Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Intermittent Log In Problems (After migrating from the Windows to the Kerio Connect Appliance)
  •  
Greenhorse

Messages: 6
Karma: -2
Send a private message to this user
Last weekend I migrated our Kerio 8.5.1 server from a Windows 2008r2 server to the same revision using the Kerio connect appliance. The migration was time consuming and not smooth but most functionality moved without incident. There have however been a few problems I have not been able to fully resolve:

- Users are sometimes getting the message invalid password or user name repeatedly. Then without explanation the login succeeds.

- Users are initially shown a certificate error. If they proceed or continue it logs in and then the cert error does not reappear.

- Mobile device users are sometimes getting a login failed message but the connection appears to work fine.

- Some mobile device users are not able to connect at all and are getting an invalid login message.

- Some contact lists were somehow corrupted during the migration.

The configuration files were copied in directly from the Windows server and have largely remained unchanged. I figure this has to somehow be an issue with SSL or perhaps certificate configuration but I am stumped as to what. Since the errors are sporadic I am not sure what really to point at. Any suggestions would be greatly appreciated.

The Greenhorse
  •  
Bud Durland

Messages: 365
Karma: 38
Send a private message to this user
We recently migrated from Windows to Linux, so very similar to what you did. We did not have any certificate issues (ours is from GoDaddy), it all just worked, so I'm afraid I can't be much help there.

Are your users authenticated to the local database or via AD/kerberos? I tested both the appliance, and the Linux installer and was disappointed that neither installs the basic things (kereros, etc) that are needed in order to use anything but the local user database. Documentation from Kerio was thin, at best.
  •  
Greenhorse

Messages: 6
Karma: -2
Send a private message to this user
Thanks for the response Bud. I agree that Kerio's documentation is rather thin. We are authenticating via LDAP into a Window 2008R2 active directory. We also use GoDaddy.

This whole issue feels like a performance problem, like maybe the cert or directory auth is timing out. I am getting a whole lot of messages in the security log that say "External authentication service rejected authentication due to invalid password or authentication restriction." Yet eventually everyone successfully authenticates.

This is the first mail server I've managed in nearly a decade and my predecessor installed it so I may just be a bit out of my depth.

Let me know if you can think of anything else to check.

The Greenhorse
  •  
Brian Carmichael (Kerio)

Messages: 599
Karma: 61
Send a private message to this user
Have a look at this article http://kb.kerio.com/784
Specifically refer to the section Setting up Kerberos user authentication against Active Directory
It sounds like there is a trust issue between your PDC and the system running Kerio Connect.
Regarding your certificate issue, it's likely that it's not installed properly. Refer to this article http://kb.kerio.com/1132 specifically the section at the bottom regarding intermediate certificates. You can test if your certificate is installed properly from www.sslshopper.com https://www.sslshopper.com/ssl-checker.html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Greenhorse

Messages: 6
Karma: -2
Send a private message to this user
Thanks for the feeback. These sound like they may be the exact problems. I will post after I confirm they fix the issues.

The Greenhorse
  •  
Bud Durland

Messages: 365
Karma: 38
Send a private message to this user
Yeah, what Brian said Smile
Especially the Kerberos stuff. I lost an hour tracking down a problem that ended up that I didn't have the entire domain in ALL CAPS.
Previous Topic: Kerio Connect Client 8.5.2 move public folder bug
Next Topic: Accessing Contacts with Thunderbird/Sogo-Connector
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Feb 20 19:20:46 CET 2017

Total time taken to generate the page: 0.01043 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.