QuickFIX/n - Initiator repeatedly throw errors during Logon phase

Question

I am using the trade client application on this link below to make connection between one of my VPS server and brokers server.

http://www.quickfixn.org/tutorial/example-applications .

After one week of struggle, I been able to make a connection to the broker's server finally in loosely speaking.

However, when I run the trade client application, at logon stage I am getting this errors:

Unable to write data to the transport connection: An existing connection was forcibly   closed by the remote host

at QuickFix.SocketInitiatorThread.ReadSome(Byte[] buffer, Int32 timeoutMilliseconds) 
in ... SoecketInitiatorThread.cs:line 170 ......

at QuickFix.SocketInitiatorThread.Read() in ... SoecketInitiatorThread.cs:line 80
......

The trade client application is keeping repeating the logon attempt, however, it keeps getting the same error message only.

Of course, with newbie like me on this QuickFix/n engine, I am really unable to figure out what went wrong. One possible area of investigation I can think of is that my stunnel certificate may be invalid as I am also very new to stunnel program (https://www.stunnel.org). I only followed the instruction from website to configure pem certificate with broker's ip address but I am not 100% sure about its purpose though.

Here is what I put on the "stunnel.conf" file:

[FIXORDER]
client = yes
accept = external ip of VPS : port   eg.(10.160.103.65:22)
connect = broker ip address :port  eg.(102.12.124.9:444)

Here is some record of logged message from stunnel program:

2014.11.26 17:23:44 LOG5[3348]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2014.11.26 17:23:48 LOG5[760]: Service [FIXORDER] accepted connection from x.xx.xx.xxx:xx
2014.11.26 17:23:48 LOG5[760]: s_connect: connected xxx.x.xx.xxx:xxx
2014.11.26 17:23:48 LOG5[760]: Service [FIXORDER] connected remote server from x.xx.xxx.xxx:xxx
2014.11.26 17:23:48 LOG3[760]: SSL_connect: Peer suddenly disconnected
2014.11.26 17:23:48 LOG5[760]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

I built certificate using above "stunnel.conf" file using built in self certificate application.

As you see, it is kind of complicated for newbie like me, any thought or tips on this problem will be really appreciated.

Thanks so much in advance.

Kind regards.

M

================================================================================== Updated on 27/11/2014

Here I am updating my error log from Stunnel log file after I set debug verbose high taking the suggestion from xapi1492.

2014.11.27 01:10:46 LOG7[944]: Service [FIXORDER] started
2014.11.27 01:10:46 LOG5[944]: Service [FIXORDER] accepted connection from x.xxx.xxx.xxx:3667
2014.11.27 01:10:46 LOG6[944]: s_connect: connecting xx.x.xx.xx:9002
2014.11.27 01:10:46 LOG7[944]: s_connect: s_poll_wait xx.x.xx.102:9002: waiting 10 seconds
2014.11.27 01:10:46 LOG5[944]: s_connect: connected xx.x.xx.xx:9002
2014.11.27 01:10:46 LOG5[944]: Service [FIXORDER] connected remote server from x.xxx.xxx.xxx:3668
2014.11.27 01:10:46 LOG7[944]: Remote socket (FD=392) initialized
2014.11.27 01:10:46 LOG6[944]: SNI: sending servername: xxx.x.xx.xx
2014.11.27 01:10:46 LOG7[944]: SSL state (connect): before/connect initialization
2014.11.27 01:10:46 LOG7[944]: SSL state (connect): SSLv2/v3 write client hello A
2014.11.27 01:10:46 LOG3[944]: SSL_connect: Peer suddenly disconnected
2014.11.27 01:10:46 LOG5[944]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2014.11.27 01:10:46 LOG7[944]: Remote socket (FD=392) closed
2014.11.27 01:10:46 LOG7[944]: Local socket (FD=380) closed
2014.11.27 01:10:46 LOG7[944]: Service [FIXORDER] finished (0 left)

================================================================================== Updated on 28/11/2014

Still having difficult to find answer, so I decided to provide my config file for QuickFix client application.

[DEFAULT]
ConnectionType=initiator
ReconnectInterval=2
FileStorePath=store
FileLogPath=fixlog
StartTime=00:00:00
EndTime=00:00:00
UseDataDictionary=Y
DataDictionary=FIX44.xml
SocketConnectHost= xxx //my vps ip address
SocketConnectPort= xxx //my vps port //specified on stunnel
ResetOnLogon=Y
ResetOnLogout=Y
ResetOnDisconnect=Y
CheckLatency=N
LogonTimeout=10


# standard config elements

[SESSION]
BeginString=FIX.4.4
SenderCompID= xxx   //my ID
Username= xxx       //my username
Password= xxx       //my password
TargetCompID=FIXORDER
HeartBtInt=30
SocketConnectHost= xxx  //my vps ip address
SocketConnectPort= xxx  //my vps port //specified on stunnel
DataDictionary=FIX44.xml

================================================================================== Updated on 28/11/2014

Taking suggestion from xpa1492, I put Borker's IP address and port number on SocketConnectHost and SocketConnectPort. Here is the log message I am getting from my QuickFix Client Application. It seems that initial connection is made but maybe logon request is not valid somehow.

<event> connecting to xxx (ip address of broker); 
<event> connection succeeded; 
<event> session reset: ResetOnLogon; 
<event> session reset ResetSetNumFlag; 
<outgoing> 8=Fix4.4 ...... ; 
<event> initiated logon request; 
<incoming> 8=FIX4.4 .....; 
<event> received logout request; 
<outgoing> 8=FIX4.4 .....; 
<event> sending logout response;

Details of incoming message from brokers when they send logout request.

<incoming> 8=FIX4.4   9=63   35=5   34=1  49=FIXORDER   52=20141128-02:09:00.495   56=TargetCompID(from acceptor standing point of view=SenderID for me)   10=171

xpa1492 · Answer 1 · 2014-11-27T02:23:18.667

5

It is very common for FIX servers to drop connections when they don't like something about your first message (which is always the logon message). Based on the error you are getting, this is exactly what is happening - you connect to the server, send the Logon message and then the server drops the connection.

The right way to solve the issue is to contact tech support on the other end and ask them why they are dropping the connection.

If this is not feasible, you will need to experiment with what might be wrong. In my experience, the problem is often a mismatch in the sequence numbers (tag 34). Most servers would maintain the last sequence number you sent (say 1) and after a disconnect would expect you to send your Logon message with the next number (2 in this example). Try starting from 1 and incrementing the seq number between reconnects.

Another possible issue is wrong CompIDs (Sender or Targer).

UPDATE (sTunnel and SSL certificate setup):

It is possible that the server drops the connection because you are not connecting over SSL... You stunnel.conf file needs to look like this:

; Enable debug (7 is the most verbose output)
debug = 7
output = stunnel.log

[FIXORDER]
client = yes
accept = 127.0.0.1:[port number your client connects to]
connect = [fix server ip]:[fix server port]
cert =  xxx_cert.pem
key = xxx_key.pem

Note that accept can be 127.0.0.1 or the IP of your VPS server, but 127.0.0.1 is the preferred choice. Your Fix client can then also just connect to 127.0.0.1 (where sTunnel listens).

edited Nov 27 '14 at 02:23

answered Nov 27 '14 at 00:38

xpa1492

1,953
1
10
19

I edited my questions by adding some recorded message on log file of stunnel program. Hopefully question itself is more clear now. – auto9817 Nov 27 '14 at 01:32
Really thanks for update good answer. just curious if we can randomly assign this [port number your client connects to] ? Do I have to use a scanner to find free port in first place ? Also where can I get xxx_cert.pem and xxx_key.pem ? I searched stunnel folder but there was 3 other pem files but not the one for FIXORDER. – auto9817 Nov 27 '14 at 02:53
If the server requires SSL, then they will need to give you the right key and certificate to use. If they have not (which is usually the case for QA/UAT environments), then you probably do not need SSL. You can use any port you want (as long as it is not used by any other application). It is generally accepted that ports up to 1024 are reserved, so you should use something above 1024 (where conflicts are very rare). – xpa1492 Nov 27 '14 at 03:45
Again excellent, so clear. My brokers did not provide me key and certificate to use at the beginning. Therefore, I am assuming that I will need to SSL. Then it is still difficult to see where this "cert = xxx_cert.pem" and "key = xxx_key.pem" come from. In my stunnel folder, I have only peer-gmail-imap.pem and peer-gmail-pop3.pem and stunnel.pem. I opened these files in notepad and they are all encrypted code which is difficult to read. How can I make the xxx_cert.pem and xxx_key.pem for the [FIXORDER] on my question? Again really appreciated your help. :) – auto9817 Nov 27 '14 at 09:03
I also added some log message from my latest Stunnel log file after I put "debug = 7" and "output = stunnel.log" on my config file. I hope this can solve my problem now. The sudden disconnection from server happen after SSL state (connect): SSLv2/v3 write client hello A. It is really messy and difficult to understand for non network IT guy like me. :) :) – auto9817 Nov 27 '14 at 09:20
If you have not been given a client certificate, then chances are you do not need one (there is a good explanation about the way all of this works in the Authentication section here: https://www.stunnel.org/howto.html). In that case, just remove (or comment out) the FIXORDER `cert` and `key` lines. Based on your stunnel log, you are disconnected before you even send the Logon message (so not a sequence or id issue). A couple of things to try (in the next comment :)))... – xpa1492 Nov 28 '14 at 00:53
1) try connecting without the `cert` and `key` line (I guess you already did that, but still); 2) try connecting directly to the FIX server from your app (that is, bypass stunnel and point you FIX client to connect to [server ip]:[server port]. If you are still getting disconnected, you might need to get in touch with the other side. You may need a client certificate after all, or they may be filtering connections based on the source IP and may need to whitelist your IP (most banks do this, especially in production environments). – xpa1492 Nov 28 '14 at 00:56
Hi xpa1492. I added my config file for my Fix client application for clarity on my question. Are you serious that my QuickFix application can get connected to brokers's server without stunnel? If that is the case, I should be able to point out broker's ip address and port number in my Fix Configuration file. However, QuickFix does not have such a label (variable) for initiator (client). Can you share if there is some claver ideas of doing that ? Kind regards. – auto9817 Nov 28 '14 at 01:33
Also my IP address was cleared by brokers and so it is already on whitelisted on their end. – auto9817 Nov 28 '14 at 01:36
Some QA environments will let you connect directly without encryption. Simply put the FIX server IP and port values in `SocketConnectHost` and `SocketConnectPort`. You will definitely be able to connect, but if the server expects SSL, it will drop the connection immediately. Btw, `TargetCompID=FIXORDER` does not look right - the TargetCompID is usually some abbreviation of the bank/broker on the other end :) – xpa1492 Nov 28 '14 at 01:55
When I enter brokers IP address and port number on SocketConnectHost and SocketConnectPort. My Client Fix application did something. Here is directly log message from the application. – auto9817 Nov 28 '14 at 02:08
connecting to xxx; connection succeeded; session reset: ResetOnLogon; session reset ResetSetNumFlag; 8=Fix4.4 ...... ; initiated logon request; 8=FIX4.4 .....; received logout request; 8=FIX4.4 .....; sending logout response; – auto9817 Nov 28 '14 at 02:15
We are on the right track. The server does not expect SSL encyrption at all (so no need to stunnel :)). I guess the Logout request (msgtype=5) did not contain any plain text with a reason (otherwise you would have posted it :))? So now we are back to figuring out what the server does not like. Look through any communication with the broker to see if they gave you a TargetCompID (normally you will get it together with the IP,port,SenderCompID, user and password values they provide you). – xpa1492 Nov 28 '14 at 02:33
This is brilliant news because I found configuration stunnel config file was kind of pain because I have to keep repeating start and stop service. :) :) – auto9817 Nov 28 '14 at 02:37
Here is the incoming message from brokers: 8=FIX4.4 9=63 35=5 34=1 49=FIXORDER 52=20141128-02:09:00.495 56=TargetCompID(from acceptor standing point of view=SenderID for me) 10=171 – auto9817 Nov 28 '14 at 02:44
Then FIXORDER is correct for TargetCompID. The only issues I can think of are the server not liking the 1) SenderCompID, user or password; 2) the FIX version (possible) or 3) the time of the day you are trying to connect :) – xpa1492 Nov 28 '14 at 02:47
As you suspect, there is not too much clue from their incoming message. You are right. They send me TargetCompID, IP,port,SenderCompID, etc together. However, it was clearly FIXORDER for the first TargetCompID and FIXPRICE for the second TargetCompID. Double and triple checked. It can't be wrong unless they made mistake of giving me wrong TargetCompID. :) :) – auto9817 Nov 28 '14 at 02:51
Whether I use FIXPRICE or FIXORDER, I get the same results. I just get logout request from their server. :) – auto9817 Nov 28 '14 at 02:52
I see. Let me double check those values again in my FIX configuration file. :) – auto9817 Nov 28 '14 at 02:54

QuickFIX/n - Initiator repeatedly throw errors during Logon phase

1 Answers1

Linked