We're trying to create an app for OpenPeak. The Flash app will act as a client to a Java server on another computer on another domain.

The Flash app client connects via XMLSocket. The Java Server uses ServerSocket to receive a request and send back a message.

In order to trust the server, the Flash client needs a socket master policy file to tell it that the server comes from a trustworthy domain. According to an article on Adobe, when a connection has succeeded, the Flash client automatically requests the cross-domain policy or socket master policy file on port 843.

Still, even when we implement it according to the tutorials and recommendations we have read, the Flash client continues to throw the following security error:

SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"

We've tried logging the policy file request during testing to see if there was any call made to port 843. There was not.

Interestingly, even without a policy file, the Flash client still manages to send the first data message to the server successfully. It's just when the server tries to send back a reply that the entire thing hangs for about 10 seconds before the security error above is displayed.

Any ideas / suggestions?