Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » iCal sync/delegate failures with 10.6.2
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
I've been battling a problem since OS X 10.6.2 came out that we were just able to solve so I'll share it with you all and perhaps someone can explain why the solution worked:

Since OS X 10.6.2 (and the iCal that came with it), all users connected to our server (6.7.2 updated through 7.0.0) could no longer refresh calendars in iCal using CalDAV nor could they see any delegates calendars. This all worked fine in 10.6.1 clients and lower.

Kerio support was able to duplicate the problem on our server but could not duplicate it on other servers. We ruled out server hardware, server OS versions, client machines - everything. 100% of 10.6.2 client iCals could not use anything but the Kerio Sync Connector.

Finally, in trouble shooting between a dev box and the live server, I found what seems to be the problem. We have a GoDaddy SSL certificate for the primary domain on the live server. As soon as I removed this certificate and used a self-signed one, the problem went away. I never tried this earlier for 2 reasons. 1) That very same SSL cert had worked perfectly up until the 10.6.2 client update so why would I suspect it was a problem. 2) Most clients were not using SSL in iCal anyway.

Now that I had isolated the issue to the SSL cert, I needed to fix it since most mail clients used SSL. When I originally installed that GoDaddy cert, I did not add the GoDaddy intermediate key to the server key file - I never had in the past and it always worked. I decided to try it this time to see what would happen. I deleted the cert from the server, added the GoDaddy intermediate key to my server crt file, re-added the server.key and server.crt files back in to Kerio, restarted and the iCal problem magically went away and SSL was back and working.

For the life of me, I can not see why this SSL cert was causing these iCal issues with 10.6.2 clients and why the intermediate key would fix it. Prior to me adding the intermediate key to the server key file, we had installed the GoDaddy intermediate key into client OS X Keychains (to stop the warning OS X can put up about the authenticity of the root cert) so the 10.6.2 clients HAD the intermediate key installed locally and they still failed.

None the less, the problem has been solved but I'd love an explanation as to why!

[Updated on: Sun, 21 February 2010 17:29]


-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
matthealey

Messages: 46
Karma: 6
Send a private message to this user
Hi, I have just run into this exact problem.

How did you add the intermediate crt to the system? I am unfamiliar with that...
  •  
cwachs

Messages: 101
Karma: 0
Send a private message to this user
What I did was take the cert file that GoDaddy includes with my server cert (gd_bundle.crt), copied the info in that file and pasted it into my server cert file (domain.name.crt) and then imported that into Kerio. That fixed the problem. I think the way Kerio prefers you do this is take the gd_bundle.crt file and move it into the cert folder for the server.

-----------
Server installation:
Kerio Connect 7.1
OS X Server 10.5.8
Apple G4 X Serve
  •  
keriomonkey

Messages: 4
Karma: 0
Send a private message to this user
Thanks very much for the post.

I too have the same problem with 10.6.3 Server and Clients and running Kerio 6.7.3 (patch 1). I would love to try this fix but I would feel a lot more comfortable if someone from Kerio responded first with an explanation as to why this is happening and more importantly, is this their recommendation to fix it.
Previous Topic: Web Administration versus Administrator console
Next Topic: Info about Kerio Connect 7.1 with besx
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 07:46:12 CEST 2017

Total time taken to generate the page: 0.00406 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.