Home » Kerio User Forums » Kerio Connect » Problems after upgrade on 9.2.6 - too many connections, time zone
  •  
FiNn

Messages: 12

Karma: 0
Send a private message to this user
Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

First problem is with [16/Apr/2018 09:54:52] HTTPS connection from IP address 192.168.XXX.XXX rejected: too many simultaneous connections (101 connections, limit 100)
Only info i found was https://manuals.gfi.com/en/kerio/connect/content/troubleshoo ting/general-errors/why-do-i-see-ip-address-xxxx-rejected-to o-many-connections-in-the-warning-log-266.html

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.

Second problem was with bad time zone, but I create instructions to all users for change settings in their accounts. In Kerio Connect webmail you need to change the time zone in the settings and each user has to do it yourself.

Maybe it will help somebody.
  •  
  •  
FiNn

Messages: 12

Karma: 0
Send a private message to this user
Next problem are automatic restarts:
Apr 16 13:59:29 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 13:59:48 server systemd[1]: Started Kerio Connect.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:02:35 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:02:35 server systemd[1]: Starting Kerio Connect...
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:02:52 server systemd[1]: Started Kerio Connect.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:19:51 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:19:51 server systemd[1]: Starting Kerio Connect...
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:20:09 server systemd[1]: Started Kerio Connect.
  •  
Maerad

Messages: 217
Karma: 38
Send a private message to this user
FiNn wrote on Mon, 16 April 2018 10:52
Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.


With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.

If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.
  •  
FiNn

Messages: 12

Karma: 0
Send a private message to this user
I did downgrade Kerio Connect to 9.2.5 patch 3.
  •  
dolfs

Messages: 33
Karma: 2
Send a private message to this user
Maerad wrote on Mon, 16 April 2018 14:36
FiNn wrote on Mon, 16 April 2018 10:52
Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.


With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.

If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.


We have the same problem. We have users behind NAT, approx. 70 users. From time to time we get this error stating that too many simultaneous connections https. Checking Active Connections, we can see that one user generating from 1 to 5 connections at the same time (KOFF), why? How to monitor exactly what is causing the problem?
Previous Topic: Kerio Outlook Connector: O365 Outlook 2016 Mailserver not supported ?!
Next Topic: Autodiscover
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Dec 15 15:14:44 CET 2018

Total time taken to generate the page: 0.93854 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.