Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Migrate from Windows to Linux
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
I want to change our Connect installation from Windows to Linux. I am setting up a test environment to be sure we can do it. We have a mail store approaching 1TB in size, so using the the built-in backup and KMSRecover isn't really an option. I want to do a copy of most of the mail data while the old system in on-line, then shut down the old server, and do a final 'catch-up' copy and turn on the new server.

I'm looking for advice on possible pitfalls or things I have to do to get it to make this work.

I'm setting up a Debian 7.8 server, with Connect 8.5 and a trial license. I will use RSYNC to accomplish the file copies from the ../store folder on the windows machine to the Linux server. I'm still figuring out the appropriate options to use.

Is the best way to install connect on the new server, migrate the users.cfg file, and start it once to let it create all the folders, then run rsync?

I'd appreciate advice from anyone who has done this before..

  •  
pcunix

Messages: 594
Karma: 33
Send a private message to this user
You can indeed use rsync to transfer most of the data while still running, then on the day of switchover, shut down Connect, do a final (small rsync) and continue as detailed in the kb article.

See my http://aplawrence.com/Kerio/rsync_connect_transfer.html article for specific advice.

Tony Lawrence
Kerio Preferred Partner and Reseller
Certified for Connect, Control
http://aplawrence.com
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Tony -- thanks for the encouragement. Your article was about a linux-to-linux migration, so I had to tweak my steps accordingly. My new Linux installation is based on the appliance. I added a big EXT4 partition for the mail store, and used apt-get to add couple OS components (nfs-common). I then set up NFS services on the old Windows server mounted the store folder in the new Linux server.

Rsync is running now. When it is done, I will move over the users.cfg, but not the server.cfg. The Linux server is using a trial license for now. Hopefully that will be enough to let me start the new server and login to it using web mail to confirm that everything came over as expected.

A few such tests and I'll be ready to do the final rync and transfer of the old server's identity to the new server as explained in the Kerio kb article. I'll need to not forget to get a new Linux version of my license.

I wonder what will happen if I run two servers with the same license number simultaneously for a couple days while I'm doing the transition?

FWIW -- I've been through a couple similar migrations that were between Windows hosts. Basically the same scenario, except using RoboCopy instead of RSync. Those were pretty painless.

[Updated on: Wed, 24 June 2015 16:42]

  •  
Brian (GFI/Kerio)

Messages: 780
Karma: 79
Send a private message to this user
Make sure it is a registered trial. Otherwise it won't read any messages prior to the installation date.

Brian Carmichael
Instructional Content Architect
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Today we made rsync choke. Apparently it doesn't like the number of files (literally millions) to be copied. I found a script on-line and tailored to do folders individually. Copy is now continuing.
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
So, I got the first run of the rsync completed. I copied the users.cfg file over and started the mail server. It sees all the users, but when I try to login to web mail, I get a permissions error reading my INBOX.

The ERROR log on the server is also getting a lot of messages like these. I have a registered trial license on the appliance, so I thought I wouldn't see them. perhaps I need to actually apply my 'real' license to the appliance server.

[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/INBOX create_time < install_time
[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/Sent Items create_time < install_time
[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/Drafts create_time < install_time
[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/Deleted Items create_time < install_time
[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/Junk E-mail create_time < install_time
[28/Jun/2015 09:44:03] folder_manager.cpp: Folder ~bud<_at_>mrpcap.com/Contacts create_time < install_time

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Yes, you need a real license on the destination server.
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Currently being stumped on how to do kerberos authentication to our Active Directory domain from the appliance. I found a Kerio KB article on working with the appliance (no KB number, so google "working with the kerio connect appliance). It gave some hints, but no joy yet. The last step in the kerberos set up returns an error:

$ kinit -S host/REALM
kinit: Client not found in Kerberos database while getting initial credentials


Any advice on what to edit to fix that last would be appreciated.

  •  
Brian (GFI/Kerio)

Messages: 780
Karma: 79
Send a private message to this user
Make sure you've installed the Kerberos packages. In this KB article http://kb.kerio.com/784 we list the necessary packages to install in the section "Setting up Kerberos user authentication against Active Directory".

Brian Carmichael
Instructional Content Architect
  •  
Brian (GFI/Kerio)

Messages: 780
Karma: 79
Send a private message to this user
Also, check in the properties of your email domain in Kerio Connect. In the advanced tab there is a Kerberos realm. Make sure it matches your Active Directory domain.

Brian Carmichael
Instructional Content Architect
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Hi Brian -- the KB article you quoted is the one I was working from, I just didn't know the number. All of the packages listed there are installed.

On My Windows 2008 domain controller, I created a computer account called 'kconnect'. The command 'setspn -R kconnect' comes back with:
Registering ServicePrincipalNames for CN=kconnect, CN=computers, etc..
  HOST/kconnect.mydomain.local
  HOST/kconnect 
Updated object


After that, I run kinit as recommended in the KB article and get the error as above.


  •  
Brian (GFI/Kerio)

Messages: 780
Karma: 79
Send a private message to this user
Did you see my last comment regarding the Kerberos realm?

Brian Carmichael
Instructional Content Architect
  •  
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Yes, sorry. I also confirmed that to be correct. The nature of the error in the 'kinit' command leads me to think that something is missing in the appliance, but I can't figure out what it is.
  •  
Brian (GFI/Kerio)

Messages: 780
Karma: 79
Send a private message to this user

Brian Carmichael
Instructional Content Architect
Bud Durland

Messages: 402
Karma: 45
Send a private message to this user
Having carefully followed all the provided links (many thanks). I'm tantalizingly close to having this resolved. When the appliance is booted, Kerberos authentication does not work. However, if I open an ssh session to the server and issue this command:
kinit administrator

and enter the Windows administrator password, kerberos authentication works. Alas, this does not survive a reboot of the appliance. So, there is still one tiny piece I'm missing somewhere.
Previous Topic: Domain footer HTML
Next Topic: Operator Address book issue
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 23:11:27 CET 2017

Total time taken to generate the page: 0.00495 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.