Overview
Some users cannot log in to the Kerio Connect webmail or Outlook and the following message appears in the Security logs:
HTTP connection from IP address 192.168.x.x rejected: too many simultaneous connections (101 connections, limit 100)
Prerequisite
Administrator (root) access to the Kerio Connect server
Solution
This happens when the MaxConnectionsIP limit is reached as more users are connected from the same IP address. This may occur if the users are connecting from multiple devices, browser/client creating multiple connection requests which are not closing properly, a centralized IP address is used by a local network, or a proxy server is used.
The default limit for MaxConnectionsIP is 100 per IP address. A higher limit should be set if you are using shared public IP for the Company office or having a large number of users. This change is required if you have already reached this limit and there are more users that will be logging in from the same IP address.
-
Navigate to your Kerio MailServer folder, default paths are below:
-
Windows:
C:\Program Files\Kerio\MailServer\ -
Mac:
/usr/local/kerio/mailserver/ -
Linux:
/opt/kerio/mailserver/
-
-
Open the
mailserver.cfgfile, and locate the table namesservice-httpandservice-https.Note: For other Kerio Connect services, the tables would be:-
XMPP:
service-xmpp -
IMAP:
service-imap -
POP3:
service-pop3
-
-
Edit the variable
MaxConnectionsIPfrom the default number to a suitable value for your environment under both tables.
Note: The safe limit, according to our Infrastructure and Development teams, is 600. But the value might be smaller or higher (e.g. up to 1000), depending on your Company Infrastructure. -
Save the changes and start Kerio Connect.
Testing
Monitor Kerio Connect Active Connections and Security logs. Ask the Kerio Connect users to confirm the Email clients' stability improved or was back to normal.