Stuck on "syncing" after closing and reopening

[iz4tow]

Steps to reproduce

1. Login to a private server with private CA
2. Send some messages
3. Close app
4. Open app
5. Stuck on syncing....I can't send or receive messages or calls

Reboot phone does not solve the problem. I have to logout and login again

Outcome

What did you expect?

I'm expecting the app will work after closing and reipening

What happened instead?

The app is not working

Your phone model

IPhone 13

Operating system version

IOS 16

Application version

1.9.7

Homeserver

Private

Will you send logs?

No

[iz4tow]

I tried also on iphone 14 with 1.9.8, same issue. Instead on iphone 7 is working

[iz4tow]

Any update? Thx

[ismailgulek]

Is this issue still visible?

[iz4tow]

Yes

[iz4tow]

I think the issue is related to iOS 16, because on a non updated iphone was working. After system upgrade to 16.x....same issue

[iz4tow]

Any update?

[iz4tow]

Any news? The issue is very annoying for private servers

[ksofix]

Looks like https://github.com/vector-im/element-ios/issues/6315 issue.

[pixlwave]

@iz4tow @ksofix @aeroxs17 Could you confirm, do you all have the Refresh Tokens feature enabled on your homeservers?

[iz4tow]

How can I check? Thanks

[ksofix]

@pixlwave I have the Refresh Tokens feature disabled on my homeserver. All configuration options related to Refresh Tokens are commented out. But i have enabled Message retention policies and some rooms are completely empty.

Here is my homeserver yaml config file:

```yaml modules: [] server_name: "*" pid_file: /home/user/synapse/homeserver.pid public_baseurl: https://*/ presence: enabled: false require_auth_for_profile_requests: true limit_profile_requests_to_users_who_share_rooms: false include_profile_data_on_invite: true allow_public_rooms_without_auth: false allow_public_rooms_over_federation: false filter_timeline_limit: 5000 enable_search: false listeners: - port: 8008 tls: false type: http x_forwarded: true bind_addresses: ['127.0.0.1'] resources: - names: [client] compress: false require_membership_for_aliases: true allow_per_room_profiles: false redaction_retention_period: 1m user_ips_max_age: 4m request_token_inhibit_3pid_errors: true next_link_domain_whitelist: [] retention: enabled: true default_policy: min_lifetime: 1d max_lifetime: 4w purge_jobs: - longest_max_lifetime: 3d interval: 12h - shortest_max_lifetime: 3d interval: 1d federation_domain_whitelist: [] federation_metrics_domains: [] allow_profile_lookup_over_federation: false allow_device_name_lookup_over_federation: false database: name: psycopg2 args: user: * password: * database: * host: 127.0.0.1 port: 5432 cp_min: 5 cp_max: 10 log_config: "/home/user/synapse/*.log.config" media_store_path: "/home/user/synapse/media_store" max_upload_size: 100M max_image_pixels: 32M dynamic_thumbnails: false url_preview_enabled: false url_preview_accept_language: [] turn_uris: ["turn:*", "turn:*?transport=udp"] turn_shared_secret: "*" turn_user_lifetime: 1h turn_allow_guests: false enable_registration: false disable_msisdn_registration: true enable_3pid_lookup: false allow_guest_access: false account_threepid_delegates: {} report_stats: false form_secret: "*" signing_key_path: "/home/user/synapse/*.signing.key" trusted_key_servers: [] push: include_content: false user_directory: enabled: false enable_room_list_search: false redis: enabled: false ```

[aeroxs17]

@pixlwave It was unchanged from default state - referenced options were commented out Changing session_lifetime; refreshable_access_token_lifetime; nonrefreshable_access_token_lifetime; refresh_token_lifetime to 30 years and then re-authenticating in the app doesnt fix the problem

But it looks like the root of the problem is indeed linked to access tokens - users who didnt reauthenticated since ~october doesnt have this issue, and were working fine for about 3 years now. Any fresh login from now on causes this bug to happen.

Here is my config file:

Details

``` pid_file: "/var/run/matrix-synapse.pid" require_auth_for_profile_requests: true limit_profile_requests_to_users_who_share_rooms: true include_profile_data_on_invite: false default_room_version: "6" listeners: - port: 8008 tls: false type: http x_forwarded: true bind_addresses: ['127.0.0.1'] resources: - names: [client] compress: false redaction_retention_period: null retention: enabled: true default_policy: min_lifetime: 1h max_lifetime: 1d allowed_lifetime_min: 1h allowed_lifetime_max: 12h purge_jobs: - longest_max_lifetime: 12h interval: 30m - shortest_max_lifetime: 13h interval: 30m event_cache_size: 1024K database: name: psycopg2 args: user: * password: * database: * host: 127.0.0.1 cp_min: 5 cp_max: 10 log_config: "/etc/matrix-synapse/log.yaml" media_store_path: "/var/lib/matrix-synapse/media" max_upload_size: 2048M url_preview_enabled: false turn_uris: ["turn:*:5349?transport=udp"] turn_shared_secret: * turn_user_lifetime: 1h turn_allow_guests: true enable_registration: false registration_requires_token: true registration_shared_secret: * signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" trusted_key_servers: - server_name: "*" push: include_content: false encryption_enabled_by_default_for_room_type: all ```

[iz4tow]

Yes I confirm. Users that does not re-login after the second half of September still works. I have no refresh token configuration in homeserver.yaml

[iz4tow]

Here my homeserver.yaml:

`server_name: chat.server.local pid_file: "/var/run/matrix-synapse.pid" allow_public_rooms_without_auth: false allow_public_rooms_over_federation: false federation_ip_range_blacklist:

• '172.16.0.0/12'
• '192.168.0.0/16'
• '100.64.0.0/10'
• '169.254.0.0/16'
• '::1/128'
• 'fe80::/64'
• 'fc00::/7' listeners:
• port: 8448 type: http tls: true x_forwarded: false bind_addresses:
  • '192.168.0.11' resources:
    • names: [federation]
• port: 8009 tls: false type: http x_forwarded: true bind_addresses: ['127.0.0.1'] resources:
  • names: [client] compress: false retention: enabled: true default_policy: min_lifetime: 5d max_lifetime: 60d allowed_lifetime_min: 5d allowed_lifetime_max: 60d purge_jobs:
    • shortest_max_lifetime: 1d longest_max_lifetime: 10d interval: 1h tls_certificate_path: "/etc/matrix-synapse/certs/chat.server.local.crt" tls_private_key_path: "/etc/matrix-synapse/certs/chat.server.local.key" federation_custom_ca_list:
    • '/etc/matrix-synapse/certs/CA.pem' acme: enabled: false port: 80 bind_addresses: ['::', '0.0.0.0'] reprovision_threshold: 30 domain: server.example.com account_key_file: /var/lib/matrix-synapse/acme_account.key database: name: "psycopg2" args: user: db password: PWD database: chatdb host: 192.168.0.20 cp_min: 5 cp_max: 10 log_config: "/etc/matrix-synapse/log.yaml" media_store_path: "/var/lib/matrix-synapse/media" max_upload_size: 100M enable_registration_captcha: true turn_uris: [ "turn:chat.server.local:3478?transport=udp" ] turn_shared_secret: PWD turn_user_lifetime: 1h turn_allow_guests: true enable_registration: true account_validity: registration_shared_secret: PWD account_threepid_delegates: metrics_flags: signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" old_signing_keys: "ed25519:a_Ocab": { key: PWD expired_ts: 1587558035604 } trusted_key_servers:
• server_name: "chat.server.local" saml2_config: user_mapping_provider: config: sso: password_config: email: push: include_content: false server_notices: system_mxid_localpart: notices system_mxid_display_name: "Server Notices" room_name: "Server Notices" enable_room_list_search: false opentracing:

`

But I think maybe is .well-known the problem... Here the well-known/client. { "im.vector.riot.jitsi": { "preferredDomain": "vtc.server.local" } } How can I correct? Thx

[pixlwave]

Thanks for the info. I asked because in the logs from @aeroxs17 I see issues saying that the token has an expiry date in the past and wondered if that was a common problem. I have tested running Element iOS against synapse using the demo script that spins up a self-signed instance. I saw the issue once (a syncing banner at the top with an activity indicator), but when I went to debug it I couldn't reproduce it after that.

We're going to need reliable steps to reproduce the issue to be able to look into it properly.

[pixlwave]

I've tagged the issue as uncommon, as this isn't a regular setup for using Synapse in production.

[aeroxs17]

@pixlwave In my case it is enough to force close an app (as described in this article https://support.apple.com/en-us/HT201330) at any point More rarely this issue can occur after not using the app for quite a while (12 hours - a day)

I sent another log file with link of this issue in description. Is there any way to view those logs locally / by myself?

Experementing with refresh_tokens and manually setting them to None in registration.py (disabling them if i understood correctly) doesnt affect this issue

I've set synapse to run on debug level logging I can see in firewall logs that my device sending requests to synapse server, but synapse logs doesnt show any entries at all. Nginx debug logs shows that my device closes connection while ssl handshaking - recent ios verison of element either forgets exceptions made for self-signed certificate or treats them as another certifcate That certificate is issued for 10 years

[aeroxs17]

Any update on this? Is this issue indeed linked to self-signed certificate or is it not related?

[pixlwave]

I checked my app running against the mentioned demo with a self-signed certificate and it still happily connects 24 hours later.

forgets exceptions made for self-signed certificate

This definitely appears to be the case - I was wondering if it was the refresh of a token that caused it to happen, but without a way to reproduce this issue on our side it is hard to understand what is causing it.

[aeroxs17]

The only other notable diffrence is that my certificate was issued for 10 years (2020.11.9-2030.11.7). Maybe this triggers security violation?

[iz4tow]

Same situation. Certificate for 10 years

[ksofix]

I have same situation. My certificate starts in 2022 and expires in 2032. Are we affected by these changes: Apple to Enforce 1-Year Limit on SSL/TLS Certificate Lifetimes ?

[aeroxs17]

Any updates on this issue? are such certs not supported anymore

[iz4tow]

Honestly I think it's element-ios bug, because it works for some time then it stops.

[iz4tow]

I tried to use another server with NGINX as proxy with a self signed cert valid for 365 days. But SAME ISSUE...it works at first, then after some hours or closing and reopening Element on iOS stuck on syncing. On Android and PC works fine

[aeroxs17]

@pixlwave hi there. If this issue can't be fixed could you please mark it as such? we'll just install valid wildcard certificate in our homeserver if fixing this problem in app will take considerable time

[iz4tow]

Maybe you can try to reproduce the issue using matrix behind a VPN server. Maybe is VPN on iOS that is the issue. You may try with Wireguard and OpenVPN

[pascbeck]

@iz4tow have you somehow managed to fix it? I seem to encounter the same issue, and I am really going crazy.

[iz4tow]

No. I tried everything. I'm still waiting for a solution from developers

[aerolene]

I’ve managed to solve it. By buying domain and using letsencrypt to issue valid certs via cloudflare dns verification It now costs me around 100 dollars a year but at least it works

seems like „uncommon“ tag means that devs won’t do anything bout it

[pascbeck]

@aerolene Yeah I already have that unfortunately, and it still seems to be an issue :/

[erwinlem]

I imported my (own) certificate authority onto my iPhone and now I can connect. No need for let's encrypt just make sure you have a trusted connection (which is a good idea in the first place). An error message about an untrusted certificate would be welcome.

Apple link for trusting a CA : https://support.apple.com/en-us/HT204477

[iz4tow]

I tried. But it didn't solve the problem.

[kavemang]

Both of my IOS members suddenly have this issue as of this weekend.

[jessica1202]

I have an infinite sync issue on Element iOS with my private server

Problem description:

I have an iPhone 12 with iOS 17.2.1.
I have a private server with 360-day self-signed SSL.
I downloaded the .crt certificate and installed it directly on my iPhone.
I installed Element iOS version 1.11.8.
I connected to my personal server and confirmed that the fingerprint is the same as the certificate installed on my iPhone.
When I connect to my private server, everything works fine at first.
However, when I close and reopen Element, the app gets stuck in an infinite sync and does not allow me to send or receive messages.

Attempted solution:

I added the homeserver.yaml file with the following configurations:

refresh_token_lifetime: 24h nonrefreshable_access_token_lifetime: 24h refreshable_access_token_lifetime: 10m session_lifetime: 24h

Result:

The solution did not work.

Help request:

What other solution can I try to fix the infinite sync issue on Element iOS?

Additional information:

I found a similar issue on this forum: https://fontsinuse.com/typefaces/32251/element

Gratitude:

Thank you very much for your help.

[mackerel225]

This issue still happens on IOS 17, on my Android device it works ok. I tried with both Wireguard and without VPN. Initially after login it works fine with everything but after some time, it disconnects and stuck in syncing mode, both on local network and outside (internet)

[wiertz]

I encountered the infinite synch issue on an iPhone connected to a server hosted by an educational institution. Deleting the Cache (User Settings/Delete Cache) solved the problem in my case.