Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Detailed steps to move Kerio Connect (How to move to another server.)
  •  
Will Mayall

Messages: 177
Karma: 10
Send a private message to this user
Recently, I moved Kerio Connect from one server to another. This documents the process in the hope that it helps someone. Most of the process is documented by Kerio but I add details and make it more of a step-by-step checklist. If you find errors or know of improvements, please suggest them.

Moving is much easier than these instructions imply. Ironically, I think it took me longer to write these directions than it took to move to a new server.

The following Kerio documents are important references for this process:

I strongly recommend Method 1 in the Kerio KB article and that is what I used. Method 1 uses backup and recovery. By using this method, you shut down the server for the shortest possible time.

My technique is slightly different from that in the Kerio KB article. Following my steps will result in the server being down for a shorter period of time. You first copy the full backup to the new server while Connect continues to run. You then stop all incoming messages, do a differential backup, and copy just the differential backup file(s). Since the differential backup file is relatively small, this copy is quick and the server is down for a shorter time.

Although most of the process is applicable to any server configuration, I'll mention my configuration. In the steps, you will also find a few details that are specific to Mac servers.

Old server:
  • Mac OS X Server 10.6.8 - all updates installed
  • Kerio Connect 8.1.3 (1711) - latest release

New server:
  • Mac OS X Server 10.8.5 - all updates installed
  • Kerio Connect 8.1.3 (1711) - latest release

The basic steps including the approximate time for our 100GB of data:
  1. ___ Prep the new server
  2. ___ Copy Kerio Connect full backup to the new server (1 hour)
  3. ___ Stop services on the old server (email service stopped))
  4. ___ Create a differential backup on the old server (10 minutes)
  5. ___ Shut down the old server
  6. ___ Copy the differential backup to the new server (5 minutes)
  7. ___ Run kmsrecover on the new server (45 minutes)
  8. ___ Launch the new server (email service restored)
  9. ___ Address issues

Following is a detailed description of the above steps. I assume you will be using the same IP address on the new server. If you are changing to a new IP address, you'll need to adjust the instructions to your needs.

Prep the new server

On the new server:
  1. ___ Do not connect the new server to the Internet until you are sure that it is configured in such a way that it cannot accept email.
  2. ___ Make sure the built-in server software is not running on ports that will be used by Kerio Connect like POP, IMAP, SMTP, HTTP, etc.
  3. ___ Connect the new server to the Internet.
  4. ___ Make sure the OS and other critical software is up to date.
  5. ___ Configure the firewall.
    • I won't go into all you need to do. I find firewalls a pain but obviously necessary.
    • Apple's firewall UI is a joke. I highly recommend IceFloor: http://www.hanynet.com/icefloor/
  6. ___ IMPORTANT. Make sure that the new server cannot accidentally read incoming messages until it is completely ready. Note that you will configure Kerio Connect to not run any services but Kerio Connect initially launch with all the services on. You can prevent incoming connections in at least a couple ways:
    • Use an IP address that does not expect to receive email. The downside of relying on this is that later you will switch the server to the real IP address. Instead, by having the firewall block the ports, you avoid any possibility of the server receiving incoming email before it is ready.
    • Use the firewall to block all mail ports but especially SMTP and HTTP ports. (My preference.)
  7. ___ Configure a network connection that is appropriate.
    • In my case, I added a Mac Network "Location" with the IP info appropriate for the server. This allowed me to quickly switch to the server's IP address once the IP address on the old server was disabled.
  8. ___ Install Kerio Connect.
  9. ___ Launch Kerio Connect. (It's probably already running if you just installed it.)
  10. ___ Connect to Kerio Connect Admin: http://localhost:4040/admin
  11. ___ IMPORTANT. Stop all Kerio Connect Services and set them to start up manually.
    • This is another step to ensure that the server does not accidentally read incoming messages before it is ready. It is somewhat redundant with step #6 but why not be safe?
  12. ___ You do not need to configure Kerio Connect. The configuration will be copied from the old server.
  13. ___ Shut down Kerio Connect.
    • IMPORTANT: Even though you shut down Kerio Connect, it will launch again if you restart the server.
    • You might want to disable Kerio Connect using instructions later in this document.
  14. ___ You may need to shut down the new server depending on how you are going to copy the data files from the old server to the new server.

Copy Kerio Connect full backup to the new server

On the old server:
  1. ___ Make sure that your old server is connected to your new server so that you can copy files between the two.
    • Alternatively, you can copy files to an external hard drive or other server but doing so may increase the time to transfer files since you have to both copy to and then from the hard drive or other server.
  2. ___ In Kerio Connect, go to: Configuration --> Archiving and Backup --> Backup
  3. ___ Check that you have a full backup.
    • If you do not have a full backup, run one by clicking the Start Now button.
    • A full backup can take hours but if you have to do it, at least your old server is still running and serving your users.
  4. ___ Copy the full backup files to the new server.
    • The path to the backup files is shown in the Backup configuration under Target Backup Directory.
    • Directory permissions may restrict access to the backup files. You may need root access.
    • In Kerio Connect 8.1.3, the full backup zip files start with F. The differential zip files begin with D. The Kerio KB article says that the differential files begin with I. Another way to tell which files are which is that the full backup files will probably all be created on one day and the differential file will probably created today.
    • You do not need to copy the differential file(s) because we will do one more differential backup and copy the resulting file(s).
    • This step is probably one of the most lengthy steps. It could easily take hours depending on the method you use to copy. I used Firewall 800 and Target Mode.
    • Again, note that your server is still running. This is different from the Kerio KB article which has you stop the server before step 1.

Stop services on the old server

On the old server:
  1. ___ In Kerio Connect, go to: Configuration --> Services
  2. ___ Record which services are set to start up automatically.
    • You will use this info when you start Kerio Connect on the new server.
  3. ___ Stop each service that is running.
  4. ___ Change each service that is set to automatically start to start manually.
    • The KB article does not suggest this but I think it's a good idea to start the new server with all services off after the restore so that you can confirm that the restore worked properly before the new server starts accepting messages.

Create a differential backup on the old server

On the old server:
  1. ___ Make sure that your old server is connected to your new server so that you can copy files between the two.
  2. ___ In Kerio Connect, go to: Configuration --> Archiving and Backup --> Backup
  3. ___ In the Backup Scheduling area, create a new differential backup that will run in a few minutes.
  4. ___ Wait for the differential backup to run and complete. It should be much shorter than a full backup.

Shut down the old server

On the old server:
  1. ___ Disable the network interface for the mail server IP address.
    • This assumes you still have access to the machine via other methods.
    • If you are using the network to copy to the new server, you might need to delay this.
  2. ___ Stop the Kerio Connect Server.
  3. ___ To prevent Kerio Connect from launching on restart on Mac, edit Library -> LaunchDeamons -> com.kerio.mailserver.plist. Change the beginning of the file starting at <dict> to:

<dict>
<key>Disabled</key>
<true/>


Copy the differential backup to the new server

On the old server:
  1. ___ Make sure that your old server is connected to your new server so that you can copy files between the two.
  2. ___ Copy the differential file(s) to the new server.
    • Copy into the same directory as the backup files you previously copied.
    • In Kerio Connect 8.1.3, the differential zip files begin with D. The Kerio KB article says that the differential files begin with I.
    • The differential file(s) will be the newest file(s).
    • You only need to copy the differential file(s). You do not need to copy the other backup files since they have not changed.
  3. ___ If needed, you can disconnect from the old server.

Run kmsrecover on the new server

On the new server:
  1. ___ Make sure Kerio Connect IS NOT RUNNING. (I missed this one simple step and it was a painful error.)
  2. ___ Open a command-line session.
  3. ___ Use the kmsrecover instructions to perform a Full Backup Recovery from the backup that you copied to the server: http://kb.kerio.com/product/kerio-connect/server-configurati on/archiving-and-backup/examples-of-data-recovery-in-kerio-c onnect-1141.html
  • Although the kmsrecover instructions do not mention it, I think you probably want to run kmsrecover as root using sudo.
  • This step takes time and is the single largest reason your server will be down.
  • While kmsrecover is running, it will print to screen the file on which it is currently working.
  • Although kmsrecover displays a percentage, it was 99% the entire time it ran. I assume this is a bug.
  • kmsrecover will restore all the files you need to run Kerio Connect including the configuration files, SSL certificates, and mail, contact, and calendar stores.
  • Permissions seem to be properly reset by kmsrecover. Over time, the permissions on our mailserver store files had become a mess. kmsrecover seems to have set them to the proper values (very restrictive).

Launch the new server

On the new server:
  1. ___ Start Kerio Connect Server.
  2. ___ Connect via Admin: http://localhost:4040/admin
  3. ___ In Kerio Connect, go to: Configuration --> Archiving and Backup --> Backup
  4. ___ Delete the extra differential backup schedule that you previously created for the final backup.
  5. ___ Review other settings to make sure that are correct. For example, check the location of your backups.
  6. ___ Start services: Configuration --> Services

Address issues

In general, I found the results of this process to be very good.

The biggest concern I have is whether the restore is truly comprehensive. I know of no easy way to confirm that the restore was perfect.

I have read reports that kmsrecover can hang or simply not complete if it hits "bad" data. I'm not sure how accurate the reports were. I had no obvious errors.

The only problem I know of has been for some users of ActiveSync. For those users, data on their devices was not properly updating. In each case, I first tried deleting their device from the list of mobile devices. If that did not work, I had them delete the account on their device and recreate the account.

Will Mayall

[Updated on: Wed, 03 February 2016 15:58]

  •  
MacLab

Messages: 229
Karma: 14
Send a private message to this user
Hey that's not bad. I've used a technique which is similar except instead of the Kerio tool:

1. Live Clone
2. Stop Kerio Connect
3. Clone a second time copying missed/changed items only.

MacLab, Inc.
Kerio Certified Partner, Reseller, Hosting Provider, Kerio Connect Certified.
http://maclaboratory.com
  •  
Will Mayall

Messages: 177
Karma: 10
Send a private message to this user
I also considered a clone, stop server, then clone approach. I figured that since the Backup already exists, and kmsrecover is an "approved" method, it would be safer. I have done copies in the past and found them to be very slow because of the number of files.
Previous Topic: GMail Blocking our email
Next Topic: Share calendars by default
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:19:15 CET 2017

Total time taken to generate the page: 0.00431 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.