Overview
The Kerio Connect service is stopped unexpectedly and cannot be started with the following error log:
Secure Web Admin failed to start on port: 0
It is causing the Kerio Connect server to become inaccessible.
Prerequisites
Old Kerio Connect 8.x installed on Windows Server 2003
Wildcard Certification Authority SSL certificate configured in Webadmin
Diagnosis
Windows Server 2003 couldn't verify the signed CA certificate because it contains the SHA256 signature. As a result, the SSL certificate issue caused Webadmin service error on an unusual 0 port. Such startup error should have used the default Webadmin port (4040) pulled from the configuration file. If the service couldn't start on the default 4040 port, Kerio Connect assigns the default value equal to 0 (zero).
Solution
- Navigate to the Kerio Connect installation folder. By default, it's
C:\Program Files (x86)\Kerio\MailServer\ - Open sslcert folder and cut the server.crt and server.key to the external non-Kerio directory (Desktop, etc).
- Start Kerio Connect.
- Create a self-signed SSL certificate.
Note: iOS devices won't be able to send or receive mail unless explicitly set to not use SSL authentication.
- Consult with Certification Authority about reissuing certificate (without SHA256 signature) using CSR.
Alternatively, use a single-name certificate, for example, the one provided by ZeroSSL or GoDaddy. Then import the CA certificate into Kerio Connect.
Testing
The Kerio Connect Webadmin is able to start correctly and the service is no longer failing.
Additional Considerations
As the Kerio Connect 8.x versions were released in 2013-2015, such old installations are no longer supported. Apart from upgrading the software, the server should be migrated as well to reflect the Kerio Connect supported OS. For more information about migration, please refer to the following topics:
Upgrading Kerio Connect older than Version 9.0.0
Kerio Connect system migration to another server
Note: manual method is recommended as the server OS will be changed.