Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Web Mail in 6.1.0
  •  
keaian

Messages: 6
Karma: 0
Send a private message to this user
Having a big issue. Just installed the latest version of Kerio mail server on to my win2000 server. I access the webmail from an outside interface and it shows the logon page just fine. When I try to log in it fails. No errors in the log file. Nothing.

I have the password set to use the Windows NT Domain. This is what is handling the user accounts.

If I access webmail from the LAN it works just fine and allows me to logon with no problem.

Any suggestions on how to fix this problem when entered via the WAN. It worked before I installed the update.
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
1) Does your firewall allow port 80 to your webmail host? (I assume yes, but I'll still ask...) Try HTTPS port, does it work?

2) In mailserver console under Configuration -> Services, edit HTTP service, check that it is not bound only to one IP address. Make sure 'Allow access only from IP group' under 'Access' tab is not set.

3) Go to debug log, right click, select 'messages', enable 'HTTP server session'. Try login from outside again. See what the log says.

4) Submit a ticket if you're stumped Smile


Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
Soup

Messages: 74
Karma: 0
Send a private message to this user
I'm seeing exactly the same error.

My HTTP service is not bound to a specific IP, and access restriction is disabled (for now).

Here's the result of an attempted login...

---------------

[25/Jul/2005 15:23:45][125983232] {http} POST request for URI /default/dologin.php
[25/Jul/2005 15:23:45][125983232] {http} User-Agent header: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.5) Gecko/20041110 Firefox/1.0
[25/Jul/2005 15:23:45][125983232] {http} GET request for URI /default/login.php?reason=failure
[25/Jul/2005 15:23:45][125983232] {http} User-Agent header: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.5) Gecko/20041110 Firefox/1.0

-------------------

I have checked our firewall and nothing is being effected by it. Just to confirm, this was working before the update to 6.1 for all my users and other than running the update - nothing else was changed.

One thing that looks a little suspicous on our system is the following in the error log when starting the HTTP service...

-------------------

[25/Jul/2005 14:02:13] services.cpp: Select failed in services acceptor loop: code -1, (9) Bad file descriptor

-------------------


Paul.

[Updated on: Mon, 25 July 2005 16:27]


3 x Apple Xserve G5 DP2.3
1 x Apple Xserve RAID
40ish users
  •  
keaian

Messages: 6
Karma: 0
Send a private message to this user
Yup.. same error I recieve in mine.

[25/Jul/2005 11:03:27][1372] {http} POST request for URI /default/dologin.php
[25/Jul/2005 11:03:27][1372] {http} User-Agent header: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
[25/Jul/2005 11:03:27][1372] {http} GET request for URI /default/login.php?reason=failure
[25/Jul/2005 11:03:27][1372] {http} User-Agent header: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

However, I went back and enabled the secure webmail in my firewall and that actually works with no errors. That is a workaround for the time.

  •  
keaian

Messages: 6
Karma: 0
Send a private message to this user
Well thanks to Ken from the support team we managed to find out what the problem was.

This is not a bug. This is a new feature that must have gotten implemented with the latest release. Under the advaced options under the configuration menu. Click on the security policy and you will see a new drop menu. Change this to no restrictions. Mine was currently set to require secure authentication only.

Works fine now.

  •  
Soup

Messages: 74
Karma: 0
Send a private message to this user
https works for me too.

I'm not so sure that the security policy dropdown is a new feature - hasn't this dropdown been available for quite some time?

Sounds to me like it's a problem with the authentication system and disabling it simply bypasses the problem.

UK support are telling me that "you shouldn't really be using http anyway" and "It must be your firewall" so it's hard to say what the problem really is, at least https works though.

Paul.

3 x Apple Xserve G5 DP2.3
1 x Apple Xserve RAID
40ish users
  •  
keaian

Messages: 6
Karma: 0
Send a private message to this user
When I set mine to no restrictions then they both worked. Https should be the primary way people check their email but we both know that most of them don't have a clue to put the little s on the end :). So it's nice to have both work.

Not sure if that was a new feature or not. But what the security policy was stating was that if they didn't come in on a secure connection then it was not going to allow the authentication to happen.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I was under the impression they were adding a redirect if HTTPS was required. Too bad that didn't make it into the final 6.1 release. Users generally have no clue to add the s at the end, so we get complaints about that.

Scott
  •  
seali

Messages: 55
Karma: 0
Send a private message to this user
I just added a page at the http address <http://mail.domain.com> that redirects to the <https://mail.domain.com:1234>. It is sometimes better to isolate the end user. Not that I am commenting on their intelligence level. ;)
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Doesn't that break the KOC update? We have a couple of users on the outside using Outlook with the KOC.

Scott
Previous Topic: Spam rating score
Next Topic: HTML Email shows as Plain text via IMAP
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 18:32:33 CET 2017

Total time taken to generate the page: 0.00465 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.