A customer using Active Directory with Kerio Connect needed to change the email addresses for several users. He coukdn't simply use an alias as another piece of software needed to authenticate and send with these names.

He tried just changing the names in AD, but that removed the old addresses from view. Kerio Support suggested this:

Stop Kerio Connect Server. Navigate to the store, and locate each user's folder in turn.
There will be a folder for the new username, and a folder for the old username.
Rename the new user folder to something along the lines of newADusername_error
Rename the old user folder to EXACTLY the new AD username.
Start Kerio Connect Server, and the software should hook up to the "old" folders.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

A customer in Ohio called me early this morning. Mail was not working and browsing was also intermittently failing. This had also happened to him two days earlier, but before I could locate a cause, it had mysteriously fixed itself. But here it was again.

Notice my email in that log: it says my aplawrence.com domain does not exist. Well, that's wrong..

I first logged into his email server with ssh and confirmed that it could not resolve hosts. His /etc/resolv.conf pointed at the Kerio Control firewall, so I checked there. Oddly, Ip Tools there could resolve hosts. What could be wrong?

I turned on DNS debugging and could see that it was contacting Google's public servers as it was configured to. However, it was saying that responses were truncated. I tried switching the DNS to their ISP's DNS, but nothing changed. At that point, I called Kerio.

After some false starts and rechecking of things I had already done, Vladimir at Kerio suggested trying a Czech DNS server: 195.113.144.194. That started working instantly.

So what's going on? I'm not sure. I think maybe Google is having a local problem there and maybe IP Tools ignores the truncate bit? Maybe the ISP is using Google DNS itself? I do not know. I have posted to Google's public DNS forum to notify them of the error; I've seen no response yet.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

I'm running Kerio Connect Mail Server and my Outlook folders are slow loading, slow to search and slow to change.

The solution to this is to turn on caching. By default, only your INBOX is cached, which leaves everything else to be reloaded whenever you want access.

Synchronizing Microsoft Outlook with Kerio Connect explains:

The default synchronization works as follows:

Inbox — whole messages are synchronized.
Other email folders — only message headers and body in plain text are synchronized.
Events — whole events are synchronized.
Contacts — whole contacts are synchronized.
Tasks — whole tasks are synchronized.
Notes — whole notes are synchronized.

Upon each startup of Microsoft Outlook, Kerio Outlook Connector synchronizes the currently opened folder first.

This can be changed; the link explains how. Don't neglect the "Set also to all subfolders".

Of course this does require additional local storage. You might also want to know the cached data is not encrypted.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

I had an interesting exercise earlier this week. I'm going to simplify things to make it easier to understand, but the basic idea is that the customer had his ISP's equipment installed some 300 feet from where all the computing equipment was. His Kerio router therefore got its WAN connection at the end of a long wire.

That connection was slow, so he recently had a new, higher speed connection put in. He couldn't just switch over, so temporarily he'd need both. Running a new wire from Kerio Control would have been a major project, but fortunately there was one other unused wire running from where the ISP connections were. Unfortunately that connection did not go near the Kerio but instead reached a LAN switch that serviced exactly one piece of equipment and then joined the rest of the network. Would that work, he asked?

I said it would but it could cause some issues. It wasn't entirely clear to me where this switch was and how everything would flow, but as it turned out most things worked and he was able to test out the new connection using load balancing.

But some computers did not work. The problem was obvious when we looked at the logs.

[13/Nov/2015 06:24:00] from WAN2, proto:TCP, len:52, 192.168.141.103:54315 -> 104.25.139.21:80, flags:[ SYN ], seq:3723491087 ack:0, win:8192, tcplen:0
[13/Nov/2015 06:24:03] from WAN2, proto:TCP, len:52, 192.168.141.103:54314 -> 104.25.138.21:80, flags:[ SYN ], seq:1889551147 ack:0, win:8192, tcplen:0
[13/Nov/2015 06:30:54] from LAN Switch, proto:TCP, len:1489, 192.168.130.101:50185 -> 104.25.139.21:80, flags:[ ACK PSH ], seq:1910086646 ack:73727308, win:4096, tcplen:1437

Packets from 192.168.x.x should not be "from WAN2"; they should always be "from LAN Switch". A managed switch could make sure that never happens, but he didn't have that ability. What to do?

I really couldn't think of anything. It wasn't really critical as the new circuit is intended to replace the old in a few weeks, but it woould be easier if he could keep this working until then.

Then it hit me. Why on earth was the Kerio router 300 feet from the two ISP drops? I called the customer back and asked him how difficult it would be to move the router to that space and connect it to the ISP's there? There was a short pause and he answered that yes, of course, that was the way to do it and no it would not be difficult.

Sometimes you have to back up and look at the bigger picture.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

I Unzipped July of 2015 in the archive directory.. Waited an hour and it still complains about missing folders.. Had it rebuild but still complains..

It would be very unlikely for folders to be missing from an archive - almost impossible.

Did you stop Kerio Connect before unzipping the folder? While it is often possible to get away with shoving things into a running server and letting it fix things up, that's not the best chance of success. If you repeat this with the server stopped, it likely will be correct.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Yes, I probably did and I most likely renewed your license the same day or the day after. I then would have sent you an email saying this:

We have processed your order for (license number)

This license should update automatically and the correct dates and users should appear in your administration screen. If it does not, you will need to register the license from the web administration interface or at https://secure.kerio.com/reg/ to create the license file that will activate your Kerio product.

Did you notice the word "should" and the sentence that follows? The reason that I put that in is that sometimes your server doesn't make the proper communication with Kerio to activate the license. It should happen automatically, but it may not. This might be because you haven't upgraded your version recently or it might be because a firewall is blocking that communication. Whatever the reason, you need to either fix that or register your license as explained above. That's a simple process and of course I'm right here at the other end of your phone line if you have any problem. You can also call Kerio directly if it is two A.M my time and you really need to get this done!

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

How do you unblock IP’s in the firewall? Our California Warehouse VPN got locked out. Log says "Maximal amount of unsuccessful authentication attempts reached, IP address is blocked."

This happens because of a setting you probably forgot all about. It's particularly easy to forget if you aren't authenticating through a domain controller, because it's in that section of your control configuration.

It also says nothing about VPN's, so you are forgiven if you did not think to look here. Ordinarily, blocking goes away after five minutes, but if your VPN connection kept trying with a bad password, it will get locked out again and again.

Fix the password or add that address to a "Never Block" group.

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

Is it possible to have two email accounts on the same Outlook? One of our users needs to periodically check another's account.

With or without Kerio, yes, it's possible, though if it were me, I'd just forward one to the other, leaving the original. You could create an Outlook rule to store those messages in a different folder if you like.

If you really want two accounts, there are two ways to do it. One is simply to create another profile and switch to that when you want to use the other account. The other way lets you add multiple accounts to a single profile. That requires Outlook 2010 and Kerio 8.3 or newer and manual configuration of the additional accounts. Kerio has a KB article that covers all that.

Adding multiple accounts in a single profile in Microsoft Outlook

Manually creating profiles in MS Outlook

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.