Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » New - Clean - Installation on DC
  •  
CBruyland

Messages: 1
Karma: 0
Send a private message to this user
We are currently looking for a replacement for our exchange server, so I installed the trial version of KMS on a clean installed Windows 2003 server, in a seperate domain.
I've some questions:
1. Can Kerio be installed on a Domain Controller?
2. I've installed it on a DC, and the LDAP Service is not available.
3. When I install the AD Extension, and would like to create a mailbox for a user, from within 'Active Directory Users and Computers' the wizard displays an error:

CN=Administrator,CN=Users,DC=localwan,DC=net
The operation has failed.

4. When I enable AD support from within Kerio MailServer (domain - directory service), and I would like to add a new user from within KMS, I recieve the error: 'LDAP Server not available'

Could someone please help me, I don't know how to get this running...
  •  
Iassen Hristov

Messages: 54
Karma: 0
Send a private message to this user
I think it was mentioned in the documentation that if you install on a DC
the ActiveDirectory functionality will not work.

However, I would strongly suggest you do not try this at all unless you are
using the server in an intranet ONLY. For a server exposed to the Internet
I would never install on a DC. It has way too many services running on this
thing.

--On Friday, August 06, 2004 1:44 PM +0200 CBruyland <christof<at>glonet.be>
wrote:

>
> We are currently looking for a replacement for our exchange server, so I
> installed the trial version of KMS on a clean installed Windows 2003
> server, in a seperate domain. I've some questions:
> 1. Can Kerio be installed on a Domain Controller?
> 2. I've installed it on a DC, and the LDAP Service is not available.
> 3. When I install the AD Extension, and would like to create a mailbox
> for a user, from within 'Active Directory Users and Computers' the wizard
> displays an error:
>
> CN=Administrator,CN=Users,DC=localwan,DC=net
> The operation has failed.
>
> 4. When I enable AD support from within Kerio MailServer (domain -
> directory service), and I would like to add a new user from within KMS, I
> recieve the error: 'LDAP Server not available'
>
> Could someone please help me, I don't know how to get this running...
>
>





  •  
pwhodges

Messages: 144
Karma: 0
Send a private message to this user
I would expect Kerio's LDAP to conflict with LDAP in Active Directory, and so would advise not doing this unless you can use a different port....

My KMS is on a domain controller, but I had to turn off LDAP (which happened to be of no interest to me). However, I am not worried about exposing it to the Internet like this - I know what ports and services are exposed, and my firewall restricts anything possibly unsafe.

Paul
  •  
Iassen Hristov

Messages: 54
Karma: 0
Send a private message to this user
The problem is that if anybody manages to break into KMS he/she will
potentially gain control of the DC and all the highly sensitive information
that is typically stored on it.

For exactly the same reason MS does not recommend running IIS on a DC.

--On Friday, August 06, 2004 8:34 PM +0100 pwhodges
<pwh-kerio<at>cassland.org> wrote:

>
> I would expect Kerio's LDAP to conflict with LDAP in Active Directory,
> and so would advise not doing this unless you can use a different port....
>
> My KMS is on a domain controller, but I had to turn off LDAP (which
> happened to be of no interest to me). However, I am not worried about
> exposing it to the Internet like this - I know what ports and services
> are exposed, and my firewall restricts anything possibly unsafe.
>
> Paul
>
>





  •  
pwhodges

Messages: 144
Karma: 0
Send a private message to this user
Iassen Hristov wrote on Fri, 06 August 2004 21:35

The problem is that if anybody manages to break into KMS he/she will
potentially gain control of the DC and all the highly sensitive information
that is typically stored on it.

For exactly the same reason MS does not recommend running IIS on a DC.


Well, it's only my home network - that sort of advice is fine if you're a company that can afford a separate server for every function. Anyway:

(1) I don't think Kerio is as big a target as MS yet, and
(2) A fully patched Win Server2003 isn't that insecure.

I ran a prominent commercial IIS site for some years, and it was never compromised. The only (benign) compromise I've had was about 8 years ago, on a Lotus Domino webserver which had just passed a very expensive security audit :~) We fixed it (just a permissions issue) in a couple of hours, and the hacker congratulated us on our response when he revisited the next day.

Paul
Previous Topic: KMS 6.0 -- Setting up something the rejects messages with a score greater than 10.0?
Next Topic: list.cpp: Cannot start mail exchange thread
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 13:01:43 CET 2017

Total time taken to generate the page: 0.00434 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.