| Too many simultaneous connections - but in reality it's different. [message #145400] |
Fri, 29 March 2019 14:52  |
devlin
Messages: 11
Registered: March 2019
|
|
|
|
Hello,
I have a problem. I have one user who cannot from time to time access his mailbox. Webmail is throwing "No internet connection" etc.. And in the log on the mailserver are there logs:
"HTTPS connection from IP address 10.0.10.11 rejected: too many simultaneous connections (151 connections, limit 150)"
Kerio Connect is running on Windows Server 2012 R2. And when I check connections on that server, there are almost no connections from that IP address. Maybe 2 or 3, not 150! In this situation I have to move client to different IP address or restart Kerio Connect.
Version of Kerio Connect is 9.2.7 patch 3 (4225).
User has second notebook and on both of them he was dealing with this.
What could be cause of this? Has anyone else experienced this?
|
|
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #145416 is a reply to message #145411] |
Tue, 02 April 2019 10:09  |
gfilogin2019
Messages: 1
Registered: April 2019
|
|
|
|
I have the same problem with
Apple OSX 10.12.4 as KERIO Connect-Server
with Kerio Connect version 9.2.7 patch 3
total we have 15 Clients (5 are Windows and 10 are Apple OSX)
I have the message after my update from Kerio V8.x to V9x
[01/Apr/2019 07:40:05] HTTP connection from IP address 192.168.1.223 rejected: too many simultaneous connections (1001 connections, limit 1000)
What have i done?
I changed in mailserver.cfg:
<table name="service-http">
<variable name="MaxConnectionsIP">1000</variable>
and
<table name="service-https">
<variable name="MaxConnectionsIP">1000</variable>
But the problem was still there - every 4 days, one inhouse-client is blocked. Then i have to restart the Kerio-Mail-Server. This works than for another 4 days......
In the different Forum i read "change <table name="service-https">
<variable name="MaxConnectionsIP">300</variable>" - ich changed to 1000.
In my case, the problem with the blocked IP is only with 2 Windows-Clients. So i believe, there is something on this windows-clients, that makes "too many simultaneous connections" it must not be a kerio/gfi-problem at all.
The bad thing on this is, that Mail-Server are very important in the companies. So i hope, i can fix this problem in near future.
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #145436 is a reply to message #145416] |
Wed, 03 April 2019 20:40 |
scottwilkins
Messages: 103
Registered: May 2006
Location: Tulsa, OK
|
|
|
|
|
I'm seeing similar issues in 9.2.7 One or two clients will get a lot of connections, but the symptom is they stop receiving e-mail. They use KOFF under Outlook 2016. After closing all, and even shutting down the computers the connections remain and e-mail still does not flow. Checking the files, there are new messages in their inbox, but they won't flow down to Outlook. A reboot of the mail server is what has fixed it so far, but it happens again in a few days. Something seems messed up between KOFF and Kerio Server.
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #145470 is a reply to message #145436] |
Mon, 08 April 2019 16:53 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
First of all, you can change the settings in the admin GUI. Services > click a service > access > max. number of concurrent connections.
Also check if you have the ip address groups right (all local IP's) and if under SMTP SErver > Security Options those are excliuded "do not apply to ip address group".
Otherwise, instead of trying something, enable additonal debug logs and check the security log, to find the reason WHY the client(s) was/were banned or how many connection trys are there.
You can see how many connections are open in Status > Active connections.
Also the thing that shouldn't happen is a block because of too many http connections. I have disabled the http service and do a url rewrite with IIS to the https site. IMHO there shouldn't be HTTP open in any case. Or at least turn to requite encrypted connection on under the security tab (Security Policy).
If there are over 1k open HTTP concurrent connections, somethings not right.
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #146020 is a reply to message #145400] |
Fri, 21 June 2019 11:20 |
devlin
Messages: 11
Registered: March 2019
|
|
|
|
2 Carconnex:
I know I can raise "MaxConnectionsIP" value, but this is only delaying problem. And yes, it looks like it's total amount of https connections that system counts, not connections from one IP. But I can't understand, why after reaching this limit is blocked always the same user.
2 Maerad:
I have 1000 as a max number of concurrent connections. "MaxConnectionsIP" limit looks like it's limiting us.
There's nothing in security log. Only one kind of message repeating as the user wants to get into his mailbox:
"HTTPS connection from IP address 192.168.1.55 rejected: too many simultaneous connections (151 connections, limit 150)"
What kind of debug log I have to check to see something related to this problem?
I have HTTP disabled. There is only HTTPS allowed.
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #146063 is a reply to message #146020] |
Tue, 25 June 2019 12:33 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
Debug Log I would say anything with network etc. and look out for something like "timeout" or whatever. Really depends on what he uses and where the problem comes from, you need to try this a bit.
How does he connect to the server? Only Webclient? Kerio Client? KOFF?
Does he use another browser like the rest of the users? Any addons in it like speed up ones? Antivirussolution with additional firewall/IDS or Browser Protection Plugin?
It could be, if he uses an addon to increase the speed or firewall from some tool, that the TCP connection to the server gets severed and the timeout for those is quite high. So he builds up a connection like every 2 seconds while the other ones are still "active". Or in case of some download optimizing stuff, the browser opens not one but multiple connections to the server from this IP.
Also open a admin cmd on server and client and do a netstat -a (or some other options, ask -? for the details) to check, how many connections are really there from the client.
|
|
|
|
|
|
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #149143 is a reply to message #145400] |
Tue, 08 December 2020 09:19 |
ZZZKOT
Messages: 27
Registered: September 2019
|
|
|
|
Hello!
I know this is an old topic. But it only considered a proposal to bypass the limitation in the number of connections.
I want to write about the cause of the problem - at least in our case.
A user with such a problem had a smart speaker connected to his home WiFi. This device seems to somehow monitor the home network, intercept requests from other devices and "spam" requests to that IPs. In our case, it was our Kerio Connect mailserver IP.
As a result, mail stopped working on the user's laptop, and our mail server issued data messages about exceeding the limit of HTTPS connections.
|
|
|
|
| Re: Too many simultaneous connections - but in reality it's different. [message #149146 is a reply to message #149143] |
Tue, 08 December 2020 22:22 |
j.a.duke
Messages: 239
Registered: October 2006
|
|
|
|
ZZZKOT wrote on Tue, 08 December 2020 03:19Hello!
I know this is an old topic. But it only considered a proposal to bypass the limitation in the number of connections.
I want to write about the cause of the problem - at least in our case.
A user with such a problem had a smart speaker connected to his home WiFi. This device seems to somehow monitor the home network, intercept requests from other devices and "spam" requests to that IPs. In our case, it was our Kerio Connect mailserver IP.
As a result, mail stopped working on the user's laptop, and our mail server issued data messages about exceeding the limit of HTTPS connections.
Which smart speaker? I would like to know because I'm often asked about technology products in general and would like to know if a given product would cause problems.
Thanks.
Cheers,
Jon
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
