Overview
Kerio Control IPS Plugin is not updated due to a download error: Couldn't connect to server error.
Antivirus updates, GeoIP database updates, Product updates may also report connection timeouts and failures.
Example Log:
[11/Feb/2018 20:42:06] IPS rules update: Download error, Couldn't connect to server. [12/Feb/2018 08:30:40] GeoIP database update check failed: Couldn't connect to server. [12/Feb/2018 08:38:36] (2) Product update failed. Error: Check failed (Failed to connect to prod-update.kerio.com port 443: Connection refused) [12/Feb/2018 08:44:37] Antivirus Server error:(PID: 17086) Cannot find update location: Failed to connect to bdupdate.kerio.com port 443: Connection timed out. Download failed. [12/Feb/2018 08:44:37] Unable to perform Kerio Antivirus update. Error: Cannot find update location: Failed to connect to bdupdate.kerio.com port 443: Connection timed out. Download failed.
Solution
This issue could happen due to a traffic rule blocking the Kerio update servers for IPS, Antivirus etc. You can resolve this issue by having an exclusion in place for the update servers of Kerio, by configuring a traffic rule allowing traffic from the following Destination Addresses, with the Services as HTTP and HTTPS:
- 52.32.0.0 - 52.63.255.255
- *kerio*
- bdupdate-cdn.kerio.com
- bdupdate.kerio.com
- control-update.kerio.com
- ids-update.kerio.com
- prod-update.kerio.com
- register.kerio.com
If the above steps fail to solve your issue, the root cause may be our AWS services experiencing a temporary outage. Please contact support and we will check whether this is the case.
<supportagent>
Support Agent Only
If you have verified that the above steps do not work for the customer, the root cause may be an AWS outage. You can check for recent outages under the Central Project with type SaaS Incident. The issue description will contain a list of impacted schemas which will list kerio, e.g. CENTRAL-125182 (Old JIRA) or CENTRAL-122919 (New JIRA). The issue will be resolved once the AWS db resumes normal functioning, you can test this and inform the customer.
</supportagent>