Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » iCal creates invalid password errors in log (but is configured via the auto config tool?)

Messages: 94
Karma: 1
Send a private message to this user
I seem to have discovered some strangeness at a few of our clients Kerio installations.

Kerio 7.3 patch1
iCal 10.6.8

I have setup iCal using the Auto Configuration downloaded under the settings menu in the users webmail account.

Every time iCal is launched 2 invalid password errors get generated to the security log.

LDAP: Invalid password for user xxx<_at_> Attempt from IP address

iCal gives no errors what so ever and seems a very happy bunny and everything works as expected. If the "sync all calendars" thing in iCal is done, no errors seem to be posted to the Kerio security log, so ONLY when iCal is launched do the invalid password errors appear...

So everything works anyway, so why bother, right?

Except (and this is how I found out about it in the first place) when you enable the settings for password guessing protection that temporary locks-out accounts, this will make Mail and Addressbook go offline completely for 5 minutes!

So turned those extra security options off again...

Messages: 5
Karma: 0
Send a private message to this user
We are seeing a similar issue here with users using Outlook 2011 or iCal/Mail.

If we have "Block user accounts based on password guessing" option enabled users using Outlook 2011 will randomly be blocked.

We see log entries as below:

HTTP/EWS: Invalid password for user xxxxx
HTTP/WebDAV: Invalid password for user
and then
Attempt to LDAP login to locked account xxxxx

Centos 6 using OD Kerberos authentication
Kerio Connect 7.3.1 patch 2 build 6199

Mac OSX 10.6.8
Outlook 2011

Messages: 37
Karma: 0
Send a private message to this user
I am also seeing this error in my security logs.

Mac Mini OS X 10.6.8
Kerio 7.3.1 p2 build 6199

Entourage 2008
Entourage 2008 WSE

This error seems to only be generated by Entourage, not OS X Mail or Ical.

HTTP/EWS: Invalid password from user xxxx<_at_>xxxx. Attempt from IP address xxxxx
HTTP/WebDAV: Invalid password for user xxx<_at_>xxxx. Attempt from IP address xxxxx
HTTP/ActiveSync: Invalid password for user xxx<_at_>xxx. Attempt from IP address xxxx

I believe this is caused by having the "NTLM Authentication" setting active. I have turned it off for testing purposes.

Kerio Admin -> Advanced Options -> Security Policy -> (Allow NTLM Authentication for users with Kerberos)
Previous Topic: Mailing lists
Next Topic: Issues with iCal 5.0.2? (OS X 10.7.3)
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 07:39:56 CEST 2017

Total time taken to generate the page: 0.00395 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.