|
|
|
|
| Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139404 is a reply to message #139403] |
Mon, 16 April 2018 14:27   |
FiNn
Messages: 20
Registered: July 2014
|
|
 
|
|
Next problem are automatic restarts:
Apr 16 13:59:29 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 13:59:48 server systemd[1]: Started Kerio Connect.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:02:35 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:02:35 server systemd[1]: Starting Kerio Connect...
Apr 16 14:02:35 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:02:52 server systemd[1]: Started Kerio Connect.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Main process exited, code=killed, status=6/ABRT
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Unit entered failed state.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Failed with result 'signal'.
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: Service hold-off time over, scheduling restart.
Apr 16 14:19:51 server systemd[1]: Stopped Kerio Connect.
Apr 16 14:19:51 server systemd[1]: Starting Kerio Connect...
Apr 16 14:19:51 server systemd[1]: kerio-connect.service: PID file /var/run/kms.pid not readable (yet?) after start: No such file or directory
Apr 16 14:20:09 server systemd[1]: Started Kerio Connect.
|
|
|
|
| Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #139405 is a reply to message #139395] |
Mon, 16 April 2018 14:36 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
FiNn wrote on Mon, 16 April 2018 10:52Hello,
after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.
In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.
With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.
If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.
|
|
|
|
|
|
| Re: Problems after upgrade on 9.2.6 - too many connections, time zone [message #140586 is a reply to message #139405] |
Wed, 08 August 2018 09:31 |
dolfs
Messages: 36
Registered: October 2016
|
|
|
|
Maerad wrote on Mon, 16 April 2018 14:36FiNn wrote on Mon, 16 April 2018 10:52Hello,
after upgrade on 9.2.6 (3811), we have some problems. We have Kerio Connect on Debian.
In web administration is not this settings, but i found solution in configuration file mailserver.cfg.
I had to shut down the service Kerio Connect
Edit mailserver.cfg and change <variable name="MaxConnectionsIP">100</variable> to <variable name="MaxConnectionsIP">1000</variable> prefer to all services where is it, because we have NAT.
Start Kerio Connect service and seems be OK.
With all due respect, but this sounds more like a bad solution / network build. Why do you have a local IP address connection way over 100 times to kerio? Why is Kerio behind a NAT? This seems IMHO like a bad set up or bad rules. Setting up the max connections per IP can be a serious security flaw. Would be easy(ier) to kill the server now.
If you NAT for whatever reason, Kerio should see the IP behind it. Nothing wrong with that. You don't need to change the IP to the NAT ROuter or whatever. That kind of masquerading makes now sense.
We have the same problem. We have users behind NAT, approx. 70 users. From time to time we get this error stating that too many simultaneous connections https. Checking Active Connections, we can see that one user generating from 1 to 5 connections at the same time (KOFF), why? How to monitor exactly what is causing the problem?
|
|
|
|
Members
Search
Help
Register
Login
Home
