.sh, which installs and configures the Coturn server that acts as both Stun and Turn server.

With this straightforward installation and some optimizations (LimitNOFILE=1048576), you will be able to get rid of 1007/1020 errors for almost 100%.

Don’t forget to test whether your Turn server is working:

1. You can force using the TURN on Firefox browser.
2. Open a Firefox tab and type about:config . Search for media.peerconnection.ice.relay_only .
3. Set it to true. At this moment Firefox only use TURN relay.
4. Now join a BigBlueButton session for this Firefox browser to see Turn server in action.
5. In another tab on Firefox, type about:webrtc to see the status of webrtc.
6. Click on show details to see the url of stun/turn server being used with success message.

In some cases you may still get 1007/1020 complains!

That happens when your Turn server fails!

Either Turn server is down or is overwhelmed by hundreds of simultaneous user requests.

For high-availability of your Turn server, use dns round robin routing on AWS Route 53.

1. First install two Turn servers as directed above with two ‘A’ records in Route 53: turn1.higheredlab.com and turn2.higheredlab.com. Ensure that you setup Turn servers in the region that is closer to your users to avoid network latency.
2. Second, create another ‘A’ record in Route 53, for example turn.higheredlab.com, that does weightage routing to the two Turn Servers.
3. Add Health Check so that if one Turn server goes down, requests are directed to the other Turn server.
4. Setup SNS notification so that you get an email alert right away that one of your Turn server is down.

I hope this helps in conducting better online classes on BigBlueButton!

Источник

How to solve the problem for Error connections ICE 1007 in BigBlueButton Meeting

Some MynaParrot BBB users reported receiving this ICE 1007 error message when attempting to join the meeting.

Then we need to figure out why this is happening and figure out how to fix it. You may suspect that it is due to bigbluebutton server or html5 client issues, or that it is related to IP address or port 80.

BigBlueButton is a web conferencing system that is free and open source. It is web-based, so you must use a browser to participate in the meeting. The advantage is that users do not need to download and install any applications on their devices. However, it will necessitate the user configuring some browser settings, particularly the first time. However, while it is generally acceptable and simple to use, you may encounter some issues.

Today we are going to address this common issue for the BigBlueButton user.

ice 1007 reasons

For a short answer, the error caused by a firewall.

1007: ICE negotiation failed — The browser and FreeSWITCH try to negotiate ports to use to stream the media, and that negotiation failed. Possible Causes:

NAT is blocking the connection

The firewall is blocking the UDP connection/ports

WebRTC offers very high-quality audio. However, the user’s network settings (or firewall) may not allow WebRTC to connect (or keep connected).

ice 1007 Solutions

First and foremost, as a developer, you must examine your BigBlueButton server configuration. If your server does not have a TURN server configuration, your users will encounter difficulties if they access from behind a firewall. If you configure the TURN server, you should see better results.

You can find instructions on how to set up the TURN server in this official BigBlueButton Development Doc.

If you are confident that you have correctly installed and configured the TURN server. However, the user may still encounter this issue. What are other options? From our experience, the most practical way to solve it from the user’s perspective is to try the following methods:

• Try again a few times, and it may resolve itself.
• Restart your computer or mobile device if possible.
• Try a different browser or update your browser to the most recent version.
• If possible, switch to a different internet provider.
• Experiment with different devices.

The cause is sometimes a problem caused by unknown factors. It takes time to detect or solve it; however, as a user, you may only have a few minutes to resolve this issue because you need to enroll in a course. As a result, try those suggestions as soon as possible and see if they work. According to our experience, if your BigBlueButton server is correctly configured, then try those solutions from the user’s end, and the problem will be resolved.

If you still aren’t able to solve the problem by doing these. Please contact us, and we will assist you in resolving this issue as soon as possible. If you don’t have an account, try it free from here: https://mynaparrot.com/en/try-it-for-free

You can integrate with your Moodle, WordPress, Chamilo, or other LMS in minutes. After that, you can test it to see if the BigBlueButton ICE 1007 error messages continue to appear.

1″ :pagination=»pagination» :callback=»loadData» :options=»paginationOptions»>

Источник

Error 1007 on restricted network with ipv6 (not only) with TURN #9514

Describe the bug
If a user is on a restricted network with ipv6 enabled and tries to join a conference, no audio connection is possible (speaker or listener). With a working TURN server configured. Because it is reproducible on the official BBB demo it needs to be a server core issue

To Reproduce

Steps to reproduce the behavior:

1. Restrict all outgoing Traffic except ports 53 80 443
2. Make sure to have ipv6 connectivity
3. Try to join conference with audio
4. See error 1007

It is reproducible on official BBB demo!

Expected behavior
Connect to conference with audio/micro

Actual behavior
No Microphone connection possible (1007)
Also no audio without microphone but no error

Desktop (please complete the following information):

• OS: Linux (Arch / Ubuntu)
• Browser: Chrome, Firefox

Additional context
Browser log attached
BBB_Browserlog.txt

The text was updated successfully, but these errors were encountered:

ERROR: clientLogger: ICE connection failed before success

did you have installed/configured stun/turn server for freeswitch/kurento/bbb-web?
did you opened/forwarded udp range in firewall for kurento/freeswitch?
https://docs.bigbluebutton.org/2.2/setup-turn-server.html
https://docs.bigbluebutton.org/2.2/configure-firewall.html

also you may be needed incoming udp traffic in range

20000-65535 ports, because audio/video goes thru udp transport.

Yes, we use our own stun/turn server on an other machine.
Firewall is open to port range 16384-32768 UDP.

Also you can verify which candidates are anounced through your stun/turn server.
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
and turn/stun ports should be opened/forwarded(if nat used).
make sure that you used right credentials, certs ports and URI between bbb-stack and your stun/turn server.

Thank you for your advice, but as we wrote, it is also not working on the official BBB Demo https://demo.bigbluebutton.org/gl/

we are pretty sure the turn server works, as it is working w/o problems with ipv4 only and restricted networks

our server also works with ipv6 only if TURN relay is not used

I had the same issue and it turned out that it is a matter on the user’s side (restiction in the router, UDP ports are blocked) So it’s not a bug or problem of your server configuration or BBB at all.

As a working solution, you may use VPN tunneling and advice your users behind such restricted network settings to make use of that option too.

Sorry, i dont see this as an issue on the user side. For our understanding one functionality of TURN/Stun is, to make it possible to take part on the audio conference for people who are connecting from restricted networks.

We also investigated with many people who are encountering the problem from sucht type of networks, like guest wlans or company networks.

We simulated the behavior with restricting our client firewall, to collect some knowledge about the issue. As soon as you have an ipv6, or ipv6/ipv4 connection and only the ports 80/443 and 53, you cannot connect anymore.

Can you elaborate a little more on the restrictions? When I was debugging a user recently, I created a similar setting (53/80/443 only on a dual-stack network), and things were just working fine.

• Does this behavior change when you remove the v6 address from the interface (you explicitly mention it in the title)
• Do you see (when using firefox) any candidates on the clients?
• is 53/80/443 outbound fully routed, or is there also a HTTP proxy in the mix?

you sure that you see all candidates(ip4/6),even directly declared via bbb-web?
check with netcat/tcpdump on both sides (server,client) tcp/udp traffic on all declared ports, endpoints correctly routed/filtered?
although coturn, as recomended by official manual, supports ipv6.
in turn-stun-servers.xml you can forcely point to your endpoints, both 4|6.
maybe, i’m not sure — not much experience with paralel stacked setups, but maybe you need to do dual setup for all of bbb-stack(mostly for coturn, freeswitch, kurento and may be some others).

Hm, and: I did not encounter this when debugging my turn (simulated the exact same setting) on my infrastructure. Are your TURN/BBB systems dualstack as well? (demo. is certainly only legacy IP).

I have the same issue in a restricted network. For testing purposes I have now disabled UDP on my working PC (in a «normal» network).

On Firefox, when joining a meeting (on https://test.bigbluebutton.org or https://demo1.bigbluebutton.org or my own server) and then clicking once on «Listen only», ICE failed, your TURN server appears to be broken, see about:webrtc for more details is printed in the console. After a few more seconds, I am asked, if I want allow the site to use the microphone. When agreeing, everything behaves as normal.

On Safari this problem does not occur, but I can’t share my webcam (Error 1020) and I can not see the shared screen / the shared webcams (spinning forever).

EDIT:
I’ve set up a VPN server as a workaround.

Hm, and: I did not encounter this when debugging my turn (simulated the exact same setting) on my infrastructure. Are your TURN/BBB systems dualstack as well? (demo. is certainly only legacy IP).

Yes everything is dual-stack. Concerning the bbb server and the complexity of components I can only say it is Dual-Stack according to the official documentation.

I found some time to debug this further as one of our customers now hits the issue. With the client configuration as mentioned above (dual ipv4, ipv6 and 53/80/443 only) there is no traffic (not a single package) to the turn server on ipv6 (tested with tcpdump on the client). With ipv4 only a lot of traffic is captured.
I checked for the turn server:

• DNS A and AAAA are correctly set
• port 443 on ipv6 addr is open and responding

It seems on ipv6 either the necessity for turn relay is not recognized or wrong configuration is passed to the browser on connection negotiation. I could provide data from the browser-console if anybody has an idea.

Источник

The most frequent user complains about BigBlueButton are WebRTC issues: 1007 and 1020.

I am going to tell you how to fix this complain for good. No more 1007 or 1020!

Running the BigBlueButton client requires a wide range of UDP ports to be available for WebRTC communication.

However, in some network restricted sites, such as those behind NAT or a corporate firewall that restricts UDP connections, users may be unable to make outgoing UDP connections to your BigBlueButton server. These are the users who get 1007 and 1020 errors.

By setting up a separate TURN server, you can allow users to have the TURN server (connected via port 443) proxy their UDP-based WebRTC media (audio, webcam, and screen share) to the BigBlueButton server.

We recommend Ubuntu 20.04 as it has a newer version of Coturn than Ubuntu 16.04.

The server does not need to be very powerful as it will only relay communications from the BigBlueButton client to the BigBlueButton server when necessary. A dual core server virtual server should be sufficient for a dozen BigBlueButton servers.

Installing a Turn server is super simple with bbb-install.sh, which installs and configures the Coturn server that acts as both Stun and Turn server.

wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -c : -e 

With this straightforward installation and some optimizations (LimitNOFILE=1048576), you will be able to get rid of 1007/1020 errors for almost 100%.

Don’t forget to test whether your Turn server is working:

1. You can force using the TURN on Firefox browser.
2. Open a Firefox tab and type about:config. Search for media.peerconnection.ice.relay_only.
3. Set it to true. At this moment Firefox only use TURN relay.
4. Now join a BigBlueButton session for this Firefox browser to see Turn server in action.
5. In another tab on Firefox, type about:webrtc to see the status of webrtc.
6. Click on show details to see the url of stun/turn server being used with success message.

In some cases you may still get 1007/1020 complains!

That happens when your Turn server fails!

Either Turn server is down or is overwhelmed by hundreds of simultaneous user requests.

For high-availability of your Turn server, use dns round robin routing on AWS Route 53.

1. First install two Turn servers as directed above with two ‘A’ records in Route 53: turn1.higheredlab.com and turn2.higheredlab.com. Ensure that you setup Turn servers in the region that is closer to your users to avoid network latency.
2. Second, create another ‘A’ record in Route 53, for example turn.higheredlab.com, that does weightage routing to the two Turn Servers.
3. Add Health Check so that if one Turn server goes down, requests are directed to the other Turn server.
4. Setup SNS notification so that you get an email alert right away that one of your Turn server is down.

I hope this helps in conducting better online classes on BigBlueButton!

Hello.

I have not yet been accepted into the «BigBlueButton Setup» group, but there is a problem, so I am writing here.

I have 3 BBB servers deployed, one GL and one SL.
Everyone has an external IP address, all DNS records (both inside the domain and in the outside world) are correct.
When connected to a VPN (or being physically in the corporate network loop), the connection to the conference works properly, but if you disable the VPN, an «ice error 1007» error occurs when connecting.

We don’t use NAT, from the ufw side all ports are open:

$ sudo ufw status
status: active

To Action From

OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
16384:32768/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
16384:32768/udp (v6) ALLOW Anywhere (v6)

BBB installed with a script
wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -v bionic-240 -s {{ site_name }} -a -w

I did not set up/do not use TURN/COTURN servers on my own.

With $ sudo bbb-conf --check
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: stun.l.google.com:19302

Potential problems described below
Warning: Failed to verify STUN server at stun.l.google.com 19302 with command

stunclient —mode full —localport 30000 stun.l.google.com 19302

If you encountered any problems with the installation of BigBlueButton, this section covers how to resolve many of the common issues.

If you have not already done so, read through the getting help section.

Introduction

Start here: run sudo bbb-conf --check

We’ve built in a BigBlueButton configuration utility, called bbb-conf, to help you configure your BigBlueButton server and troubleshoot your setup if something doesn’t work right.

If you think something isn’t working correctly, the first step is enter the following command.

This will check your setup to ensure the correct processes are running, the BigBlueButton components have correctly started, and look for common configuration problems that might prevent BigBlueButton from working properly.

If you see text after the line ** Potential problems described below **, then it may be warnings (which you can ignore if you’ve change settings) or errors with the setup.

Recording

Recording not processing after upgrading

If after updating from BigBlueButton 2.0 to BigBlueButton 2.2 your recordings are not processing, and if you are seeing Permission denied errors in /var/log/bigbluebutton/bbb-rap-worker.log

I, [2019-06-07T14:26:09.034878 #14808]  INFO -- : /usr/lib/ruby/2.5.0/logger.rb:754:in `initialize': Permission denied @ rb_sysopen - /var/log/bigbluebutton/presentation/process-02feca80700b3e95b877af85db972904397857a1-1559909318977.log (Errno::EACCES)

You can resolve the errors with the following command

$ sudo chown -hR bigbluebutton:bigbluebutton /var/log/bigbluebutton/presentation /var/log/bigbluebutton/screenshare

and then rebuild the recordings that had not yet processed. You can see the list of recordings with

and then to rebuild a recording, use sudo bbb-record --rebuild <internal_meeting_id>, as in

$ sudo bbb-record --rebuild 298b06603719217df51c5d030b6e9417cc036476-1559314745219

Webcams/screen sharing aren’t working

Certify that appropriate external addresses have been set for mediasoup. When installed via packages, mediasoup IPs are normally misconfigured. If installed via bbb-install, then IPv4 is generally correct, but IPv6 might be absent.

Nonetheless, we recommend double-checking the instructions in Updating mediasoup.

Configure mediasoup to use IPv6

mediasoup (bbb-webrtc-sfu) does not come with a IPv6 enabled by default when installed either via packages or bbb-install.

To configure IPv6, bbb-webrtc-sfu’s override configuration file (located in /etc/bigbluebutton/bbb-webrtc-sfu/production.yml) should be used.

See Updating mediasoup for instructions and examples on how to do so.

I’m having troubles seeing webcams or screen sharing in Firefox

That’s usually the symptom of a known Firefox issue where it doesn’t comply with ICE-lite implementations (and mediasoup is one).

This issue can be worked around by forcing TURN usage in Firefox user agents. To achieve that, set the public.kurento.forceRelayOnFirefox configuration to true in /etc/bigbluebutton/bbb-html5.yml. For example:

public:
  kurento:
    forceRelayOnFirefox: true

How often does this Firefox issue happens?

Short (non) answer: that’s difficult to measure.

Every Firefox installation is prone to the lack of ICE-lite spec compliance. However, the issue doesn’t manifest itself on all Firefox installations as it is dependent on how the end user’s network topology is organized. It’s generally a small subset of Firefox users, but that can vary depending on the user base.

Where can I track progress on a definitive solution or better workaround?

This is a Firefox bug, so the best place to get an overview on progress and what the issue is about is Mozilla’s issue.

You can also track BigBlueButton’s issue for updates on additional workarounds.

Why isn’t forceRelayOnFirefox enabled by default?

It’s not on by default because bigbluebutton does not come with a TURN server by default, and that’s what versioned-in-code setting presumes.

How do I know if mediasoup is being used?

The most direct and precise way to figure out whether mediasoup is being used is checking about:webrtc (Firefox) or chrome://webrtc-internals. For example: open one of those, share a camera. Look for the remote description (SDP); see if it contains mediasoup-client in the SDP header. If it does, you’re using mediasoup.

Regardless of that: mediasoup is the default in 2.5 and should always be used unless default settings were explicitly changed.

mediasoup is the default in 2.5. Why is Kurento still around?

Because Kurento is still used for stream recording. It should be removed as a dependency as soon as this issue is addressed.

Is single-core performance still important with mediasoup?

Yes.

How can I control the number of mediasoup workers?

To control the number of mediasoup workers, bbb-webrtc-sfu’s override configuration file (located in /etc/bigbluebutton/bbb-webrtc-sfu/production.yml) should be used.

There are a couple of configurations of interest here:

mediasoup.workers

This configuration controls the number of mediasoup workers intended for general use (media type agnostic, shared pool).

Accepted values are:

• "auto" (default): creates ceil((min(nproc,32) * 0.8) + (max(0, nproc - 32) / 2)) workers;
• "cores": creates workers up to the host’s core count (as provided by os.cpus().length);
• <Number>: overrides the number of workers with a fixed value;
• The default and fallback values are auto.

For example:

• To set the number of workers to cores: yq w -i /etc/bigbluebutton/bbb-webrtc-sfu/production.yml mediasoup.workers "cores"

mediasoup.dedicatedMediaTypeWorkers

This configuration controls the number of mediasoup workers to be used by specific media types.
If a dedicated pool is set, streams of its media type will always land on it. Otherwise, they will use the shared pool.

The configuration is an object of the following format:

mediasoup.dedicatedMediaTypeWorkers:
   audio: "auto"|"cores"|<Number>
   main: "auto"|"cores"|<Number>
   content: "auto"|"cores"|<Number>

The semantics of auto, cores and Number are the same as in the mediasoup.workers configuration. Default values for all media types are 0 (no dedicated workers).

The media types semantics are:

• audio: audio (listen only, microphone) streams;
• main: webcam video streams;
• content: screen sharing streams (audio and video).

For example:

• To set the number of dedicated audio workers to auto: yq w -i /etc/bigbluebutton/bbb-webrtc-sfu/production.yml mediasoup.dedicatedMediaTypeWorkers.audio "auto"

Can I scale the number of streams up indefinitely with mediasoup?

No. Scalability improves a lot with mediasoup, but there are still a couple of bottlenecks that can be hit as far as far as the media stack is concerned. Namely:

• The signaling server (bbb-webrtc-sfu): it does not scale vertically indefinitely. There’s always work ongoing on this area that can be tracked in this issue;
• The mediasoup worker balancing algorithm implemented by bbb-webrtc-sfu is still focused on multiparty meetings with a restrained number of users. If your goal is thousand-user 1-N (streaming-like) meetings, you may max out CPU usage on certain mediasoup workers even though there are other idle oworkers free.

Kurento

WebRTC video not working with Kurento

Check the value for /proc/sys/net/ipv4/tcp_syncookies that it contains the value 1.

$ cat /proc/sys/net/ipv4/tcp_syncookies
1

If not, edit /etc/sysctl.conf and set the value for net.ipv4.tcp_syncookies to 1.

net.ipv4.tcp_syncookies = 1

Save the file and restart.

Unit kurento-media-server.service is masked

If sudo bbb-conf --check returns the warning

Restarting BigBlueButton 2.0.0-RC9 (and cleaning out all log files) ...
Stopping BigBlueButton
 ... cleaning log files
Starting BigBlueButton
Failed to start kurento-media-server.service: Unit kurento-media-server.service is masked.

You can unmask Kurento using the command

$ systemctl unmask kurento-media-server.service

The default installation of BigBlueButton should work in most netowrk configurations; however, if your users ae behind a restrictive network that blocks outgoing UDP connections, they may encounter 1020 errors (media unable to reach server).

If you get reports of these errors, setup TURN server to help their browsers send WebRTC audio and video streams via TCP over port 443 to the TURN server. The TURN server will then relay the media to your BigBlueButton server.

See Configure TURN.

FreeSWITCH

Configure BigBluebutton/FreeSWITCH to support IPV6

The HTML5 client now enables users on mobile devices to connect to a BigBlueButton server. However, on some cellular networks iOS devices only receive an IPV6 address.

To enable BigBlueButton (FreeSWITCH) to accept incoming web socket connections on IPV6, the BigBlueButton server must have an IPV6 address. You also need to make the following changes to the server.

First, create the file /etc/nginx/conf.d/bigbluebutton_sip_addr_map.conf with this content:

map $remote_addr $freeswitch_addr {
    "~:"    [2001:db8::1];
    default    192.0.2.1;
}

replacing the ip addresses 192.0.2.1 with the system’s external IPV4 addresses, and replace 2001:db8::1 with the system’s external IPV6 address. Next, edit the file /etc/bigbluebutton/nginx/sip.nginx to have the following:

proxy_pass https://$freeswitch_addr:7443;

Next, ensure all of the following params are present in freeswitch’s sip_profiles/external-ipv6.xml:

• ws-binding
• wss-binding
• rtcp-audio-interval-msec
• rtcp-video-interval-msec
• dtmf-type
• liberal-dtmf
• enable-3pcc

If any are missing, copy them from sip_profiles/external.xml, then restart BigBlueButton (sudo bbb-conf --restart).

FreeSWITCH fails to bind to IPV4

In rare occasions after shutdown/restart, the FreeSWITCH database can get corrupted. This will cause FreeSWITCH to have problems binding to IPV4 address (you may see error 1006 when users try to connect).

To check, look in /opt/freeswitch/var/log/freeswitch/freeswitch.log for errors related to loading the database.

2018-10-25 11:05:11.444727 [ERR] switch_core_db.c:108 SQL ERR [unsupported file format]
2018-10-25 11:05:11.444737 [ERR] switch_core_db.c:223 SQL ERR [unsupported file format]
2018-10-25 11:05:11.444759 [NOTICE] sofia.c:5949 Started Profile internal-ipv6 [sofia_reg_internal-ipv6]
2018-10-25 11:05:11.444767 [CRIT] switch_core_sqldb.c:508 Failure to connect to CORE_DB sofia_reg_external!
2018-10-25 11:05:11.444772 [CRIT] sofia.c:3049 Cannot Open SQL Database [external]!

If you see these errors, clear the FreeSWITCH database (BigBlueButton doesn’t use the database and FreeSWITCH will recreate it on startup).

$ sudo systemctl stop freeswitch
$ rm -rf /opt/freeswitch/var/lib/freeswitch/db/*
$ sudo systemctl start freeswitch

Forward calls from an Asterisk server to FreeSWITCH

Let’s assume the following:

asterisk server ip:          192.168.1.100
bigbluebutton/freeswitch ip: 192.168.1.200

Changes to your Asterisk server

Setup your gateway to BigBlueButton/FreeSWITCH. in /etc/asterisk/sip.conf add

[fs-gw]
type=peer
username=fs-gw
insecure=very
contactpermit=192.168.1.200/255.255.255.255
qualify=no
nat=yes
host=192.168.1.200
canreinvite=no
disallow=all
allow=ulaw

Route the calls to the gateway. In /etc/asterisk/extensions.conf context where your calls are being handled, forward the calls to the gateway. Here, when someone dials 85001, the call is sent to the fs-gw defined above.

exten => 85001,1,Dial(SIP/fs-gw/${EXTEN})
exten => 85001,2,Hangup

Changes to your BigBlueButton/FreeSWITCH server

In BigBlueButton/FreeSWITCH, make the following changes:

Lock down so that only Asterisk can forward calls to FreeSWITCH. In /opt/freeswitch/conf/autoload_configs/acl.conf.xml, add the following ACL. We also need to allow BigBlueButton to call into FreeSWITCH, that’s why we add the IP of BigBlueButton/FreeSWITCH into the ACL.

    <list name="asterisk-gw" default="deny">
       <node type="allow" cidr="192.168.1.200/32"/>
       <node type="allow" cidr="192.168.1.100/32"/>
       <node type="allow" cidr="127.0.0.1/32"/>
    </list>

Then we apply the ACL into the profile that receives the calls from external gateways. In /opt/freeswitch/conf/sip_profiles/external.xml, add the ACL under <settings>

  <settings>
    <!-- Apply ACL from asterisk-gw -->
    <param name="apply-inbound-acl" value="asterisk-gw"/>
...
</settings>

To debug, try connecting to FS CLI and increase logging level. Once connected, make your call and see what the logs say.

$ /opt/freeswitch/bin/fs_cli -p $(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)

  Once connected:
  help -- shows the available commands
  console loglevel <level> -- change log level

  Ctrl-D to exit

FreeSWITCH fails to bind to port 8021

FreeSWITCH supports both IPV4 and IPV6. However, if your server does not support IPV6, FreeSWITCH will be unable to bind to port 8021. If you run sudo bbb-conf --check and see the following error

# Error: Found text in freeswitch.log:
#
#    Thread ended for mod_event_socket
#
# FreeSWITCH may not be responding to requests on port 8021 (event socket layer)
# and users may have errors joining audio.
#

it might be that your server has IPV6 disabled (or does not support it). You can check this by running the following command

$ sudo ip addr | grep inet6
inet6 ::1/128 scope host
...

If you do not see the line inet6 ::1/128 scope host, then your server has IPV6 disabled. In this case, we need to disable FreeSWITCH’s support for IPV6. First, edit /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml and change the line

    <param name="listen-ip" value="::"/>

to

    <param name="listen-ip" value="127.0.0.1"/>

This tells FreeSWITCH that instead of binding port 8021 to the local IPV6 address, bind to the IPV4 address 127.0.0.1. Next, execute the following two commands

$ sudo mv /opt/freeswitch/etc/freeswitch/sip_profiles/internal-ipv6.xml /opt/freeswitch/etc/freeswitch/sip_profiles/internal-ipv6.xml_
$ sudo mv /opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml /opt/freeswitch/etc/freeswitch/sip_profiles/external-ipv6.xml_

and then restart BigBlueButton with the commands

$ sudo bbb-conf --clean
$ sudo bbb-conf --check

FreeSWITCH fails to start with a SETSCHEDULER error

When running in a container (like a chroot, OpenVZ or LXC), it might not be possible for FreeSWITCH to set its CPU priority to real-time round robin. If not, it will result in lower performance compared to a non-virtualized installation.

If you running BigBlueButton in a container and an error starting FreeSWITCH, try running systemctl status freeswitch.service and see if you see the error related to SETSCHEDULER

$ systemctl status freeswitch.service
● freeswitch.service - freeswitch
   Loaded: loaded (/lib/systemd/system/freeswitch.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since Mon 2017-10-02 16:17:29 UTC; 18s ago
  Process: 10967 ExecStart=/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS (code=exited, status=214/SETSCHEDULER)
 Main PID: 3327 (code=exited, status=0/SUCCESS)

Oct 02 16:17:29 scw-9e2305 systemd[1]: Failed to start freeswitch.
Oct 02 16:17:29 scw-9e2305 systemd[1]: freeswitch.service: Unit entered failed state.
Oct 02 16:17:29 scw-9e2305 systemd[1]: freeswitch.service: Failed with result 'exit-code'.
Oct 02 16:17:29 scw-9e2305 systemd[1]: freeswitch.service: Service hold-off time over, scheduling restart.
Oct 02 16:17:29 scw-9e2305 systemd[1]: Stopped freeswitch.
Oct 02 16:17:29 scw-9e2305 systemd[1]: freeswitch.service: Start request repeated too quickly.
Oct 02 16:17:29 scw-9e2305 systemd[1]: Failed to start freeswitch.

If you see SETSCHEDULER in the error message, edit /lib/systemd/system/freeswitch.service and comment out the line containing CPUSchedulingPolicy=rr (round robin)

IOSchedulingPriority=2
#CPUSchedulingPolicy=rr
CPUSchedulingPriority=89

Save the file, run systemctl daemon-reload, and then restart BigBlueButton. FreeSWITCH should now startup without error.

Users not able to join Listen Only mode

When doing sudo bbb-conf --check, you may see the warning

voice Application failed to register with sip server

This error occurs when bbb-apps-sip isn’t able to make a SIP call to FreeSWITCH. You’ll see this in BigBlueButton when users click the headset icon and don’t join the voice conference.

One possible cause for this is you have just installed BigBlueButton, but not restarted it. The packages do not start up the BigBlueButton components in the right order. To restart BigBlueButton, do the following:

$ sudo bbb-conf --restart
$ sudo bbb-conf --check

If you don’t want FreeSWITCH to bind to 127.0.0.1, you need to figure out which IP address its using. First, determine the IP address FreeSWITCH is monitoring for incoming SIP calls with the following command:

$ netstat -ant | grep 5060

You should see an output such as

tcp        0      0 234.147.116.3:5060    0.0.0.0:*               LISTEN

In this example, FreeSWITCH is listening on IP address 234.147.116.3. The IP address on your server will be different.

Next, edit /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties and set the value for sip.server.host to the IP address returned from the above command. Save the changes (you’ll need to edit the file as root to save changes).

Restart BigBlueButton using the commands and run the built-in diagnostics checks.

$ sudo bbb-conf --clean
$ sudo bbb-conf --check

Unable to connect using fs_cli

As of BigBlueButton 2.2.18, the packaging now replaces the default ClueCon password for connecting to the FreeSWITCH command line interface (fs_cli) with a random password.

(By default, FreeSWITCH only allowed unauthenticated connections from 127.0.0.1, but it’s still good security practice to not use default passwords).

To connect to fs_cli, use the following command which supplies the password for authenticating.

/opt/freeswitch/bin/fs_cli -p $(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)

We also added /usr/local/bin/fs_clibbb with the contents

#!/bin/bash

/opt/freeswitch/bin/fs_cli -p $(xmlstarlet sel -t -m 'configuration/settings/param[@name="password"]' -v @value /opt/freeswitch/etc/freeswitch/autoload_configs/event_socket.conf.xml)

that will let you type fs_clibbb at the command prompt to get into FreeSWITCH console.

Echo test hangs upgrading BigBlueButton 2.2

The install scripts now change the default CLI password for FreeSWITCH and the other parts of BigBlueButton need to use this new password. For a new installation, the install scripts will automatically set this new password.

If you upgrade using bbb-install.sh, the script will update the FreeSWITCH password using sudo bbb-conf --setip <hostname>.

If you upgraded using manual steps, be sure to do ao sudo bbb-conf --setip <hostname> to sync all the FreeSWITCH passwords.

FreeSWITCH using default stun server

For many years, in BigBlueButton’s FreeSWITCH configuration file /opt/freeswitch/etc/freeswitch/vars.xml, the default value for external_rtp_ip was stun.freeswitch.org

  <X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.freeswitch.org"/>

However, this is not a reliable choice for stun server. Recommend either changing it to your servers external IP address or setup your own stun/turn server. For example, if your server has an external IP at 234.32.3.3

  <X-PRE-PROCESS cmd="set" data="external_rtp_ip=234.32.3.3"/>

You can add a line in /etc/bigbluebutton/bbb-conf/apply-conf.sh to always apply this value even if the FreeSWITCH package upgrades.

xmlstarlet edit --inplace --update '//X-PRE-PROCESS[@cmd="set" and starts-with(@data, "external_rtp_ip=")]/@data' --value "external_rtp_ip=234.32.3.3" /opt/freeswitch/conf/vars.xml

Note: If your server has an internal/exteral IP address, such as on AWS EC2 server, be sure to set it to the external IP address configure a dummy network interface card (see Update FreeSWITCH).

HTML5 Server

bbb-html5 fails to start with a SETSCHEDULER error

As of 2.2.31, the systemd unit file for bbb-html5.service now contains the following lines

CPUSchedulingPolicy=fifo
Nice=19

You can override this with creating the following directory

mkdir /etc/systemd/system/bbb-html5.service.d

and creating /etc/systemd/system/bbb-html5.service.d/override.conf with the following contents

[Service]
CPUSchedulingPolicy=other
Nice=-10

Then do systemctl daemon-reload and restart BigBlueButton.

Installation and packages

The following packages have unmet dependencies

When installing the latest build of BigBlueButton, the package bbb-conf now uses yq to manage YAML files.

You need to add the repository ppa:rmescandon/yq to your server. For steps on how to do this, see Update your server in the BigBlueButton 2.2 install guide.

Alternatively, if you have not made any customizations to BigBlueButton (outside of using bbb-conf), you can use bbb-install.sh to install/upgrade to the latest version (the bbb-install.sh script will automatically install the repository for yq).

No Symbolic Link

If you’ve installed/uninstalled BigBlueButton packages, you may get a No Symbolic Link warning from bbb-conf --check:

** Potential Problems **
    nginx (conf): no symbolic link in /etc/nginx/sites-enabled for bigbluebutton

To solve this, add a symbolic link to nginx for the BigBlueButton site:

$ sudo ln -s /etc/nginx/sites-available/bigbluebutton /etc/nginx/sites-enabled/bigbluebutton
$ sudo /etc/init.d/nginx restart

Package install fails with sed error

Some of the BigBlueButton packages use sed scripts to extract contents from configuration files. If the file does not exist at the time of the script’s execution, or the sed script matches multiple entries in a file (such as when a configuration line is commented out), you can see an error such as

Setting up bbb-client (1:2.0.0-374) ...
sed: -e expression #1, char 42: unterminated `s' command
dpkg: error processing package bbb-client (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of bbb-config:
 bbb-config depends on bbb-client; however:
  Package bbb-client is not configured yet.

dpkg: error processing package bbb-config (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 bbb-client
 bbb-config
E: Sub-process /usr/bin/dpkg returned an error code (1)

In the above example, the /var/lib/dpkg/info/bbb-client.postinst failed to finish. To debug, edit this file and change the first line to read

and run

$ sudo apt-get install -f

You should now see each command in bbb-conf.postinst as it executes upto the line in which the error occurs. Post this output to https://groups.google.com/forum/#!forum/bigbluebutton-setup for help in resolving the issue.

Errors with packages

Some hosting providers do not provide a complete /etc/apt/source.list. If you are finding your are unable to install a package, try replacing your /etc/apt/sources.list with the following

deb https://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
deb https://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
deb https://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse

then do

and try installing BigBlueButton again from the beginning.

WebRTC errors (1001, 1002,…)

WebRTC offers very high-quality audio. However, the user’s network settings (or firewall) may not allow WebRTC to connect (or keep connected).

Here are the following lists the possible WebRTC error messages that a user may encounter:

• 1001: WebSocket disconnected — The WebSocket had connected successfully and has now disconnected. Possible Causes:
  • Loss of internet connection
  • Nginx restarting can cause this
• 1002: Could not make a WebSocket connection — The initial WebSocket connection was unsuccessful. Possible Causes:
  • Firewall blocking ws protocol
  • Server is down or improperly configured
  • See potential solution here.
• 1003: Browser version not supported — Browser doesn’t implement the necessary WebRTC API methods. Possible Causes:
  • Out of date browser
• 1004: Failure on call — The call was attempted, but failed. Possible Causes:
  • For a full list of causes refer here
  • There are 24 different causes so I don’t really want to list all of them
  • Solution for this issue outlined here.
• 1005: Call ended unexpectedly — The call was successful, but ended without user requesting to end the session. Possible Causes:
  • Unknown
• 1006: Call timed out — The library took too long to try and connect the call. Possible Causes:
  • Previously caused by Firefox 33-beta on Mac. We’ve been unable to reproduce since release of FireFox 34
• 1007: ICE negotiation failed — The browser and FreeSWITCH try to negotiate ports to use to stream the media and that negotiation failed. Possible Causes:
  • NAT is blocking the connection
  • Firewall is blocking the UDP connection/ports
• 1008: Call transfer failed — A timeout while waiting for FreeSWITCH to transfer from the echo test to the real conference. This might be caused by a misconfiguration in FreeSWITCH, or there might be a media error and the DTMF command to transfer didn’t go through (In this case, the voice in the echo test probably didn’t work either.)
• 1009: Could not fetch STUN/TURN server information — This indicates either a BigBlueButton bug (or you’re using an unsupported new client/old server combination), but could also happen due to a network interruption.
• 1010: ICE negotiation timeout — After the call is accepted the client’s browser and the server try and negotiate a path for the audio data. In some network setups this negotiation takes an abnormally long time to fail and this timeout is set to avoid the client getting stuck.
• 1020: Media cloud could not reach the server — See how to solve this here.

Networking

Server running behind NAT

The following issue might be helpful in debugging if you run into errors and your server is behind NAT.

Could not get your microphone for a WebRTC call

Chrome requires (As of Chrome 47) that to access the user’s microphone for WebRTC your site must be serving pages via HTTPS (that is, nginx is configured with a SSL certificate).

If the user attempts to share their microphone and your BigBlueButton sever is not configured for SSL, Chrome will block access and BigBlueButton will report the following error

WebRTC Audio Failure: Detected the following WebRTC issue: Could not get your microphone for a WebRTC call. Do you want to try flash instead?

To enable Chrome to access the user’s microphone, see Configure HTTPS on BigBlueButton.

The browser is not supported

When you attempt to join a BigBlueButton session, the client looks for supported browsers before fully loading. The client gets its list of supported browsers from /usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml. You can see the list of supported browsers at the bottom. For example,

- browser: mobileSafari
  version:
    - 11
    - 1

states that Mobile Safari version 11.1 or later is supported (notice the first letter is lower case and concatenated with the remainder of the browser name).

To add a browser to the list, first find your browser’s useragent. You could use a tool like https://wtools.io/check-my-user-agent as well. For example, with the Vivaldi browser you might see

Vivaldi 2.8.1664 / Linux 0.0.0

Next, to add this as a supported browser, append to settings.yml

- browser: vivaldi
  version:
    - 2
    - 8

save the updated settings.yml file, and then restart your BigBlueButton server with sudo bbb-conf --restart. Note any browser you add must support WebRTC libraries (not all do), so be sure to check it first with https://test.webrtc.org/.

Tomcat shows “Cannot assign requested address on startup”

If your server has multiple IP addresses, Tomcat might not pick the right address to bind. This could throw an error on installation when tomcat is attempting to install.

Check /var/log/tomcat7/catalina.out for the following error

Jan 30, 2018 9:17:37 AM org.apache.catalina.core.StandardServer await
SEVERE: StandardServer.await: create[localhost:8005]:
java.net.BindException: Cannot assign requested address (Bind failed)
 at java.net.PlainSocketImpl.socketBind(Native Method)

If you see this, first ensure that there isn’t another copy of tomcat running by doing ps -aef | grep tomcat7. If you do see another copy running, try killing it and then restarting tomcat.

If you still see the same error in catalina.out, then /etc/tomcat7/server.xml and change

<Server port="8005" shutdown="SHUTDOWN">

<Server address="0.0.0.0" port="8005" shutdown="SHUTDOWN">

Restart tomcat7 again and it should start normally.

nginx not running

The common reasons for nginx not running are inability to bind to port 80 and configuration errors. To check if port 80 is already in use, use

to see if any process is currently bound to port 80. If so, check to see if another web server is installed. If so, then stop the web server and try to restart nginx. One of the server requirements before you install BigBlueButton is that port 80 is not in use by another application (such as Apache). For details on why this is a requirements, see We recommend running BigBlueButton on port 80.

If port 80 is free, check if your nginx configuration file has errors. Try a restart of nginx

$ sudo systemctl restart nginx

and look for the output of

   [ OK ]

If you see [ Fail ], then your nginx configuration files might have a syntax error. Check the syntax of the nginx configuration files using the command

and see if it reports any errors. You can also check the error.log file for nginx to see what errors it gives on startup

$ sudo cat /var/log/nginx/error.log

“Welcome to nginx”

During installation of BigBlueButton the packaging scripts attempt to assign the correct IP address during setup. However, if the IP address changes (such as when rebooting a VM), or the first IP address was not the correct IP address for the server, you may see a “Welcome to nginx” page.

To reconfigure the BigBlueButton to use the correct IP address or hostname, see BigBlueButton does not load.

bbb-web

404 Error when loading the client

BigBlueButton 2.2 requires Java 8 as the default Java. Recently, some Ubuntu 16.04 distributions have switched the default version of Java to Java 9 (or later).

Use java -version to check that the default version of 1.8.0.

~/dev$ java -version
openjdk version "1.8.0_242"
OpenJDK Runtime Environment (build 1.8.0_242-8u242-b08-0ubuntu3~16.04-b08)
OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode)

If not, do the following

sudo apt-get install openjdk-8-jre
update-alternatives --config java  # Choose java-8 as default

Run java -version and confirm it now shows the default as 1.8.0, and then restart BigBlueButton with sudo bbb-conf --restart

Blank presentation area on create or upload

If you join a meeting and the default presentation is not visible or your uploaded presentation doesn’t display, then this is most likely due to a permissions error. To solve this, ensure that /var/bigbluebutton/ is owned by bigbluebutton rather than root or any other account. See this issue for more explanation.

Unable to create presentation

If you see the following error in /var/log/bigbluebutton/bbb-web.log

  failed to map segment from shared object: Operation not permitted

use the command mount to check that the /tmp director does not have noexec permissions (which would prevent executables from running in the /tmp directory). If you see noexec for /tmp, you need to remount the directory with permissions that enable processes (such as the slide conversion) to execute in the /tmp directory.

Too many open files

On servers with greater than 8 CPU cores, bbb-web log (/var/log/bigbluebutton/bbb-web.log) may throw an error of Too many open files

Caused by: java.io.IOException: Too many open files

To resolve, create an override file that increases the number of open files for bbb-web

$  sudo mkdir -p /etc/systemd/system/bbb-web.service.d/
$  sudo cat > /etc/systemd/system/bbb-web.service.d/override.conf << HERE
[Service]
LimitNOFILE=
LimitNOFILE=8192
HERE
$  sudo systemctl daemon-reload

bbb-web takes a long time to startup

bbb-web relies on the SecureRandom class (which uses available entropy) to provide random values for its session IDs. On a virtualized server, however, the available entropy can run low and cause bbb-web to block for a long period before it finishes it’s startup sequence (see Slow startup of tomcat).

To provide bbb-web with more entropy, you can install haveged

$ sudo apt-get install haveged

For more information see How to Setup Additional Entropy for Cloud Servers Using Haveged.

Error installing bbb-web

If you get the following error during upgrade to BigBlueButton

Unpacking bbb-web (1:2.2.0-67) over (1:2.2.0-66) ...
dpkg: error processing archive /var/cache/apt/archives/bbb-web_1%3a2.2.0-67_amd64.deb (--unpack):
 trying to overwrite '/etc/bigbluebutton/nginx/web', which is also in package bbb-client 1:2.2.0-28
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/bbb-web_1%3a2.2.0-67_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)```

Then first uninstall bbb-client

$ sudo apt-get purge bbb-client

and try installing BigBlueButton again.

Other errors

Root partition too small

If the root partition on your BigBlueButton server is too small (for disk space requirements see Before you install), we recommend moving the following directories to an external partition with sufficient disk space.

BigBlueButton processing and storage of recordings:

Location of all media directories on disk available here.

To make the move, we’ll first stop BigBlueButton, then move the above directories to a new location on the external partition, create symbolic links from the original locations to the new locations, and restart BigBlueButton.

In the following example, the external partition is mounted on /mnt.

$ sudo bbb-conf --stop

$ sudo mv /var/freeswitch/meetings /mnt
$ sudo ln -s /mnt/recordings /var/freeswitch/meetings

$ sudo mv /usr/share/red5/webapps/video/streams /mnt
$ sudo ln -s /mnt/streams /usr/share/red5/webapps/video/streams

$ sudo /var/bigbluebutton /mnt
$ sudo ln -s /mnt/bigbluebutton /var/bigbluebutton

$ sudo bbb-conf --start

BigBlueButton does not load

If your has changed it’s network connection (such as on reboot), you can clean most of BigBlueButton’s configuration files with the following steps.

$ sudo bbb-conf --setip <ip_address_or_hostname>

$ sudo bbb-conf --clean
$ sudo bbb-conf --check

For more information see bbb-conf options.

Running within an LXD Container

LXD is a very powerful container system for Ubuntu lets you run full Ubuntu 16.04 servers within a container. Because you can easily clone and snapshot LXD containers, they are ideal for development and testing of BigBlueButton.

However, if you install BigBlueButton within an LXD container, you will get the following error from sudo bbb-conf --check

** Potential problems described below **

#
# Error: Unable to connect to the FreeSWITCH Event Socket Layer on port 8021

You’ll also get an error from starting FreeSWITCH with bbb-conf --restart. When you try systemctl status freeswitch.service, you’ll see an error with SETSCHEDULER.

$ sudo systemctl status freeswitch.service
● freeswitch.service - freeswitch
   Loaded: loaded (/lib/systemd/system/freeswitch.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (Result: exit-code) since Wed 2017-04-26 16:34:24 UTC; 23h ago
  Process: 7038 ExecStart=/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS (code=exited, status=214/SETSCHEDULER)

Apr 26 16:34:24 big systemd[1]: Failed to start freeswitch.
Apr 26 16:34:24 big systemd[1]: freeswitch.service: Unit entered failed state.
Apr 26 16:34:24 big systemd[1]: freeswitch.service: Failed with result 'exit-code'.
Apr 26 16:34:24 big systemd[1]: freeswitch.service: Service hold-off time over, scheduling restart.
Apr 26 16:34:24 big systemd[1]: Stopped freeswitch.
Apr 26 16:34:24 big systemd[1]: freeswitch.service: Start request repeated too quickly.
Apr 26 16:34:24 big systemd[1]: Failed to start freeswitch.

This error occurs because the default systemd unit script for FreeSWITCH tries to run with permissions not available to the LXD container. To run FreeSWITCH within an LXD container, edit /lib/systemd/system/freeswitch.service and replace with the following

[Unit]
Description=freeswitch
After=syslog.target network.target local-fs.target

[Service]
Type=forking
PIDFile=/opt/freeswitch/var/run/freeswitch/freeswitch.pid
Environment="DAEMON_OPTS=-nonat"
EnvironmentFile=-/etc/default/freeswitch
ExecStart=/opt/freeswitch/bin/freeswitch -u freeswitch -g daemon -ncwait $DAEMON_OPTS
TimeoutSec=45s
Restart=always
WorkingDirectory=/opt/freeswitch
User=freeswitch
Group=daemon

[Install]
WantedBy=multi-user.target

Then enter the following commands to load the new unit file and restart BigBlueButton.

$ sudo systemctl daemon-reload
$ sudo bbb-conf --restart

You can run BigBlueButton within a LXD container.

Unable to connect to redis

The packages bbb-apps-akka, bbb-fsesl-akka, and bbb-transcode-akka are packaged by sbt, but they need to have redis-server running before they startup. If sudo bbb-conf --debug shows redis connection errors

Sep 22 15:32:12 sv21 bbb-apps-akka[7804]: Exception in thread "main" io.lettuce.core.RedisConnectionException: Unable to connect to 127.0.0.1:6379
Sep 22 15:32:12 sv21 bbb-apps-akka[7804]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:78)
Sep 22 15:32:12 sv21 bbb-apps-akka[7804]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:56)
Sep 22 15:32:12 sv21 bbb-apps-akka[7804]: Caused by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: /127.0.0.1:6379
Sep 22 15:32:12 sv21 bbb-apps-akka[7804]: Caused by: java.net.ConnectException: Connection refused
Sep 22 15:32:12 sv21 bbb-fsesl-akka[7893]: Exception in thread "main" io.lettuce.core.RedisConnectionException: Unable to connect to 127.0.0.1:6379
Sep 22 15:32:12 sv21 bbb-fsesl-akka[7893]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:78)
Sep 22 15:32:12 sv21 bbb-fsesl-akka[7893]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:56)
Sep 22 15:32:12 sv21 bbb-fsesl-akka[7893]: Caused by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: /127.0.0.1:6379
Sep 22 15:32:12 sv21 bbb-fsesl-akka[7893]: Caused by: java.net.ConnectException: Connection refused
Sep 22 15:32:13 sv21 bbb-transcode-akka[8001]: Exception in thread "main" io.lettuce.core.RedisConnectionException: Unable to connect to 127.0.0.1:6379
Sep 22 15:32:13 sv21 bbb-transcode-akka[8001]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:78)
Sep 22 15:32:13 sv21 bbb-transcode-akka[8001]: #011at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:56)
Sep 22 15:32:13 sv21 bbb-transcode-akka[8001]: Caused by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: /127.0.0.1:6379
Sep 22 15:32:13 sv21 bbb-transcode-akka[8001]: Caused by: java.net.ConnectException: Connection refused

you can add overrides for these three packages to ensure they start after redis.server. Run the following script.

#!/bin/bash

mkdir -p /etc/systemd/system/bbb-apps-akka.service.d
cat > /etc/systemd/system/bbb-apps-akka.service.d/override.conf <<HERE
[Unit]
Requires=redis-server.service
After=redis-server.service
HERE

mkdir -p /etc/systemd/system/bbb-fsesl-akka.service.d
cat > /etc/systemd/system/bbb-fsesl-akka.service.d/override.conf <<HERE
[Unit]
Requires=redis-server.service
After=redis-server.service
HERE


mkdir -p /etc/systemd/system/bbb-transcode-akka.service.d
cat > /etc/systemd/system/bbb-transcode-akka.service.d/override.conf <<HERE
[Unit]
Requires=redis-server.service
After=redis-server.service
HERE

The script bbb-install now creates these overrides by default.

500 Internal Server Error

It is most likely an error on GreenLight. Check the log file according to Troubleshooting Greenlight.

If this error occurrs on just a small number of PCs accessing a BigBlueButton server within a LAN through a proxy server and you find the description “Error::Unsafe Host Error (x.x.x.x is not a safe host)” (where x.x.x.x is an IP address) in the log file, check if the “Don’t use the proxy server for local (intranet) addresses” (in the Windows proxy setting) is ticked.

Legacy errors

Conference not found errors

The command sudo bbb-conf --debug searches through the red5, tomcat7, and nginx logs looking for errors and exceptions. However, the messages such as

    -- ERRORS found in /usr/share/red5/log/* --
/usr/share/red5/log/bigbluebutton.log:2015-05-02 13:50:37,681-04:00 [pool-17-thread-1] ERROR o.b.w.v.f.a.PopulateRoomCommand - Not XML: [Conference 78505 not found]

are innocuous and can be ignored.

Выбор инструмента

Самый простой и функциональный — интегрированный в  moodle, но он не выдерживает поток всех желающих. Для трансляции лекций лучше всего подходят VK и Youtube — можно показывать свою трансляцию неограниченному количеству пользователей, обратная связь в виде чата. Для семинарских занятий, когда нужно иметь возможность участвовать голосом всем — skype, zoom, discord.

Во всех случаях с использованием сервисов, разрешающих подключаться просто по ссылке могут быть проблемы с появлением спамеров с рекламой или попытками анонимно сорвать занятия. Для VK и Youtube это захламляет чат, для остальных сервисов может привести к полному срыву занятия. Решение только одно — по возможности скрывать ссылку для подключения, чтобы она не утекала в открытый доступ. И оперативно блочить возмутителей спокойствия, это позволяют все сервисы.

Интегрированная система веб конференций BigBlueButton

BBB подошла к пределу по обслуживаемым пользователям и может не всегда корректно работать Постараемся расширить ресурсы сервера, но стоит попробовать другие сервисы.

Для трансляции лекций и проведения вебинаров существует элемент «Видеоконференция BigBlueButton». Она позволяет провести трансляцию презентации преподавателя с озвучиванием и при необходимости добавить к ним видео или трансляцию экрана компьютера преподавателя. Подробные инструкции по работе с этим модулем расположены тут.

Есть режим записи, но я не могу гарантировать хранение записей более недели. Решение ищем, скорее всего получится расширить сроки хотя бы до двух недель.

Появление ошибки 1007 ICE negotiation failed означает наличие в сети, откуда подключаются студенты каких-то ограничений на передачу данных. Пока решение только одно — переход к другому провайдеру. Будем искать решение, но на это уйдёт какое-то время. Точно есть проблемы с доступом к конференциям из wifi сети ФКН.

Гарантированно поддерживается работа видеоконференций через Google Chrome и FireFox (в том числе ESR версия). Были жалобы на отказ работать в Яндекс браузере, скорее всего аналогичные проблемы могут быть в Опере и Амиго.

Zoom

Одним из сторонних сервисов для проведения вебинаров является zoom. У него есть ограничение на 100 участников и 40 минут длительности вебинара. Но у него есть возможность записать вебинар локально на компьютере преподавателя и потом отправить получившуюся запись на youtube или в облачный сервис. Для подключения к вебинару в zoom не нужно регистрироваться, достаточно установить клиент и знать номер встречи.

Работа с этим сервисом описана на сайте разработчика.

Самый близкий аналог BBB. Есть нарекания на стабильность работы из-за слишком большой нагрузки на бесплатную версию. Кто-то рассказывает про проблемы с безопасность, но подтверждений этому от технических специалистов пока не было.

Skype

Можно проводить собрания в Skype. Он не имеет ограничения на длительность записи, но ограничен 50 участниками. Для участия не обязательно устанавливать клиент skype, можно подключиться к встрече с помощью веб браузеров Google Chrome или MS Edge. Ведущий может провести запись встречи, загрузить её на youtube или облачное хранилище и предоставить ссылку в курсе. В записе не виден чат, только веб камеры и голос ведущего. Вместе с камерой можно проводить трансляцию экрана, что позволяет демонстрировать презентацию или работу в каком-либо программном обеспечении. Для начала записи необходимо чтобы кроме преподавателя хоть кто-то ещё присоединился с включенным микрофоном.

Трансляция через сервисы потокового вещания

Youtube

С ПК можно транслировать вебкамеру и голос напрямую из браузера. Для мобильных устройств есть отдельное приложение (пока не тестировал). Если хочется транслировать рабочий стол, нужно пользоваться Open Broadcasting Studio или XSplit, что сложнее в настройках. Но в этом случае функционал трансляции не зависит от платформы, только от используемой для стрима программы.

Аккуратней с попадающими в кадр изображениями. Мой вебинар прервали, когда я отхлебнул из кружки с красивой картинкой (после аппеляции предупреждение сняли, но всё равно неприятно). Риск будет со всеми известными персонажами и, возможно, логотипами.

Для общения с аудиторией участники должны зарегистрироваться на youtube. Или использовать сторонние сервисы.

VK

Есть возможность транслировать с мобильных устройств из официального приложения. Инструкция тут. С ПК можно проводить трансляции с помощью спец софта, как Youtube (Open Broadcasting Studio или XSplit). Официальная инструкция. И так же функционал трансляции будет определяться функционалом ПО, а не платформы.

Для общения с аудиторией участники должны зарегистрироваться на VK. Или использовать сторонние сервисы.

Прочее

Twich (трансляция через OBS), Google hangouts meet (требует учётку, полученную через подписку ФКН, голосовое общение и трансляция экрана), Discord (голосовое общение в группе, видеоконференция на всех участников, трансляция экрана)

Describe the bug
After update BBB to 2.3.14, Audio connection (echo test) failed with ICE 1007 error when you join the meeting.
It happens when you use Firefox and with configuration media.peerconnection.ice.default_address_only=true

It worked all fine with production instance which is BBB 2.3.12.

Probably root cause is Freeswitch only returns local IP for ICE candidate.
In case of production (BBB 2.3.12), it return global IP which we set in external_rtp_ip and external_sip_ip

To Reproduce
Steps to reproduce the behavior:

1. Join the meeting (In my case via greenlight)
2. Connect with audio
3. Echo test loading dialog shows up…
4. See error ICE 1007 after a while

Expected behavior
Audio should be connected

Actual behavior
Audio is not connected

Screenshots

Desktop (please complete the following information):

• OS: Ubuntu 18.04
• Browser Firefox
• Version 92.0

Additional context

This is webrtc log on Firefox.

Local SDP (Offer)
v=0
o=mozilla…THIS_IS_SDPARTA-92.0 3009965923707785404 0 IN IP4 0.0.0.0
s=-
t=0 0
a=sendrecv
a=fingerprint:sha-256 13:F7:24:90:33:E7:05:E3:8C:5E:60:B5:A8:94:E7:A6:F0:D6:43:91:FE:E9:F6:33:BC:16:12:22:92:BF:C5:CB
a=group:BUNDLE 0
a=ice-options:trickle
a=msid-semantic:WMS *
m=audio 8127 UDP/TLS/RTP/SAVPF 109 9 0 8 101
c=IN IP4 49.224.76.59
a=candidate:0 1 UDP 2122252543 192.168.43.228 51814 typ host
a=candidate:3 1 TCP 2105524479 192.168.43.228 9 typ host tcptype active
a=candidate:0 2 UDP 2122252542 192.168.43.228 48622 typ host
a=candidate:3 2 TCP 2105524478 192.168.43.228 9 typ host tcptype active
a=candidate:2 1 UDP 1686052351 49.224.76.xxx 8127 typ srflx raddr 192.168.43.228 rport 51814
a=candidate:2 2 UDP 1686052350 49.224.76.xxx 7600 typ srflx raddr 192.168.43.228 rport 48622
a=candidate:1 2 UDP 1686052862 49.224.76.xxx 7600 typ srflx raddr 192.168.43.228 rport 48622
a=candidate:1 1 UDP 1686052863 49.224.76.xxx 8127 typ srflx raddr 192.168.43.228 rport 51814
a=sendrecv
a=end-of-candidates
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:2/recvonly urn:ietf:params:rtp-hdrext:csrc-audio-level
a=extmap:3 urn:ietf:params:rtp-hdrext:sdes:mid
a=fmtp:109 maxplaybackrate=48000;stereo=1;useinbandfec=1
a=fmtp:101 0-15
a=ice-pwd:6a4a76e65c139e8da84bc09ba72da53e
a=ice-ufrag:abb1c147
a=mid:0
a=msid:{28bc3f21-f520-4f2b-888e-e19effd6762f} {7d78e67d-db6d-43c0-9d41-4d23fbcfe3c9}
a=rtcp:7600 IN IP4 49.224.76.xxx
a=rtcp-mux
a=rtpmap:109 opus/48000/2
a=rtpmap:9 G722/8000/1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=setup:actpass
a=ssrc:1318058115 cname:{1cff6574-b589-46c4-aa7d-620809bcdb68}

Remote SDP (Answer)

v=0
o=FreeSWITCH 1632351665 1632351666 IN IP4 10.15.8.xxx
s=-
t=0 0
a=sendrecv
a=msid-semantic:WMS tcrl2iXNBy4eC8uDD9swM2fxq23agWkz
m=audio 23506 UDP/TLS/RTP/SAVPF 109 101
c=IN IP4 10.15.8.xxx
a=candidate:3188503252 1 udp 2130706431 10.15.8.xxx 23506 typ host generation 0
a=sendrecv
a=end-of-candidates
a=fingerprint:sha-256 05:0A:6C:1E:32:E7:A6:49:38:56:A3:93:44:8A:F5:66:C9:69:FE:5B:47:EC:31:86:85:E3:A3:D8:64:F9:08:7C
a=fmtp:109 maxplaybackrate=0;stereo=1;useinbandfec=1
a=ice-pwd:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
a=ice-ufrag:Acfc4kAldtmkgwK5
a=ptime:20
a=rtcp:23506 IN IP4 10.15.8.xxx
a=rtcp-mux
a=rtpmap:109 opus/48000/2
a=rtpmap:101 telephone-event/8000
a=setup:active
a=ssrc:4115712315 cname:ZCLRKzvbYqgqpAUT
a=ssrc:4115712315 msid:tcrl2iXNBy4eC8uDD9swM2fxq23agWkz a0
a=ssrc:4115712315 mslabel:tcrl2iXNBy4eC8uDD9swM2fxq23agWkz
a=ssrc:4115712315 label:tcrl2iXNBy4eC8uDD9swM2fxq23agWkza0