When you experience connection issues in Tresorit, but otherwise have internet connection in your other apps and browser, then you are probably facing a network error โ read on to learn how to solve it. And if you require assistance along the way, our support team is here to aid you.
๐ Note: Check our service status page for updates on our serversโ availability.
Go through the troubleshooting checklist
There are three settings you will need to check to solve the problem.
- Ports: check if the ports Tresorit uses are available and no firewall blocks them in your network.
- Proxy settings: check if Tresorit uses the proper proxy settings.
- SSL inspection: check your firewall settings and whitelist Tresorit hosts and IP addresses.
Required ports
Tresorit uses two outgoing ports (TCP 443 and TCP 80) โ make sure both are enabled on your firewall.
- All communication uses HTTPS (HTTP+TLS) on TCP 443
- SSL certificate CRL checking uses TCP port 80
๐ Note: Outgoing communication is enabled by default on most firewalls, especially these (standard) ports.
Proxy support
If you are not connected to the Internet directly, you are probably using a proxy server. Tresorit automatically detects the default proxy server, used by your browser (Internet Explorer, Edge, Chrome, Safari or Opera).
๐ Note: If you are using Firefox exclusively (and set it up manually), there is a chance that you will have to set up your proxy server manually too.
Set up your proxy manually
To solve it, you will need to check your proxy settings. Proxy settings can be modified in two ways, depending on whether you are signed in to Tresorit or not: on the settings tab or on the login page of your desktop app.
- Settings tab
- Login page
- Open your Tresorit desktop app.
- Head to the Settings tab.
- Navigate to Network.
- Under Proxy, select Manual.
- Change proxy settings on the pop-up. On this window you can configure your HTTP, Socks 4 or Socks 5 proxy. You can also add your username and password if your proxy requires authentication.
- Click Set proxy when you are done.
- Click Open proxy.
- Select Manual.
- Enter your proxy configuration.
- Click Set proxy when you are done.
SSL (HTTPS) inspection
To detect viruses some corporate and personal firewalls are set to decrypt SSL/TLS connections and are scanning the plaintext HTTP communication.
To protect your infrastructure most firewalls are set to break the trust relationship between the destination server (for example Tresorit servers) and your machine.
Only you have access to your Tresorit private key, neither admins nor firewalls are allowed to access it. As Tresorit is using client certificates to cryptographically identify you (and the firewall does not have your Tresorit private key) the Tresorit server wonโt allow access to your data.
You can test whether domains are SSL inspected using our Connection Checker tool. Download it below ๐
Whitelisting Tresorit
To avoid this issue please contact your system administrator to whitelist Tresorit from the SSL inspection. If this is your home network, please check your vendorโs tutorial for more information about whitelisting a service.
Required hosts and IP addresses: These IP addresses may change at any time without prior notification. While we do our best to keep this list current, you should not rely on the exact IP addresses for filtering. If you experience further issues in the future, please check back for the updated list.
Websites
-
account.tresorit.com - 13.69.228.14
-
tresorit.com - 13.69.228.14
-
tresor.it - 13.69.228.14
-
web.tresorit.com - 13.69.228.14
Tresorit Send
- az579219.vo.msecnd.net
- dc.services.visualstudio.com
- prodanonymlinks.blob.core.windows.net
- sendapi.tresorit.com
- tresoritusercontent.azurewebsites.net
- web.tresorit.com
- webapi.tresorit.com
- webclient-cdn.azureedge.net
Our backend servers
- storage2.tresorit.com - 40.115.117.30
- login.tresorit.com - 40.115.118.6
- log.tresorit.com - 138.91.55.166
- share.tresorit.com - 138.91.51.33
- accountapi.tresorit.com - 40.85.81.191
- rmsapi.tresorit.com - 191.235.220.110
- subscribeapi.tresorit.com - 40.85.81.191
- webapi.tresorit.com - 40.85.81.191
Storage servers
- filestorage00.blob.core.windows.net
- filestorage02.blob.core.windows.net
- filestorage03.blob.core.windows.net
- filestorage04.blob.core.windows.net
- ...
- ...
- ...
- filestorage57.blob.core.windows.net
- filestorage58.blob.core.windows.net
- filestorage59.blob.core.windows.net
- filestorage60.blob.core.windows.net
- filestoragecentralca01.blob.core.windows.net
- filestoragecentralus01.blob.core.windows.net
- filestorageeastus201.blob.core.windows.net
- filestoragesouthuk01.blob.core.windows.net
- filestoragewestus201.blob.core.windows.net
- filestoragenorthch01.blob.core.windows.net
- filestoragewestcentde01.blob.core.windows.net
- filestoragecentralfr01.blob.core.windows.net
- filestorageseasia01.blob.core.windows.net
- filestoragewesteu01.blob.core.windows.net
- filestoragesouthbr01.blob.core.windows.net
- filestoragenorthuae01.blob.core.windows.net
Using SSO will require additional servers to be reachable, different set of servers for AzureAD and Okta.
If the user wishes to use AzureAD, we will need access to:
If the user wishes to use Okta, we will need access to:
-
https://<organization_id>.okta.com (the <organization_id> was configured in the Admin Center during SSO setup)
-
https://<custom_issuer_domain> (this is optional, if the <custom_issuer_domain> was configured in the Admin Center during your SSO setup)
If you use DRM, the following addresses also need to be whitelisted
For initialization
- ocsp.digicert.com
- tresorit.com
- installerstorage.blob.core.windows.net
- discover.aadrm.com
- sts-b-eus-na.aadrm.com
- 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
- sts-b-weu.eu.aadrm.com
- baf3722a-2201-4bf5-8fec-2a74e41e11d7.rms.eu.aadrm.com
For usage
- login.microsoftonline.com
- aadg.windows.net.nsatc.net
- odc.officeapps.live.com
- nexus.officeapps.live.com
- roaming.officeapps.live.com
- 9e589980-d0b8-4473-bcf1-3bcd2f73ab76.rms.eu.aadrm.com
- osi-prod-weu01-roaming.cloudapp.net
- osiprod-neu-bronze-000.cloudapp.net
- prod-w.nexus.live.com.akadns.net
- rmsoprodeu-b-rms-neu.cloudapp.net
- sts-a-neu.eu.aadrm.com
- sts.ap.aadrm.com
- sts-b-eas.ap.aadrm.com
- sts-b-neu.eu.aadrm.com
- sts-a-weu.eu.aadrm.com
- sts-a-ncu.na.aadrm.com
- sts-a-eus.na.aadrm.com
- sts-b-weu.eu.aadrm.com
- sts.eu.aadrm.com
- rms.ap.aadrm.com
- rms.na.aadrm.com
- sts-b-eus.na.aadrm.com
- api.aadrm.com
- discover.aadrm.com
- rms.eu.aadrm.com
Because of the broad variety of network configurations and operating systems, the solutions listed above may not apply to you. In case you experience further issues, please contact our support team. They will help you sort this out.
Download the Connection Checker
Still have questions left? Drop us a line