Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can't Connect to Kerio Connect in United Arab Emirates
  •  
DXB Law

Messages: 23
Karma: 0
Send a private message to this user
We are running Kerio Connect 7.0.1 on a server in the United States. We have been successfully running Kerio in this configuration for about 5 years. About a week ago, users started reporting sluggishness and sporadic dropped connections from various clients (Macs running Mail, Macs running Entourage and iPhones) and at the same time it became suddenly impossible to log into secure webmail (https://mail.xxxxx.com) - the browser would time out. These problems were noted from several physical locations so it's not something on our local network.

On a hunch, I tried logging into my VPN service and once logged into VPN all these problems go away - the https page loads immediately, the Mail or Entourage client connects immediately, and the iPhone works well.

This is a new phenomenon, and I haven't changed my configuration either on server side or client side. It might be that the ISP has changed something, but I don't know what.

Also, this morning, I noticed that when using Mail without the VPN, I get a security message asking me to set a trust policy for an expired certificate for "localhost" issued by qmailtoaster.com

This is not the normal security certificate I use for mail through Kerio Connect - I use a self-signed certificate issued from the Kerio Connect admin console. My Kerio certificate is up-to-date through 2011.

Does anybody have any ideas what might be going on, or what information I migth need to provide to troubleshoot this?

VPN is a viable solution for the desktops and laptops, but is not really practical for the iPhone because the iPhone drops the VPN connection as it hands off from cell to cell and does not automatically re-establish it. I would like to figure out what is going on so I can get things back to the way they were a week ago - functioning without intervention through VPN or otherwise.


  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Sounds like the chinese gorverment has exported their firewall to the UAE!
But funny you can use VPN if they block HTTPS traffic!

Or maybe there is a proxy server on the network somewhere?

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Sounds like something is wrong with DNS. What happens if you try to connect to port 25 on the mail server's public IP-address (the one you know it should have) instead of the hostname?

  •  
stewie

Messages: 106
Karma: 0
Send a private message to this user
Agreed. It sounds like an external DNS problem.

It explains why you can connect to the servers when you have a VPN connection (presumably because you're using your internal DNS servers), but cannot otherwise connect using external DNS servers. Plus, the qmailtoaster.com certificate suggests you're not connecting to your kerio server but to some other server probably using qmailtoaster.

A lookup of your mail server shows mail.dxb-law.com resolves to q1.netfirms.com & q0.netfirms.com. Is that what you'd expect?


; <<>> DiG 9.4.3-P3 <<>> dxb-law.com MX

;; QUESTION SECTION:
;dxb-law.com. IN MX

;; ANSWER SECTION:
dxb-law.com. 900 IN MX 10 q1.netfirms.com.
dxb-law.com. 900 IN MX 10 q0.netfirms.com.




; <<>> DiG 9.4.3-P3 <<>> <_at_>ns2.netfirms.com dxb-law.com MX


;; QUESTION SECTION:
;dxb-law.com. IN MX

;; ANSWER SECTION:
dxb-law.com. 900 IN MX 10 q1.netfirms.com.
dxb-law.com. 900 IN MX 10 q0.netfirms.com.

;; AUTHORITY SECTION:
dxb-law.com. 1000 IN NS ns1.netfirms.com.
dxb-law.com. 1000 IN NS ns2.netfirms.com.

;; ADDITIONAL SECTION:
q1.netfirms.com. 3600 IN A 70.35.17.11
q1.netfirms.com. 3600 IN A 70.35.17.75
q1.netfirms.com. 3600 IN A 70.35.17.43
q1.netfirms.com. 3600 IN A 70.35.17.235
q1.netfirms.com. 3600 IN A 70.35.17.203
q1.netfirms.com. 3600 IN A 70.35.17.171
q1.netfirms.com. 3600 IN A 70.35.17.139
q1.netfirms.com. 3600 IN A 70.35.17.107
q0.netfirms.com. 3600 IN A 70.42.30.203
q0.netfirms.com. 3600 IN A 70.42.30.11
q0.netfirms.com. 3600 IN A 70.42.30.139
q0.netfirms.com. 3600 IN A 70.42.30.171
q0.netfirms.com. 3600 IN A 70.42.30.107
q0.netfirms.com. 3600 IN A 70.42.30.75
q0.netfirms.com. 3600 IN A 70.42.30.43
q0.netfirms.com. 3600 IN A 70.42.30.235
ns1.netfirms.com. 3600 IN A 67.23.128.2
ns2.netfirms.com. 3600 IN A 70.35.17.1

Previous Topic: Exchange Activesync support
Next Topic: setting for your mailbox are changed
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 06:18:28 CET 2017

Total time taken to generate the page: 0.00373 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.