Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KOFF and Apache2 reverse proxy - a mess
  •  
EdRoxter

Messages: 77
Karma: 2
Send a private message to this user
Hello everyone,

due to some infrastructure changes, we decided to provide access to our Kerio Connect 7.3.2 via Apache2 reverse proxy (both are running on Debian Squeeze machines - KC on a 32-bit, Proxy on amd64).

Webmail, EWS, iPhone ActiveSync all work flawlessly - only KOC Offline under Outlook 2010 makes a mess.

Client communication goes via https, backend communication goes via http (I've also tried to setup both via https, same problems).

So what happens is:

Every two or three restarts, it gives a MAPI_E_NOT_FOUND. Sometimes it helps to delete the entire Userdir\Kerio\Outlook Connector\ directory (the Clear Cache option in KOFF's configuration doesn't, interestingly, do the job in those situations), sometimes I have to follow the advice to delete the specguid.fld and _keriomapi_STORE/ in the user's maildir and recreate his Outlook profile - only to see that syncing stops after some 1000 mails, but not with an error but the KOFF goes to idle mode.
Then, sometimes, it helps to restart Outlook - with the risk of losing everything again and getting a MAPI_E_NOT_FOUND -, sometimes it helps to continue the synchronization.
Sometimes it also happens that some of the user's folders just disappear in Outlook - error with next startup of Outlook guaranteed.

Sometimes, with a freshly deleted local cache and keriomapi_STORE, KOFF only syncs some 2 or 3 folders with 30 items each and then goes into idle mode. If I want to access the inbox or a folder with some >1000 items, it disappears as if it wasn't present on the server.

Neither in KC's Debug log nor in Apache2's error log at debug level I can find any sufficient information about why this is happening (also I'm not exactly sure what to look for).

The clients' debug.log are pretty inconsistent: Sometimes I see some "Missing property" entries, sometimes a KOFF_E_HIERARCHY, it's hard to get any clue about the mechanisms of this behaviour out of this.

Of course, pointing the hostname directly to KC leads the clients to work flawlessly - but I really want to get this done with a reverse proxy.

I had a similar behavior with nginx acting as a reverse proxy, it was only worse, syncing stopped after 10 seconds. It got a bit better after turning of buffering and cache, still it was horrible.

I have a rough idea that this could be about mailbox sizes/item count: Users with some 100MB/~1000 items mailboxes hardly have any problems, users with some GB-size/>20k items mailboxes experience this behavior way more often.

Of course, I've tried increasing Apache's ProxyTimeout (it's 600sec currently) and MaxClients setting, but that hasn't helped so far.

I can post some excerpts of the log files if requested, but first of all I want to know if anybody knows this behavior or has another idea about what could possibly cause it.

Perhaps some more detailed information about how KOFF communicates with the server would bringt some light here - I only see that it's WebDAV, but a bulk WebDAV repository implemented with another Apache works flawlessly behind the reverse proxy. So are there any specialties like persistent connections or anything like that? At which point could the communication fail? Is there any way to dump the whole client-side communication so I can see if there are any problems, for example, in the responses to the PROPFIND requests? As far as I can tell, they're quite huge.

Kind regards
Nico

[Updated on: Mon, 05 March 2012 12:52]

  •  
haentsch

Messages: 8

Karma: 0
Send a private message to this user
Hi,

we have very similar issues. We running Kerio Connect 8.1.1 and only Kerio KOC Offline causes issues suddenly. We using an Apache Reverse Proxy. Webmail ActivSync, KOC (Non Offline) just works fine. But KOC Offline always results in Error 0x80004005
The apache logs shows a 401 error with PROPFIND.

These errors we even get on a new created account and during the setup of KOFF.

Anyone knows more about?

Cheers

Harald
  •  
EdRoxter

Messages: 77
Karma: 2
Send a private message to this user
Given that your KOFF clients talk to the Reverse Proxy via SSL: I had contacted the support and, after reporting this issue to the developer team, they confirmed that this was a bug in KOFF 8.1.0 and 8.1.1: The SNI name was not set correctly. It will be fixed in 8.1.2, until then you have to use the IP address as host name in the KOFF configuration insted of the proxy's domain.

This is something related to your problem "by accident" - my original issue is still prevalent, though things have gotten better. When larger numbers of messages have to be synced, KOFF just stops syncing from time to time as if there was nothing more to sync, although I can see that several thousand messages are missing. But a simple Outlook restart makes it sync the next few hundred messages again.
Same issue with Outlook:Mac 2011 via EWS: Syncing just stops after 80-100 messages, but continues correctly after clicking the "Send and Receive" button.

[Updated on: Thu, 06 June 2013 09:37]

  •  
haentsch

Messages: 8

Karma: 0
Send a private message to this user
Thanks for your answer. I tried to use IP instead, but this didn't work either. So far the only workaround which helped, was downgrading of KOFF to version 8.0.2.

Did yu do anything else as using the public IP of the proxy in KOFF?
Previous Topic: Missing emails on ipad/iphone but not in webmail and apple mail
Next Topic: Upgrade issues
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 03:22:24 CEST 2017

Total time taken to generate the page: 0.00404 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.