ODKX: Minimum requirements for android version and sync endpoint

Hi all.

Are there any requirement for the android version of the devices running the ODK-X tools?

I'm not able to login on to my sync-endpoint with any tablets running android 5.0 (Lenovo TAB 2 A7-10F and Lenovo TAB 3 Essential).
On other (newer) devices I have no problem.

I'm however able to connect the tablets to aggregate.

The error displayed:
Authentication error.
Please verify your username/password or your account access.

The log file:
E/ProcessAppAndTableLevelChanges: 2019-07-15 10:13:21.819 [verifyServerConfiguration] exception obtaining user roles exception: org.opendatakit.services.sync.service.exceptions.AccessDeniedException: Unexpected server response statusCode: 401

Hi @Andreas! We were just talking about this today on the community call. Current Android version is 4.2 -- but it sounds like you are having trouble with sync-endpoint on multiple tablets running 5.0. Thanks for the details in the log file -- @linl33 or @W_Brunette any ideas?

Have you created any users through the LDAP UI?

https://docs.opendatakit.org/odk-x/sync-endpoint/#ldap

1 Like

Yes, many different users and user roles are set up.

Apart from the two tablet models mentioned previously, I'm able to log in and sync on multiple other devices.
Other devices includes mobiles and other tablets. They are however all running newer android versions, hence my interest in possible minimum requirements.

1 Like

Hello,

I seem to experience a similar problem.

I have set up a new sync endpoint instance. (I had to use a sync-endpoint docker image that I built a couple of months ago, because there seems to be a problem with the the current code base? I will try to reproduce that particular problem and report it in a separate issue, but in relation to this issue, it suffice to say, I finally got it working by using the older sync-endpoint image. The rest of the docker images are built from the current code base).

I have several devices (phones and tablets of various brands) running different versions of Android (version 6 and 9). For the most part it works fine when I connect ODK Services to the sync endpoint, but a couple of the tablets have some issues. One of them a relatively high-end Samsung tablet running android version 9, that fails to connect/authenticate as well as a budget Lenovo tablet running Android version 6 that has the same problem... In other words - it doesn't necessarily has to do with the android version.

I have inspected the nginx-logs, to see what was going on.
When it works, the logs say:

10.255.0.2 - - [26/Jul/2019:11:58:06 +0000] "GET /odktables/ HTTP/1.1" 401 1111 "-" "Sync 232 (gzip)" "109.59.201.156"
10.255.0.2 - myusername [26/Jul/2019:11:58:06 +0000] "GET /odktables/ HTTP/1.1" 200 31 "-" "Sync 232 (gzip)" "109.59.201.156"
10.255.0.2 - myusername [26/Jul/2019:11:58:06 +0000] "GET /odktables/default/privilegesInfo HTTP/1.1" 200 193 "-" "Sync 232 (gzip)" "109.59.201.156"

When it doesn't work there is only one entry in nginx log - with the difference of the last segment containing just a "-", where it otherwise contains an IP address when it works (is that "$http_x_forwarded_for" or something else, idk?):

10.255.0.2 - - [26/Jul/2019:11:58:29 +0000] "GET /odktables/ HTTP/1.1" 401 1111 "-" "Sync 232 (gzip)" "-"

... and the android tablet shows an error toast: "Authentication Error. Please verify your username/password or your account access.".
The logfile generated on the device by ODK Services contains the following:

---- flushing ----
I/IOdkSyncServiceInterfaceImpl: 2019-07-26 11:58:21.773 SERVICE INTERFACE: getSyncResult WITH appName:default
I/SyncProgressTracker: 2019-07-26 11:58:26.732 Update SYNC Notification -default TEXT:Starting sync… PROG:0
I/AppSynchronizer: 2019-07-26 11:58:26.733 APPNAME IN SERVICE: default
I/AppSynchronizer: 2019-07-26 11:58:26.733 [SyncThread] begin VERIFYING timestamp: 1564142306733
I/PropertiesSingleton: 2019-07-26 11:58:26.769 readProperties(false)
E/HttpRestProtocolWrapper: 2019-07-26 11:58:26.801 AggregateUri:http://myhostname.westeurope.cloudapp.azure.com
D/HttpRestProtocolWrapper: 2019-07-26 11:58:26.801 normalizeUri: http://myhostname.westeurope.cloudapp.azure.com/
E/HttpRestProtocolWrapper: 2019-07-26 11:58:26.802 baseUri:http://myhostname.westeurope.cloudapp.azure.com/
D/HttpRestProtocolWrapper: 2019-07-26 11:58:26.806 normalizeUri: http://myhostname.westeurope.cloudapp.azure.com/
I/HttpRestProtocolWrapper: 2019-07-26 11:58:26.807 adding credential for host: myhostname.westeurope.cloudapp.azure.com username:myusername
I/ProcessAppAndTableLevelChanges: 2019-07-26 11:58:26.811 entered verifyServerConfiguration()
I/SyncProgressTracker: 2019-07-26 11:58:26.831 Update SYNC Notification -default TEXT:Verifying server supports this user application name. PROG:0
D/HttpRestProtocolWrapper: 2019-07-26 11:58:26.831 normalizeUri: http://myhostname.westeurope.cloudapp.azure.com/odktables/
I/HttpRestProtocolWrapper: 2019-07-26 11:58:26.832 buildBasicRequest: agg_uri is http://myhostname.westeurope.cloudapp.azure.com/odktables/
E/HttpRestProtocolWrapper: 2019-07-26 11:58:27.087 Unexpected server response statusCode: 401
E/ProcessAppAndTableLevelChanges: 2019-07-26 11:58:27.089 [verifyServerConfiguration] exception verifying support of appName exception: org.opendatakit.services.sync.service.exceptions.AccessDeniedException: Unexpected server response statusCode: 401
I/AppSynchronizer: 2019-07-26 11:58:27.090 [SyncThread] work completed (begin SyncStatus determination) timestamp: 1564142307090
E/SyncProgressTracker: 2019-07-26 11:58:27.104 FINAL SYNC Notification -default TEXT:Authentication Error.
Please verify your username/password or your account access.

Then a very unsatisfying and strange thing occurred; simply entering the server configuration in ODK Services again (by scanning the same QR code as before) made it work.

My suspicion is that there is something preventing the device from sending a correct http request? Or that it somehow doesn't answer the auth. challenge that nginx answers with? Could ODK Services (or the underlying android subsystems) somehow have cached something so that it doesn't send a fresh http request? (ODK Services seem to have some issues regarding state, where it "remembers" some things from previous connection attempts, but I have tried resetting it, clearing it's data, deleting the opendatakit-folder and even re-installing it, but the problem seems to persist (until it magically disappeared on one of the tablets, that is ;-)))

On the couple of phones that I have connected, I have not seen this issue.

I am by no means an expert of this, and I seem to have exhausted my ideas for resolving this problem on my own, so any help would be greatly appreciated.

EDIT:
Notice that the hostnames in the logs have been replaced. If anyone wants access to inspect the sync endpoint please don't hesitate to send me a pm.

EDIT 2:
Further exploration returned this error (when trying to connect to the server using a cloudflare proxy and https://)

/emil

Hi Emil,

In terms of the Android log, the error:

Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb4bc5800: Failure in SSL library routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

means that the device is trying to use SSLv3 and your Cloudflare proxy is not allowing SSLv3 traffic. We have seen this on older devices, but not on our Nexus 6 devices with Android 6 or 7. What Android OS produced the error message I mentioned above? Typically, upgrading the device so that it uses TLS fixes the issue.

2 Likes