Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » List of Known Bugs and or Deficiencies
  •  
bhenderson

Messages: 12
Karma: 0
Send a private message to this user
Is there a list of known bugs and deficiencies with Kerio? I've got a few problems with KMS, but I can't tell if it is a configuration problem or a known problem, and searching through hundreds of forum posts every time a new issue arises is too time consuming.

To give an example, here are a few of the problems I've come across :

- Tasks cannot be assigned to other people using the KOC - they are sent as basic mail items to other users, which cannot be opened in Outlook (must use the web interface to handle these types of items).

- KOC does not allow sorting tasks, etc. in "more specialized fields" in Outlook. (e.g. sorting Tasks by Category)

- KOC does not prompt for a login, so the Outlook profile cannot be protected from other users using the same windows profile. E.g. if you leave the username and password blank in the KOC, it will prompt you for that info the next time you start Outlook - but then it permanently stores it, so that the user is never prompted again. On shared workstations, this is a security issue.

- KOC adds a tool bar for the spam filter buttons every time the configuration for Address Books (Tools->Address Book) is changed. Can lead to several toolbars of the spam filter appearing at the top of the main Outlook window, which all do the same thing.

- KMS security policies are too general. For example, we have some old systems that require us to use POP e-mail internally (i.e. local LAN), but externally we want to enforce the use of HTTPS. This requires us to stop the HTTP service, and users must then remember to login using the https prefix for the server to get access to the web interface. Combinations of both secure and insecure authentication are not possible without disabling the redirect on the HTTP service. - Maybe this can be a checkbox on the next version of KMS, rather than confiugred using a global policy?

- The primary location where published user accounts (i.e. public contacts) cannot be modified, leading to user confusion on which address book is to be used:

In Outlook, there are two "default" contact folders for users to choose from: Public Contacts and Personal Contacts. Both have the display name "Contacts" however, and determining which Contacts folders has priority in the Address Book configuration becomes difficult and trial and error based on configuration. An administrator can change the name of the folder Public "Contacts" to something else, like "Mail System Directory", but then the next time a new user is added, and the account is published, KMS creates yet another "Contacts" folder in the Public Folders, and puts the new entries in there, requiring the admin to go an move the newly created entries to the more distinct folder, and then delete the new Public "Contacts" folder to maintain consistency. In other words, there is no real mapping between the KMS "GAL" and the administration of it.

- Specification of a default reply to e-mail address cannot be done in KMS.

- KMS accepts old X.400 addresses in contacts imported from an Exchange migration. This leads to users complaining that the server is not sending e-mails due to a vague non-delivery report that is returned to them from Kerio.

- KMS cannot import a DER encoded SSL certificate?

- All Palm Treos must sync via a cellular Internet Connection ($$$$$ - surprise)?

Plus I have a few more, but I'm trying to exercise some due diligence before I list those as well. Feel free to pick at the list above - I'd love to hear some kind of feedback or answer on these problems, even if it is some kind of (duh) config issue.

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
There's not pubic list of known problems.

Some feedback:
Quote:

- KOC does not prompt for a login, so the Outlook profile cannot be protected from other users using the same windows profile. ... On shared workstations, this is a security issue

That's the way Outlook works. You could still create separate Windows accounts on shared workstations to overcome this limitation. There's also someone on this forum who has created some script that cleares the password everytime Outlook closes (or something similar), so you could use that as well. Search the forum.

Quote:

KMS security policies are too general. For example, we have some old systems that require us to use POP e-mail internally (i.e. local LAN), but externally we want to enforce the use of HTTPS. This requires us to stop the HTTP service, and users must then remember to login using the https prefix for the server to get access to the web interface....

Well, you could certainly limit access to different types of protocols in your firewall. So simply enable POP3, but block it on your firewall for connections coming from 'outside'. Secondly: people don't have to remember connecting to https, if your security policy requires secure connections, connections to http are simply automatically redirected to https. but you're right, they're some limitations. I for one would like the ability to limit protocols per user, I'd like to specify which users may connect using what protocols. Regretfully, that's not possible at the moment.

Quote:

- KMS cannot import a DER encoded SSL certificate?

Is that really a problem? Just ask your CA for a differently (base-64) encoded certificate.

Quote:

- All Palm Treos must sync via a cellular Internet Connection ($$$$$ - surprise)?

We're now using Windows Mobile only, but before I had several Palm Treo 650's syncing with Kerio through a local Outlook/KOC profile. Worked fine. (But I have to be honest: Windows Mobile syncing works better...)
  •  
bhenderson

Messages: 12
Karma: 0
Send a private message to this user
winkelman

There's also someone on this forum who has created some script that clears the password every time Outlook closes (or something similar), so you could use that as well. Search the forum.


I didn't know this existed. Thanks.

winkelman

- KMS cannot import a DER encoded SSL certificate?
Is that really a problem? Just ask your CA for a differently (base-64) encoded certificate.



Yeah it is, because palm Treos do not accept a Base64 cert, which is what we have right now.

winkelman


We're now using Windows Mobile only, but before I had several Palm Treo 650's syncing with Kerio through a local Outlook/KOC profile. Worked fine. (But I have to be honest: Windows Mobile syncing works better...)


How did you sync through the KOC? The info in the admin guide is weak on troubleshooting problems with the Treo (either it works or it doesn't), and says nothing about syncing through the KOC.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
bhenderson wrote on Mon, 24 September 2007 18:49



winkelman

- KMS cannot import a DER encoded SSL certificate?
Is that really a problem? Just ask your CA for a differently (base-64) encoded certificate.





That's why it is possible to download SSL certificate from KMS in both formats (DER and PEM: http(s)://<server>/server.cer or .crt). Therefore, you need only format that can be imported to KMS which is PEM.
  •  
bhenderson

Messages: 12
Karma: 0
Send a private message to this user
Kerio_pdobry wrote on Mon, 24 September 2007 09:54



That's why it is possible to download SSL certificate from KMS in both formats (DER and PEM: http(s)://<server>/server.cer or .crt). Therefore, you need only format that can be imported to KMS which is PEM.


OK then - I have a support ticket in order address this problem then. We have a Palm Treo 700P that is not accepting the SSL cert from our KMS server, which is a Verisign CA 3 cert (i.e. it is on the supported list for Palm). Another symptom of this is Firefox is not verifying the Versign cert, while IE has no problems.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
bhenderson wrote on Mon, 24 September 2007 18:49


How did you sync through the KOC? The info in the admin guide is weak on troubleshooting problems with the Treo (either it works or it doesn't), and says nothing about syncing through the KOC.


I did have trouble syncing Palm Tungsten's (doesn't work, couldn't get it to work). But I never had problems syncing Palm Treo 650's.

  1. First setup Outlook/KOC to work correctly.
  2. Then install the Palm Desktop software and choose to sync to Outlook during install.
  3. Then configure the Hotsync connections. Make sure you've set it to sync with the correct Outlook profile and you also have to set two more things. I'm not sure exactly what there were called, but it was something like 'Enable offline syncing' and something to do with syncing to multiple PC's. Both settings have to be made per item you are syncing (Calendar, Contacts, Tasks, etc.) and make sure you make those settings permanent and not just for the next sync. (The Hotsync application is not very clear in all this.) Also, one of the two settings doesn't seem to stick (enter the settings again and it's not ticked anymore), but still you have to make sure you've set it.

Well, that's what I did with the four Treo 650's in use here and it worked fine. Even our companies president used it, so it was going fine.

Not to talk you away from Palm OS, but: one of the reasons I changed to Windows Mobile here is that it syncs directly to the server without any in-between hotsyncs, outlooks and what not. Much smoother and easier to manage. (Doesn't have to be over the air though, can be through a desktop connection. Few people in my company have [expensive] mobile data plans, I mostly disable GPRS on the phones.) The Palm/Hotsync/Outlook/KOC/server house-of-cards contraption ran fine, but did need some attention every now and then.


  •  
Nixs

Messages: 159
Karma: 0
Send a private message to this user
Not sure if this is related, but there is a known bug in Mozilla apps where it's not handling certain Verisign certificates correctly.

"Could not verify this certificate for unknown reasons"

I can't find it now, but when I initially ran across this issue, I did find an active bugzilla report open. This affects a non-Kerio server of mine.

  •  
bhenderson

Messages: 12
Karma: 0
Send a private message to this user
winkelman wrote on Mon, 24 September 2007 10:55


  1. First setup Outlook/KOC to work correctly.
  2. Then install the Palm Desktop software and choose to sync to Outlook during install.
  3. Then configure the Hotsync connections. Make sure you've set it to sync with the correct Outlook profile and you also have to set two more things. I'm not sure exactly what there were called, but it was something like 'Enable offline syncing' and something to do with syncing to multiple PC's. Both settings have to be made per item you are syncing (Calendar, Contacts, Tasks, etc.) and make sure you make those settings permanent and not just for the next sync. (The Hotsync application is not very clear in all this.) Also, one of the two settings doesn't seem to stick (enter the settings again and it's not ticked anymore), but still you have to make sure you've set it.

Well, that's what I did with the four Treo 650's in use here and it worked fine. Even our companies president used it, so it was going fine.



Thanks! That worked great for the 650s. Now our users can:

Sync Locally: All Primary Folders (Inbox, Contacts, Calendar, Tasks)
Sync Remotely: Inbox and Calendar
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
bhenderson wrote on Tue, 25 September 2007 21:50


Sync Remotely: Inbox and Calendar



Treo 650 users can upgrade VersaMail 3.5 and get EAS (Exchange ActiveSync) update ($12 in total) and synchronize also Contacts. See http://www.palm.com/us/support/downloads/treo/easupdate.html
Previous Topic: Holidays
Next Topic: Creating new users using php
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 07:06:05 CET 2017

Total time taken to generate the page: 0.00503 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.