GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Connect » Problems after upgrade on 9.2.6 - too many connections, time zone
Problems after upgrade on 9.2.6 - too many connections, time zone [message #139395] Mon, 16 April 2018 10:52 Go to next message
FiNn is currently offline  FiNn
Messages: 12
Registered: July 2014

Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

First problem is with [16/Apr/2018 09:54:52] HTTPS connection from IP address 192.168.XXX.XXX rejected: too many simultaneous connections (101 connections, limit 100)
Only info i found was https://manuals.gfi.com/en/kerio/connect/content/troubleshoo ting/general-errors/why-do-i-see-ip-address-xxxx-rejected-to o-many-connections-in-the-warning-log-266.html

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.

Second problem was with bad time zone, but I create instructions to all users for change settings in their accounts. In Kerio Connect webmail you need to change the time zone in the settings and each user has to do it yourself.

Maybe it will help somebody.
Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139403 is a reply to message #139395] Mon, 16 April 2018 14:25 Go to previous messageGo to next message
FiNn is currently offline  FiNn
Messages: 12
Registered: July 2014

Next problem is with e-mail body in http://forums.kerio.com/m/139402/22380/36d658fdd626a29594b16 80b76d1fa6d/#msg_139402
Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139404 is a reply to message #139403] Mon, 16 April 2018 14:27 Go to previous messageGo to next message
FiNn is currently offline  FiNn
Messages: 12
Registered: July 2014

Next problem are automatic restarts:
Apr 16 13:59:29 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 13:59:48 server systemd[1]: Started Kerio Connect.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:02:35 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:02:35 server systemd[1]: Starting Kerio Connect...
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:02:52 server systemd[1]: Started Kerio Connect.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:19:51 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:19:51 server systemd[1]: Starting Kerio Connect...
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:20:09 server systemd[1]: Started Kerio Connect.
Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139405 is a reply to message #139395] Mon, 16 April 2018 14:36 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
FiNn wrote on Mon, 16 April 2018 10:52
Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.


With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.

If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.
Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139410 is a reply to message #139405] Mon, 16 April 2018 20:19 Go to previous messageGo to next message
FiNn is currently offline  FiNn
Messages: 12
Registered: July 2014

I did downgrade Kerio Connect to 9.2.5 patch 3.
Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #140586 is a reply to message #139405] Wed, 08 August 2018 09:31 Go to previous message
dolfs is currently offline  dolfs
Messages: 34
Registered: October 2016
Maerad wrote on Mon, 16 April 2018 14:36
FiNn wrote on Mon, 16 April 2018 10:52
Hello,

after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.

In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.


With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.

If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.


We have the same problem. We have users behind NAT, approx. 70 users. From time to time we get this error stating that too many simultaneous connections https. Checking Active Connections, we can see that one user generating from 1 to 5 connections at the same time (KOFF), why? How to monitor exactly what is causing the problem?
Previous Topic: Kerio Outlook Connector: O365 Outlook 2016 Mailserver not supported ?!
Next Topic: Autodiscover
Goto Forum:
  


Current Time: Wed Oct 16 16:17:25 CEST 2019

Total time taken to generate the page: 0.02701 seconds