Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Autodiscover issue
  •  
Islam

Messages: 1
Karma: 1
Send a private message to this user
Hi,

I'm using kerio 8.5 and IIS 8 on the same server so i had to do reverse proxy using IIS.

The problem started when i tested iphone and i get message can't verify account information.

After long analyzing for this issue. Finally i found the error but i can't fix it.

Hope someone could tell me how to solve it.

htttps://autodiscover.domain.com/Autodiscover/Autodiscover.x ml

proxy reverse to

htttps://mail.domain.com:8843/Autodiscover/Autodiscover.xml

This is what i get via autodiscover .. you can find that port follow domain in all the xml file look at the IMAP and Other Services.

note: the SSL is authorized by CA and has no error in it

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="htttp://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response xmlns="htttp://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <User>
      <DisplayName></DisplayName>
      <EMailAddress></EMailAddress>
    </User>
    <Account>
      <AccountType>email</AccountType>
      <Action>settings</Action>
      <Protocol>
        <Type>EXCH</Type>
        <Server>domain.com:8843</Server>
        <AD>domain.com:8843</AD>
        <ASUrl>htttps://domain.com:8843/EWS/Exchange.asmx</ASUrl>
        <EwsUrl>htttps://domain.com:8843/EWS/Exchange.asmx</EwsUrl>
        <OOFUrl>htttps://domain.com:8843/EWS/Exchange.asmx</OOFUrl>
      </Protocol>
      <Protocol>
        <Type>SMTP</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>25</Port>
        <DomainRequired>off</DomainRequired>
        <SPA>off</SPA>
        <SSL>off</SSL>
      </Protocol>
      <Protocol>
        <Type>SMTP</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>465</Port>
        <DomainRequired>off</DomainRequired>
        <SPA>off</SPA>
        <SSL>on</SSL>
      </Protocol>
      <Protocol>
        <Type>IMAP</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>143</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>off</SSL>
      </Protocol>
      <Protocol>
        <Type>IMAP</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>993</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>on</SSL>
      </Protocol>
      <Protocol>
        <Type>POP3</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>110</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>off</SSL>
      </Protocol>
      <Protocol>
        <Type>POP3</Type>
        <Server>domain.com:8843</Server>
        <LoginName></LoginName>
        <Port>995</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>on</SSL>
      </Protocol>
      <Protocol>
        <Type>CalDAV</Type>
        <Server>htttps://domain.com:8843/caldav/users///</Server>
        <LoginName></LoginName>
        <Port>8843</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>on</SSL>
      </Protocol>
      <Protocol>
        <Type>CardDAV</Type>
        <Server>htttps://domain.com:8843/caldav/users///</Server>
        <LoginName></LoginName>
        <Port>8843</Port>
        <DomainRequired>off</DomainRequired> 
        <SPA>off</SPA>
        <SSL>on</SSL>
      </Protocol>
    </Account>
    <Action>
      <Settings>
        <Server>
          <Type>MobileSync</Type>
          <Url>htttps://domain.com:8843/Microsoft-Server-ActiveSync/</Url>
          <Name>htttps://domain.com:8843/Microsoft-Server-ActiveSync/</Name>
        </Server>
      </Settings>
    </Action>
  </Response>
</Autodiscover>


Sorry i had to change http to htttp due to forum limitation and rules.

I appreciate any help here.

[Updated on: Fri, 05 June 2015 06:13]

  •  
Ramalama

Messages: 3
Karma: 0
Send a private message to this user
Hi, i have exactly same issue through a nginx proxy!

Any solution to change that port?
  •  
Ramalama

Messages: 3
Karma: 0
Send a private message to this user
Kerio have still no support for proxy...

The other problem is, everything that comes through a proxy, keri shows client-address = 127.0.0.1

Is there any plans to add proxy support in the future? Im on 9.1.0 at the moment.

Cheers
  •  
Ramalama

Messages: 3
Karma: 0
Send a private message to this user
Seems like kerio doesn't have any interest to answer or proxy is unsupported.

However, im on 9.1 and there is still no proxy support...

For anyone with same problem, i have a workaround:
add in your iptables rules this:

Block Port 4040 and 8800: (your nginx/apache proxy mounts them to port 80/443)
iptables -A INPUT -i eth0 -p tcp --dport 8800 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 4040 -j DROP

Add a port redirection rule:
iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 8843 -j REDIRECT --to-port 443

you can add a port redirection rule for port 8800 if you want/need, but auto discover look only for 8843 if you have SSL enabled

But there is still a problem with kerio
Berio doesn't read the header like
X-Real-IP or X-Forwarded-For
etc...

So you will see in your admin interface every Client-Adress = 127.0.0.1

However, its better in my opinion to do it save with a proxy
instead of let Kerio open in the internet...

Cheers
Previous Topic: Message filtering by word in body (Not SPAM filter)
Next Topic: Migrate Kerio from Linux to Windows
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Dec 05 09:28:18 CET 2016

Total time taken to generate the page: 0.01018 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.