Network troubleshooter guide

When you experience connection issues in Tresorit, but otherwise have internet connection in your other apps and browser, then you are probably facing a network error – read on to learn how to solve it. And if you require assistance along the way, our support team is here to aid you.

📝 Note: Check our service status page for updates on our servers’ availability.

Go through the troubleshooting checklist

There are three settings you will need to check to solve the problem.

1. Ports: check if the ports Tresorit uses are available and no firewall blocks them in your network.
2. Proxy settings: check if Tresorit uses the proper proxy settings.
3. SSL inspection: check your firewall settings and whitelist Tresorit hosts and IP addresses.

Required ports

Tresorit uses two outgoing ports (TCP 443 and TCP 80) – make sure both are enabled on your firewall.

• All communication uses HTTPS (HTTP+TLS) on TCP 443
• SSL certificate CRL checking uses TCP port 80

📝 Note: Outgoing communication is enabled by default on most firewalls, especially these (standard) ports.

Proxy support

If you are not connected to the Internet directly, you are probably using a proxy server. Tresorit automatically detects the default proxy server, used by your browser (Internet Explorer, Edge, Chrome, Safari or Opera).

📝 Note: If you are using Firefox exclusively (and set it up manually), there is a chance that you will have to set up your proxy server manually too.

Set up your proxy manually

To solve it, you will need to check your proxy settings. Proxy settings can be modified in two ways, depending on whether you are signed in to Tresorit or not: on the settings tab or on the login page of your desktop app.

SSL (HTTPS) inspection

To detect viruses some corporate and personal firewalls are set to decrypt SSL/TLS connections and are scanning the plaintext HTTP communication.

To protect your infrastructure most firewalls are set to break the trust relationship between the destination server (for example Tresorit servers) and your machine.

Only you have access to your Tresorit private key, neither admins nor firewalls are allowed to access it. As Tresorit is using client certificates to cryptographically identify you (and the firewall does not have your Tresorit private key) the Tresorit server won’t allow access to your data.

You can test whether domains are SSL inspected using our Connection Checker tool. Download it below 👇

Whitelisting Tresorit

To avoid this issue please contact your system administrator to whitelist Tresorit from the SSL inspection. If this is your home network, please check your vendor’s tutorial for more information about whitelisting a service.

Required hosts and IP addresses: These IP addresses may change at any time without prior notification. While we do our best to keep this list current, you should not rely on the exact IP addresses for filtering. If you experience further issues in the future, please check back for the updated list.

Websites

• account.tresorit.com - 40.112.93.201
• tresorit.com - 40.112.93.201
• tresor.it - 191.235.160.13
• web.tresorit.com - 40.112.93.201

Tresorit Send

• az579219.vo.msecnd.net
• dc.services.visualstudio.com
• prodanonymlinks.blob.core.windows.net
• sendapi.tresorit.com
• tresoritusercontent.azurewebsites.net
• web.tresorit.com
• webapi.tresorit.com
• webclient-cdn.azureedge.net

Our backend servers

• storage2.tresorit.com - 40.115.117.30
• login.tresorit.com - 40.115.118.6
• log.tresorit.com - 138.91.55.166
• share.tresorit.com - 138.91.51.33
• accountapi.tresorit.com - 40.85.81.191
• rmsapi.tresorit.com - 191.235.220.110
• subscribeapi.tresorit.com - 40.85.81.191
• webapi.tresorit.com - 40.85.81.191

Storage servers

• filestorage00.blob.core.windows.net
• filestorage02.blob.core.windows.net
• filestorage03.blob.core.windows.net
• filestorage04.blob.core.windows.net
• ...
• ...
• ...
• filestorage57.blob.core.windows.net
• filestorage58.blob.core.windows.net
• filestorage59.blob.core.windows.net
• filestorage60.blob.core.windows.net
• filestoragecentralca01.blob.core.windows.net
• filestoragecentralus01.blob.core.windows.net
• filestorageeastus201.blob.core.windows.net
• filestoragesouthuk01.blob.core.windows.net
• filestoragewestus201.blob.core.windows.net
• filestoragenorthch01.blob.core.windows.net
• filestoragewestcentde01.blob.core.windows.net
• filestoragecentralfr01.blob.core.windows.net
• filestorageseasia01.blob.core.windows.net
• filestoragewesteu01.blob.core.windows.net
• filestoragesouthbr01.blob.core.windows.net
• filestoragenorthuae01.blob.core.windows.net

Using SSO will require additional servers to be reachable, different set of servers for AzureAD and Okta. 

If the user wishes to use AzureAD, we will need access to:

• https://login.microsoftonline.com

• https://graph.microsoft.com

If the user wishes to use Okta, we will need access to:

• https://<organization_id>.okta.com (the <organization_id> was configured in the Admin Center during SSO setup)

• https://<custom_issuer_domain> (this is optional, if the <custom_issuer_domain> was configured in the Admin Center during your SSO setup)

If you use DRM, the following addresses also need to be whitelisted

For initialization

• ocsp.digicert.com
• tresorit.com
• installerstorage.blob.core.windows.net
• discover.aadrm.com
• sts-b-eus-na.aadrm.com
• 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
• sts-b-weu.eu.aadrm.com
• baf3722a-2201-4bf5-8fec-2a74e41e11d7.rms.eu.aadrm.com

For usage

• login.microsoftonline.com
• aadg.windows.net.nsatc.net
• odc.officeapps.live.com
• nexus.officeapps.live.com
• roaming.officeapps.live.com
• 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
• osi-prod-weu01-roaming.cloudapp.net
• osiprod-neu-bronze-000.cloudapp.net
• prod-w.nexus.live.com.akadns.net
• rmsoprodeu-b-rms-neu.cloudapp.net
• sts-a-neu.eu.aadrm.com
• sts.ap.aadrm.com
• sts-b-eas.ap.aadrm.com
• sts-b-neu.eu.aadrm.com
• sts-a-weu.eu.aadrm.com
• sts-a-ncu.na.aadrm.com
• sts-a-eus.na.aadrm.com
• sts-b-weu.eu.aadrm.com
• sts.eu.aadrm.com
• rms.ap.aadrm.com
• rms.na.aadrm.com
• sts-b-eus.na.aadrm.com
• api.aadrm.com
• discover.aadrm.com
• rms.eu.aadrm.com

Because of the broad variety of network configurations and operating systems, the solutions listed above may not apply to you. In case you experience further issues, please contact our support team. They will help you sort this out.

Download the Connection Checker

Still have questions left? Drop us a line