Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Authentication problem with Thunderbird
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
Hi,

Every time I launch Thunderbird I get a "Login Failed", "Login to server [ourserver] failed".

I then get the option to enter a new password or to retry, and after a retry it authenticates just fine.

The KMS security log says this:

[02/Jan/2010 21:32:41] Failed IMAP login from 192.168.113.2, authentication method CRAM-MD5


The debug log with "User Authentification" and "Network Connections and SSL" enabled tells me this:

[02/Jan/2010 21:36:33][2808] {conn} SSL debug: id 054A9EA0 SSL3 alert write:warning:close notify
[02/Jan/2010 21:36:33][6124] {conn} SSL debug: id 051757F0 SSL3 alert write:warning:close notify
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL handshake started: before/accept initialization
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:before/accept initialization
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 read client hello A
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 write server hello A
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 write certificate A
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 write server done A
[02/Jan/2010 21:36:44][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 flush data
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 read client key exchange A
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 read finished A
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 write change cipher spec A
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 write finished A
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL_accept:SSLv3 flush data
[02/Jan/2010 21:36:45][2808] {conn} SSL debug: id 051757F0 SSL handshake done: SSL negotiation finished successfully
[02/Jan/2010 21:36:45][2808] {conn} Established secure server connection from 192.168.113.2:56720 to 192.168.0.20:993 using TLSv1/SSLv3 with cipher AES256-SHA, id 15754BF0
[02/Jan/2010 21:36:45][2808] {auth} CRAM-MD5 started, sending greeting
[02/Jan/2010 21:36:45][2808] {auth} CRAM-MD5 user rene.frej.nielsen has incompatible password type
[02/Jan/2010 21:36:59][4880] {conn} Cannot read from SSL connection (local=192.168.0.20:443, remote=192.168.0.183:4834): SSL code 5, system error: (10054) An existing connection was forcibly closed by the remote host.
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL handshake started: before/accept initialization
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:before/accept initialization
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 read client hello A
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 write server hello A
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 write change cipher spec A
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 write finished A
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 flush data
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL_accept:SSLv3 read finished A
[02/Jan/2010 21:37:00][936] {conn} SSL debug: id 02732460 SSL handshake done: SSL negotiation finished successfully
[02/Jan/2010 21:37:00][936] {conn} Established secure server connection from 192.168.0.183:4835 to 192.168.0.20:443 using TLSv1/SSLv3 with cipher RC4-MD5, id 0D56C318
[02/Jan/2010 21:37:04][2808] {auth} NTLM: Continuing authentication.
[02/Jan/2010 21:37:04][2808] {auth} NTLM: client TONSBAKKEN\rene.frej.nielsen sent valid credentials, ctx attribs 0x4.
[02/Jan/2010 21:37:04][2808] {auth} NTLM: acceptSecurityContext() completed successfully.
[02/Jan/2010 21:37:04][2808] {auth} User rene.frej.nielsen performed NTLM authentication in NT domain TONSBAKKEN, found in domain coolgray.dk
[02/Jan/2010 21:37:04][2808] {auth} NTLM successfully authenticated user rene.frej.nielsen<_at_>coolgray.dk
[02/Jan/2010 21:37:12][5760] {conn} Cannot read from SSL connection (local=192.168.0.20:443, remote=192.168.1.19:4767): SSL code 5, system error: (10054) An existing connection was forcibly closed by the remote host.
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL handshake started: before/accept initialization
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:before/accept initialization
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 read client hello A
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 write server hello A
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 write change cipher spec A
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 write finished A
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 flush data
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL_accept:SSLv3 read finished A
[02/Jan/2010 21:37:12][5992] {conn} SSL debug: id 15FBBAD0 SSL handshake done: SSL negotiation finished successfully
[02/Jan/2010 21:37:12][5992] {conn} Established secure server connection from 192.168.1.19:4768 to 192.168.0.20:443 using TLSv1/SSLv3 with cipher RC4-MD5, id 0DEACF20


I've set "Connection Security" to SSL/TLS and enabled "Use secure authentification" in Thunderbird. If I disable "Use secure authentification" then I don't get the error, but that doesn't sound so secure...

Our KMS is connected to our Active Directory if that's important.

[Updated on: Sat, 02 January 2010 21:53]


Regards,
Rene Frej Nielsen
  •  
saxk

Messages: 1
Karma: 0
Send a private message to this user
We've been live with Kerio for about a year with about 220 users. Last week, we suddenly started seeing similar issues.

One minute, we can auth to AD just fine, the next we cannot.

The combination is Outlook 2000 with KOC. Outlook 2003 seems to be fine...

Same issue?



Just because you fail to find the humor in it right now, does not mean that it isn't funny.
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
I don't think it's the same issue. Most of our users are using KOFF on Outlook 2003, some KOFF on Outlook 2007 and our Mac users are using Entourage 2008. None of them are having this issue.

From the log it seems like it's something with CRAM-MD5 authentification, but I don't know what.

Regards,
Rene Frej Nielsen
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
OK thanks... that explains it... Just curious, are the credentials then sent in plaintext?

Regards,
Rene Frej Nielsen
Previous Topic: Important: False-positive spam detection of emails in 2010
Next Topic: Apple Mail and Outlook: Two apps that just can't work together?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 04:49:58 CEST 2017

Total time taken to generate the page: 0.00462 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.