Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control on Windows Server 2008 R2 64bit
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi all,

I'm testing Kerio Control with IPS/IDS (SNORT) enabled on my Co-Location hosting server to protect my hosting environment. Kerio Control and Snort are working well against to hacking attempts but sometimes (randomly) accessing to my servers' services aren't work. Only RDP Protocol (3389) works.

I tried to restart Kerio Control services and disable the SNORT when the problem occurs but that doesn't work. Only solution that I found for now is restart the server.

Someone have any problem or experiences with Windows Server 2008 R2 64bit and Kerio Control (or Snort)?

BTW, why Kerio Control 64bit installation install all files to Program Files (x86) and Kerio Control files (winroute.exe, snort.exe, wrctrl.exe, avserver.exe etc.) works in 32bit mode?

It doesn't make sense that any 64bit program (which has an 64bit installation) works in 32bit.

Thanks for the replies.

Kürşada Ölmez
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Here is the update about that issue;

My server has 8GB RAM but when Server and Kerio Control service starts, Kerio Control says that my server has 4GB of ram.
[13/Jul/2010 20:01:28] System: System: Windows Server 2008 x64, Memory: 4095 MB, 4 processors

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi all,

I have found an interesting Snort related log about my problem on Kerio Connect.

IPS: Alert, severity: Low, Rule ID: 1:2003195 ET POLICY Unusual number of DNS No Such Name Responses, proto:UDP, ip/port:208.67.220.220:53 -> my.co-location-ip.address-here:61926

Everytime I restarted my server to solve that problem, that log appears and for the last restart process I can see the numerous inbound DNS connections to my server from 208.67.220.220 (OpenDNS's IP address)

I'm using opendns IP's on my server to resolve domains IPs.

I don't know why this is happening but I will post here if I found any update about that issue.

[Updated on: Sat, 31 July 2010 15:15]

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
I changed my DNS IP's to my network operators' IPs and disabled the restart scheduled job to what happens, but no changes, the problem is continuing Sad

Only solution that have found about that issue is restarting my server every night and I give up to understand what causes that problem.

[Updated on: Mon, 02 August 2010 15:13]

  •  
cybersans

Messages: 46
Karma: 0
Send a private message to this user
to answer your 1st question, kwf is STILL 32-bit application. they only make the installer as 64-bit application. thats why you see that it installed in program files (x86) and you will see 32-bit with * symbol in task manager.

kwf 64-bit is not pure 64-bit, only its installer Wink

to answer your 2nd question, 32-bit application and OS only can see until 4GB of RAM. it is by design and their limitation.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi all,

On my last post, I said that "I give up to understand what causes that problem" but actually I never give up to find the source of the problem Smile and I finally found it.

First thing, Kerio Control is absolutely innocent and works perfect as always.

The second thing, problem is occured because of BIND, which I used for DNS service. I upgraded BIND version from 9.7.1 to 9.7.2 and all my problems are gone forever.

Just want to inform you all.

Thank you.
  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
I disable proxy and everything start to be ok.

Because winroute is x86, but driver layer in your network card is x64.
This is only difference between x86 and x64

Question cannot be stupid, but some of the answers can.
  •  
nunsys

Messages: 6
Karma: 0
Send a private message to this user
Goran wrote on Tue, 12 October 2010 16:54
I disable proxy and everything start to be ok.

Because winroute is x86, but driver layer in your network card is x64.
This is only difference between x86 and x64


Then we must to disable the proxy to works in a Windows 2008 R2 system ??

[Updated on: Sun, 29 May 2011 21:05]

  •  
Goran

Messages: 332
Karma: 5
Send a private message to this user
MM not really...

Install last version and all work great

Question cannot be stupid, but some of the answers can.
  •  
nunsys

Messages: 6
Karma: 0
Send a private message to this user
I stoped the Server and put the old one with 2003 works better with less CPU and RAM Sad
Previous Topic: Kerio Control 7.1.1 On Windows 2008R2 Server
Next Topic: Configuring firewall to allow faster ping speed
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 17:52:26 CET 2017

Total time taken to generate the page: 0.00440 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.