Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Micael_Aman on April 13, 2004, 11:12:39 AM

Title: Cannot access SSL-sites after ClamAV installation
Post by: Micael_Aman on April 13, 2004, 11:12:39 AM

Hi all,

I've been running SME on servral server the last years and it have been working great. Last week I installed ClamAV on one of the servers (5.6 gateway). Now the users can't access windowsupdate, Hotmail or any SSL-sites.

I'm not sure that it is Clam that causing this problem, but the ClamAv was the last change on the server.

I used this script for Clam installation
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_22.htm

Does anyone else seen this before?
What should I look for in terms of blocked ports, etc?

//Micael

Title: Cannot access SSL-sites after ClamAV installation
Post by: Micael_Aman on April 14, 2004, 01:24:27 PM

Update.

I was not the ports on the sme that caused the SSL-trouble.
I has someting to do with DNS.

We are using Active Directory which also handles DHCP and DNS.
If the clients use AD-DNS the clients can access resouces both the internet (ex www.contribs.org) and in AD, but not ex windowsupdate, hotmail.
If the client use SME as DNS they can access internet and also use windowsupdate, but not logon to AD.

THave anyone seen this?


//Micael

Title: Cannot access SSL-sites after ClamAV installation
Post by: taltos on April 15, 2004, 04:14:30 PM

Quote from: "Micael_Aman"

Update.

I was not the ports on the sme that caused the SSL-trouble.
I has someting to do with DNS.

We are using Active Directory which also handles DHCP and DNS.
If the clients use AD-DNS the clients can access resouces both the internet (ex www.contribs.org) and in AD, but not ex windowsupdate, hotmail.
If the client use SME as DNS they can access internet and also use windowsupdate, but not logon to AD.

THave anyone seen this?


//Micael

Clients must use the AD DNS... and the AD DNS must use the SME DNS.... in fact you must activate on the ADDNS the "redirector" (in the properties of the MMC of the AD DNS) in redirector you must indicate the IP of your sme)

now when a client search the IP of poste1.enterprise.com the request is for the ADDNS who know the response...
when a client wants the IP of google.fr, the request is for the ADDNS again.. but the ADDNS doesn't know so he ask to the DNS found in the redirector: your e-smith....

I'm not sure to be clear ..; :-o  :roll:

A=