GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Intermittent Log In Problems (After migrating from the Windows to the Kerio Connect Appliance)
Intermittent Log In Problems [message #124146] Fri, 11 September 2015 18:10 Go to next message
Greenhorse is currently offline  Greenhorse
Messages: 5
Registered: December 2010
Location: Minnesota
Last weekend I migrated our Kerio 8.5.1 server from a Windows 2008r2 server to the same revision using the Kerio connect appliance. The migration was time consuming and not smooth but most functionality moved without incident. There have however been a few problems I have not been able to fully resolve:

- Users are sometimes getting the message invalid password or user name repeatedly. Then without explanation the login succeeds.

- Users are initially shown a certificate error. If they proceed or continue it logs in and then the cert error does not reappear.

- Mobile device users are sometimes getting a login failed message but the connection appears to work fine.

- Some mobile device users are not able to connect at all and are getting an invalid login message.

- Some contact lists were somehow corrupted during the migration.

The configuration files were copied in directly from the Windows server and have largely remained unchanged. I figure this has to somehow be an issue with SSL or perhaps certificate configuration but I am stumped as to what. Since the errors are sporadic I am not sure what really to point at. Any suggestions would be greatly appreciated.

The Greenhorse

Report message to a moderator

Re: Intermittent Log In Problems [message #124148 is a reply to message #124146] Fri, 11 September 2015 19:20 Go to previous messageGo to next message
Bud Durland is currently offline  Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
We recently migrated from Windows to Linux, so very similar to what you did. We did not have any certificate issues (ours is from GoDaddy), it all just worked, so I'm afraid I can't be much help there.

Are your users authenticated to the local database or via AD/kerberos? I tested both the appliance, and the Linux installer and was disappointed that neither installs the basic things (kereros, etc) that are needed in order to use anything but the local user database. Documentation from Kerio was thin, at best.

Report message to a moderator

Re: Intermittent Log In Problems [message #124149 is a reply to message #124148] Fri, 11 September 2015 20:42 Go to previous messageGo to next message
Greenhorse is currently offline  Greenhorse
Messages: 5
Registered: December 2010
Location: Minnesota
Thanks for the response Bud. I agree that Kerio's documentation is rather thin. We are authenticating via LDAP into a Window 2008R2 active directory. We also use GoDaddy.

This whole issue feels like a performance problem, like maybe the cert or directory auth is timing out. I am getting a whole lot of messages in the security log that say "External authentication service rejected authentication due to invalid password or authentication restriction." Yet eventually everyone successfully authenticates.

This is the first mail server I've managed in nearly a decade and my predecessor installed it so I may just be a bit out of my depth.

Let me know if you can think of anything else to check.

The Greenhorse

Report message to a moderator

Re: Intermittent Log In Problems [message #124150 is a reply to message #124146] Fri, 11 September 2015 21:14 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
Have a look at this article http://kb.kerio.com/784
Specifically refer to the section Setting up Kerberos user authentication against Active Directory
It sounds like there is a trust issue between your PDC and the system running Kerio Connect.
Regarding your certificate issue, it's likely that it's not installed properly. Refer to this article http://kb.kerio.com/1132 specifically the section at the bottom regarding intermediate certificates. You can test if your certificate is installed properly from www.sslshopper.com https://www.sslshopper.com/ssl-checker.html

Brian Carmichael
Instructional Content Architect

Report message to a moderator

Re: Intermittent Log In Problems [message #124151 is a reply to message #124150] Fri, 11 September 2015 21:20 Go to previous messageGo to next message
Greenhorse is currently offline  Greenhorse
Messages: 5
Registered: December 2010
Location: Minnesota
Thanks for the feeback. These sound like they may be the exact problems. I will post after I confirm they fix the issues.

The Greenhorse

Report message to a moderator

Re: Intermittent Log In Problems [message #124153 is a reply to message #124151] Fri, 11 September 2015 21:39 Go to previous message
Bud Durland is currently offline  Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
Yeah, what Brian said Smile
Especially the Kerberos stuff. I lost an hour tracking down a problem that ended up that I didn't have the entire domain in ALL CAPS.

Report message to a moderator

Previous Topic: Kerio Connect Client 8.5.2 move public folder bug
Next Topic: Accessing Contacts with Thunderbird/Sogo-Connector
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Mar 20 20:36:45 CET 2023

Total time taken to generate the page: 0.02347 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software