Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAP requests fail after approx 1/2 day uptime
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Hi

Wonder if anyone can really get me out of trouble!!?! Im running KMS 5.7.8. Everything is great for about 1/2 a day then I become unable to check my mail. Webmail logon screen is available but IMAP and LOGON freeze.

When checking the logs it seems that the LDAP requests are failing for some reason?!? I have 9 LDAP users + 1 internal admin so there is no real load. After the 'freeze' when I check the users there is only the internal one available??

The LDAP debug is

Quote:

[19/Apr/2004 16:34:09][3236] {ldapdb} LDAP connect to server server1.xxxxxxxxxxxxxx.com failed: Invalid credentials
[19/Apr/2004 16:34:09][3236] {ldapdb} Search request to LDAP server server1.xxxxxxxxxx.com result: Can't contact LDAP server


The win2k server is up n running fine, the credentials are just fine also?!?

Please please please someone help before I go bald.....
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Oh n this is the warning log

Quote:

[19/Apr/2004 16:35:30] LDAP: User me<at>xxxxxxx.com doesn't exist
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
sophos9 wrote on Mon, 19 April 2004 18:22

Hi

Wonder if anyone can really get me out of trouble!!?! Im running KMS 5.7.8. Everything is great for about 1/2 a day then I become unable to check my mail. Webmail logon screen is available but IMAP and LOGON freeze.

When checking the logs it seems that the LDAP requests are failing for some reason?!? I have 9 LDAP users + 1 internal admin so there is no real load. After the 'freeze' when I check the users there is only the internal one available??

The LDAP debug is

Quote:

[19/Apr/2004 16:34:09][3236] {ldapdb} LDAP connect to server server1.xxxxxxxxxxxxxx.com failed: Invalid credentials
[19/Apr/2004 16:34:09][3236] {ldapdb} Search request to LDAP server server1.xxxxxxxxxx.com result: Can't contact LDAP server


The win2k server is up n running fine, the credentials are just fine also?!?

Please please please someone help before I go bald.....


Maybe you have different time on server and on KMS. Both must be synchronized to the same time.

Petr Dobry
Product Development Manager | Kerio
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Thanks, will try that tomorrow, just managed to remotely dump the companys broadband connection?!

What is the most effective way to sync the time please?

Does this help... After the LDAP connection cannot be established, when trying to log into the console it takes forever? It does finally get there tho..... Then if I repair the local NIC I *think* it may work no probs again?

Any more help would be great, i've got managing directors on my back now :(

Thanks in advance

[Updated on: Mon, 19 April 2004 22:46]

  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
sophos9 wrote on Mon, 19 April 2004 22:43

Thanks, will try that tomorrow, just managed to remotely dump the companys broadband connection?!

What is the most effective way to sync the time please?

Does this help... After the LDAP connection cannot be established, when trying to log into the console it takes forever? It does finally get there tho..... Then if I repair the local NIC I *think* it may work no probs again?

Any more help would be great, i've got managing directors on my back now Sad

Thanks in advance


When KMS logs invalid credentials, it means one of this reasons:

1. Invalid username/password
2. insufficient right to log into domain (LDAP)
3. disabled account/too many logins simultaneously
4. different time on LDAP and KMS server

For time synchronization use NTP or add KMS server into domain.

Optionally you can test your LDAP connection with some LDAP browser for example Softerra LDAP browser.

Petr Dobry
Product Development Manager | Kerio
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Petr, Hi and thanks for your input.

Quote:

When KMS logs invalid credentials, it means one of this reasons:

1. Invalid username/password
Both Correct
2. insufficient right to log into domain (LDAP)
No probs here
3. disabled account/too many logins simultaneously
The account is fine, I use the same username to logon to the 2k AD?? Could this be a problem??
4. different time on LDAP and KMS server
Ok today i set the 2K AD and all clients to look to time.windows.com using "net time \\127.0.0.1 /setsntp:time.windows.com"

Should this do it??




I also run KWF 5 and the connection tab shows about 20-30 kerberos connections with the 2k AD?

Thanks again
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
sophos9 wrote on Tue, 20 April 2004 12:43

Petr, Hi and thanks for your input.

Quote:

When KMS logs invalid credentials, it means one of this reasons:

1. Invalid username/password
Both Correct
2. insufficient right to log into domain (LDAP)
No probs here
3. disabled account/too many logins simultaneously
The account is fine, I use the same username to logon to the 2k AD?? Could this be a problem??
4. different time on LDAP and KMS server
Ok today i set the 2K AD and all clients to look to time.windows.com using "net time \\127.0.0.1 /setsntp:time.windows.com"

Should this do it??




I also run KWF 5 and the connection tab shows about 20-30 kerberos connections with the 2k AD?

Thanks again


If it worked before and after some time it stops, there must something changed. If you find out what it was, you will know how to fix it.

Petr Dobry
Product Development Manager | Kerio
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Sure and I would if I could find it. The problem is I have a bunch of directors all kicking my a** becuase they require webmail and everytime they go to use it they cant.

I have checked the event logs on both the 2kAD and the server running KMS and they show nothing. The KMS server is a computer that runs ONLY KMS & KWF, no one logs on in between, no one uses the server.

Nothing that i know of changes, both KMS & KWF do what they are supposed to until this problem occurs. KWF works with no probs, KMS still works but no one can login.

I have now converted the users to internal to try to narrow down if LDAP is the problem.
  •  
mkanat

Messages: 72

Karma: 0
Send a private message to this user
If you have log rotation enabled, disable it.

If your mailserver locks up, I'm almost sure this is the cause.

-Max

Maxwell Kanat-Alexander
2nd Level Support Engineer, USA
Kerio Technologies
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Max, Hi and thanks.

I have definatly got Log Rotation enabled. I has used KMS for a few days now with just internal users using kerberos and it seems extremely stable so I will probably just stick with the current set up.

I think that I may try what you have suggested to try and put an end to this thread??

If this is a problem, will there be a fix anytime soon??

Thanks again

Dave
  •  
mkanat

Messages: 72

Karma: 0
Send a private message to this user
sophos9 wrote on Tue, 27 April 2004 12:25


If this is a problem, will there be a fix anytime soon??



Yeah, we have this already fixed in development. It should be fixed in 5.7.10. If Log Rotation is critical to you, you can email support and we'll send you a version of 5.7.9 mailserver.exe that has this additional fix in it.

-Max

Maxwell Kanat-Alexander
2nd Level Support Engineer, USA
Kerio Technologies
Previous Topic: OpenLDAP support
Next Topic: Support for Multiple SSL Certificate
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 10:55:25 CET 2017

Total time taken to generate the page: 0.00503 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.