Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control Appliance Firewall locked up ( 8.1.1 patch 1 build 1019)
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
This morning my firewall running as a VMWARE appliance completely locked up and we were down until I could get to the office. I couldn't log into it from the console because it was unresponsive. I did a forced power off and restarted it and it came back up. I want to apply the new patch, but not before the weekend. What should I be looking for here to explain what happened? Disk space is 43% used, ram is at about 30% usage. I'm also having an issue with backup to samepage1) same page saying that it failed but the new files are there, seems it can't find the old file to delete so backup files are building. This was working fine until about a week or so ago.
Thanks for any assistance.

Edit: I notice in the Error Log since last night scores of entries like this: [23/Oct/2013 22:36:29] (28) Unable to write temporary file in SMTP/POP3 inspector ((28) Unknown error 28).
all seeming to center around Sophos actions. After the forced shutdown so far I'm not seeing these errors.

[Updated on: Thu, 24 October 2013 19:24]

  •  
Quentinb

Messages: 34
Karma: 0
Send a private message to this user
We have the same issue. Kerio control has locked up 3 times in the last week alone. The RAM spikes to 100% and then KC appears to re-start itself. We run a Hyper-V appliance.

We have been running Kerio products for a long time and I love them, but we cannot have this downtime and am starting to search for a replacement solution. Version 7 was rock solid.
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
For what it's worth, I did one thing just prior to my problems and that was I enabled http antivirus scanning. Then when the problem surfaced I saw the errors in the logs regarding unable to write to disk issues. I performed the latest update over the weekend and that took care of the backup error I was getting. I disabled the http scanning and haven't had an issue yet and I'm afraid to re-enable it just because.... It had been running for a long time without issue so it would take a very long time for me to know if I still have a problem or not. Does anyone know if there is any way to do a chkdsk of some kind on Control? Just to check if anything is fishy there?
  •  
Quentinb

Messages: 34
Karma: 0
Send a private message to this user
Our FW dropped all connections this morning after recording the errors above. It again dropped all the connections this afternoon after doing a AV update. There were no errors, but the RAM usage dropped to 0 and then climbed again after the update.

The trade on the stock market and having a 10s drop in connections can costs us serious business!
  •  
mcholdings

Messages: 24
Karma: 0
Send a private message to this user
We have the same issue - it locks and you cannot even access the webpage. I have been able to restart in the console through VMWare though, but that is not much use when you are outside!

Though today I was able to connect through our web service for remote control (screenconnect) that uses our firewall - despite the fw not responding.

Same as others, I have been on Kerio 3 years, keep pretty much up to date on public (not beta) releases, and never had a blink until the last 2-3 days.
  •  
rjokl

Messages: 64
Karma: 7
Send a private message to this user
The temporary files for AV scanning are stored on RAM-disk. It is not necessary to do chkdsk, the content is erased during reboot. As a workaround you can delete the files from SSH/console before the machine locks-up: "rm /tmp/*.\$\$\$". You can also try to lower the filesize limit on the antivirus configuration screen.
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
Well I don't absolutely know that it locked up because of that, but it seems like a good possibility. I think the system should be able to handle this on its own without being constantly watched. I will probably increase its memory just to add some insurance, but I'd still like a way to verify the consistency of the actual operating system files. Thank you for your input though, it's somewhat comforting to know that the errors I saw were not related to actual hard drive issues.

Does anyone have recommendations on how much ram it should have? All I can seem to find is the minimum requirements posted by Kerio. We only have a couple of internal users, but quite a bit of Internet traffic with people accessing web servers and email. We use Sophos AV but don't implement any sort of user control. I left it at the default install of 1GB for a virtual appliance but I'm pretty sure that's not enough. I see the Kerio box ships with 2 GB. So anyone with a lot of experience running Control I would love to hear your thoughts on this before I change it.
Thanks.

[Updated on: Thu, 31 October 2013 04:07]

  •  
mcholdings

Messages: 24
Karma: 0
Send a private message to this user
We have a 32 bit appliance install which an only use 3G - and have about 300 devices on a 100Meg link, and until this version the last few days, has never once blinked.....
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
It's looking to me like there is a memory leak. My memory usage has been creeping up since I restarted the FW a week ago. I was hoping to make it to the weekend before I increased ram, but that may not be possible. Last night the memory usage went up from 75% to 80% and I started to get these errors:
[01/Nov/2013 03:42:57] Unable to start server process(././avserver), error: Unable to create server process: (12) Unknown error 12
I think the whole issue may be centered around Sophos, since this just recently started and it was ok for several months before this started. I turned off Sophos completely and I'm watching the memory closely. I'm not sure at what usage point real trouble begins. I only have a gig installed right now so there is not a lot of head room on this but fortunately I don't have nearly as much traffic as a lot of you seem to. I'm interested to know if those of you who are reading this thread and having this same problem are also running Sophos? I'm going to have to leave Sophos off anyway because it turns out it is blocking my largest customers e-fax's. Seems to alert on every one of them and there is apparently no way to create an exception for it.
  •  
Lisa Lyons (Kerio)

Messages: 175
Karma: 8
Send a private message to this user
This looks like a bug, guys. However, I don't have anything specific on record for it. Because it looks like a bug, I would like to invite you all to log a ticket for it with Support. There are some actions we can take to investigate this deeper and come up with a solution.

These forums are great for little problems, but bigger ones like this really should be handled through proper support channels.

Please be sure to include the link to this forum post, so that our support engineers can trace it back and see what has already been suggested/tried.

Kerio Technical Support
Log Support Incidents here: http://www.kerio.com/support
Also, please use our KB: http://kb.kerio.com
  •  
Quentinb

Messages: 34
Karma: 0
Send a private message to this user
Hi Lisa,

Great thanks!

Every time I have made contact with Support I am asked for Credit card details as well as $100 before my issue would be accepted. So far, every time I have had issues it has been legitimate Kerio issues followed by a Software update that fixes the issue.

I understand the need for the above with regards to silly questions but it would really great to perhaps have a "power users" list whereby serious issues can be addressed without having to make a scene. Maybe for customer that have been using Kerio products for a few years?

I will mail support shortly with reference to this post.

Thanks
Quentin
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
Just updating on this, I upped the ram to 2GB and disabled both antivirus and intrusion prevention which immediately dropped the ram usage way down. I restarted the firewall and have been watching the ram usage constantly. The usage has climbed constantly from starting at .04GB until now it is at .77 GB so something is constantly using ram and not releasing it. I'm still nowhere near my 2GB but it's hard to believe the ram usage should increase frem roughly 40MB to 770MB in 2 weeks without there being a serious problem. I was going to update to version 8.2 but another poster said his locked up after a few hours, I can't afford for that to happen. Quentinb have you gotten any feed back from your trouble report?
  •  
lclark

Messages: 15
Karma: 0
Send a private message to this user
Well as fate would have it, I was in my PJs at home this morning relaxing and getting ready to watch football and logged into my network remotely. I happened to be checking the firewall status and traffic. It was using exactly .77 Gigs of ram and doing nothing special when bam, all my remote connections dropped. After the fire drill of throwing my clothes on and racing to the office I found that I could ping the firewall but not access it or get any traffic through it. Looking at the console screen in vmware it showed that the fw was in the process of starting up. However I could, of all things, log into it. After a hard restart it is connecting fine. This is simply intolerable.
  •  
mcholdings

Messages: 24
Karma: 0
Send a private message to this user
We have recently gone to 8.2 and it has been much more stable.

The fact we had a command and control machine in the network (which both Sophos and Malwarebytes missed - we have since submitted them the files), wasn't helping our spikes...

Quentinb

Messages: 34
Karma: 0
Send a private message to this user
@lcclark, I have made contact with Kerio Support and they have requested some debug files as well as a crash dump report.

I have not yet submitted these as I need to do them outside office hours and this time of the year is very busy for us. As Murphy would have it, ours has not crashed once since. What I did do was try and get the Sophos updates to run outside office hours when the traffic is much less, not sure if that has helped with the stability?

Your fire-drill sounds exactly the same as our situation. Are you running the appliance edition on Hyper-V ?

@mcholdings - I thought to upgrade also, but then these issues remain unanswered. I would like to know what is causing this issue.
Previous Topic: Kerio Control on Shuttle DS437 with RTL8188CE WLAN not recognized
Next Topic: MPLS inconveniences channel
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Aug 22 09:11:43 CEST 2017

Total time taken to generate the page: 0.00595 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.