I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file. -- Carter Browne cbrowne@cbcs-usa.com
Try by removing completely the taskbar option from the conf file. Le 24/09/2014 18:27, Carter Browne a écrit :
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
In the case of the server OS, by default, the OS will not allow a service to interact with the desktop. If you look at your event logs, you will probably find some warnings or errors to this effect. I am not sure about Windows 7, but it might be the same. On 09.24.2014 09:27, Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
Right, check that the service properties allows it to interact with the desktop (stunnel service/properties/connection tab) Le 24/09/2014 19:05, 541401@gmail.com a écrit :
In the case of the server OS, by default, the OS will not allow a service to interact with the desktop. If you look at your event logs, you will probably find some warnings or errors to this effect. I am not sure about Windows 7, but it might be the same.
On 09.24.2014 09:27, Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
If you select "allow to interact with desktop" an error will be generated in the event log. Microsoft has removed the ability for services to interact with the Desktop. Please see: "If you allow the service to interact with the desktop, any information that the service displays on the desktop will also be displayed on an interactive user's desktop. A malicious user could then take control of the service or attack it from the interactive desktop. In Windows Vista and Windows Server 2008, support for interactive services has been removed to mitigate this security risk;" http://technet.microsoft.com/en-us/library/cc756339%28v=ws.10%29.aspx On 09.24.2014 10:15, Pierre DELAAGE wrote:
Right, check that the service properties allows it to interact with the desktop (stunnel service/properties/connection tab)
Le 24/09/2014 19:05, 541401@gmail.com a écrit :
In the case of the server OS, by default, the OS will not allow a service to interact with the desktop. If you look at your event logs, you will probably find some warnings or errors to this effect. I am not sure about Windows 7, but it might be the same.
On 09.24.2014 09:27, Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Well that explains why it hasn't worked on the more recent versions. I do not see that option in the html file distributed with 5.04, not that it matters according to the description you included. Carter Browne cbrowne@cbcs-usa.com On 9/24/2014 1:34 PM, 541401@gmail.com wrote:
If you select "allow to interact with desktop" an error will be generated in the event log. Microsoft has removed the ability for services to interact with the Desktop. Please see:
"If you allow the service to interact with the desktop, any information that the service displays on the desktop will also be displayed on an interactive user's desktop. A malicious user could then take control of the service or attack it from the interactive desktop. In Windows Vista and Windows Server 2008, support for interactive services has been removed to mitigate this security risk;"
http://technet.microsoft.com/en-us/library/cc756339%28v=ws.10%29.aspx
On 09.24.2014 10:15, Pierre DELAAGE wrote:
Right, check that the service properties allows it to interact with the desktop (stunnel service/properties/connection tab)
Le 24/09/2014 19:05, 541401@gmail.com a écrit :
In the case of the server OS, by default, the OS will not allow a service to interact with the desktop. If you look at your event logs, you will probably find some warnings or errors to this effect. I am not sure about Windows 7, but it might be the same.
On 09.24.2014 09:27, Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
Ok, this is a fact that a service should not have to interact with the desktop, and the icon is a part of that... It is normal, in stunnel case, that it does not appear: if it were the case it may allow the user to stop the service, which is not the purpose of any service... BUT, even in service mode, stunnel does interact with the desktop in two ways : 1/ when you start or stop the service : there is a dlg box at that time 2/ if you have protected your client cert with a password, you will be prompted to enter a password What is strange is that MS maintained the existence of the checkbox in the Win7 service dialog... Anyway...at least you should have a normal icon when starting stunnel in user mode ... Le 24/09/2014 19:55, Carter Browne a écrit :
Well that explains why it hasn't worked on the more recent versions. I do not see that option in the html file distributed with 5.04, not that it matters according to the description you included.
Carter Browne cbrowne@cbcs-usa.com
On 9/24/2014 1:34 PM, 541401@gmail.com wrote:
If you select "allow to interact with desktop" an error will be generated in the event log. Microsoft has removed the ability for services to interact with the Desktop. Please see:
"If you allow the service to interact with the desktop, any information that the service displays on the desktop will also be displayed on an interactive user's desktop. A malicious user could then take control of the service or attack it from the interactive desktop. In Windows Vista and Windows Server 2008, support for interactive services has been removed to mitigate this security risk;"
http://technet.microsoft.com/en-us/library/cc756339%28v=ws.10%29.aspx
On 09.24.2014 10:15, Pierre DELAAGE wrote:
Right, check that the service properties allows it to interact with the desktop (stunnel service/properties/connection tab)
Le 24/09/2014 19:05, 541401@gmail.com a écrit :
In the case of the server OS, by default, the OS will not allow a service to interact with the desktop. If you look at your event logs, you will probably find some warnings or errors to this effect. I am not sure about Windows 7, but it might be the same.
On 09.24.2014 09:27, Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
On Wed, 24 Sep 2014 20:10:58 +0200 Pierre DELAAGE <delaage.pierre@free.fr> wrote:
Ok, this is a fact that a service should not have to interact with the desktop, and the icon is a part of that... It is normal, in stunnel case, that it does not appear: if it were the case it may allow the user to stop the service, which is not the purpose of any service...
BUT, even in service mode, stunnel does interact with the desktop in two ways :
1/ when you start or stop the service : there is a dlg box at that time 2/ if you have protected your client cert with a password, you will be prompted to enter a password
What is strange is that MS maintained the existence of the checkbox in the Win7 service dialog...
Anyway...at least you should have a normal icon when starting stunnel in user mode ...
Hi, As soon or later I plan to change to Windows 7 I couldn't believe what you were talking and... angry is the less I had after some tests. What to do? search, search, and search and I couldn't believe no one found a workaround :( But I ended in this MSDN blog that bring the hint: http://blogs.msdn.com/b/patricka/archive/2010/04/27/what-is-interactive-serv... It is not the best workaround and not the safer if I could say something, but works. By the way, I created the service with srvany from the resource kits, not with the own stunnel service installer, but should work that way too as it creates the service that is the important thing. The thing consist in bypass the interactive service checks and blocks by running PsExec in the following method (use your own paths) for the image path of the service or parameters if you used srvany: PsExec -i 1 -s stunnel.exe After create the service and modified the above command to run, go to service manager, check the properties of the service and set to run your login credentials instead the system account. If all went well, you'll run stunnel, you'll see the icon in the taskbar and you should check the log window (I had some problem where I could open but couldn't see it). Note: you won't be able to kill stunnel stopping the service. I didn't check more things, as if in boot it runs or not because I'm running in a humble P4 system with a slower virtual machine, but after a couple of hours I was satisfied enough, at least viewing the icon appear and I wanted to share this with you. Of course, this would help too to those malware creators reaching the list, but, who cares? I almost prefer a wild zone instead this security by default Windows where you can't do anything without permission, even if you disable every thing outthere. The nightmare of every system tech. Regards.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Guys, The proper solution is to move the GUI to a separate process. There will be two separate logical components: - Network server running as an NT service or a user process. - GUI client always running as the current user. The stunnel process executed by the current user will first check whether an existing network server (possibly running as NT service) is already started: - On success, it will communicate with the server over a named pipe. - On failure, it will start a new network server as the current user. This feature is already on my TODO list http://www.stunnel.org/sdf_todo.html waiting for a sponsor, or for me to have some spare time... Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQkGB8ACgkQ/NU+nXTHMtGeDQCfRTEPnU74ahtQVFHC4La6EWew pE8AoN33l1bUj3qdivRKseTFRdBqd87H =SbCw -----END PGP SIGNATURE-----
Thanks Michal, Personally, I only need to examine the ST GUI if there is a problem or to confirm a configuration change. Manually starting the GUI or creating a scheduled task which starts the GUI at logon is easy enough for the end user to accomplish, IMHO. I mostly use ST on Windows servers, so the most important thing to me is having ST start reliably, as a service, and function whether a user has logged on or not. Thank you for all of your hard work and for providing this indispensable tool. On 09.25.2014 06:26, Michal Trojnara wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Guys,
The proper solution is to move the GUI to a separate process.
There will be two separate logical components: - Network server running as an NT service or a user process. - GUI client always running as the current user.
The stunnel process executed by the current user will first check whether an existing network server (possibly running as NT service) is already started: - On success, it will communicate with the server over a named pipe. - On failure, it will start a new network server as the current user.
This feature is already on my TODO list http://www.stunnel.org/sdf_todo.html waiting for a sponsor, or for me to have some spare time...
Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlQkGB8ACgkQ/NU+nXTHMtGeDQCfRTEPnU74ahtQVFHC4La6EWew pE8AoN33l1bUj3qdivRKseTFRdBqd87H =SbCw -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
On Thu, 25 Sep 2014 15:26:55 +0200 Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
The proper solution is to move the GUI to a separate process. - Network server running as an NT service or a user process. - GUI client always running as the current user.
Hi, Yes, that's the point. But, anyway, as I don't usually use Stunnel as service, I dig a little more, and it isn't attached _on boot_ to the taskbar on previous Windows versions either. That, in the other hand, it has its logic. The taskbar depends on explorer.exe and this isn't launched until the user logins so... after all I wasted time trying to display it ;-) The only fix I see to this (interaction with desktop) is to attach to the user session ID. And if we want the icon, run as user process through Start>programs>start or HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Or better: as you prefer, because as I'm not a developer, I have no clue what must be done one or other way ;) As 541401 pointed, while it runs without errors, it is enough. Regards.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Javier wrote:
But, anyway, as I don't usually use Stunnel as service, I dig a little more, and it isn't attached _on boot_ to the taskbar on previous Windows versions either.
At least this was something easy to fix: https://www.stunnel.org/downloads/beta/stunnel-5.05b4-installer.exe
The only fix I see to this (interaction with desktop) is to attach to the user session ID. And if we want the icon, run as user process through Start>programs>start or HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
Or better: as you prefer, because as I'm not a developer, I have no clue what must be done one or other way ;)
Indeed. 8-)
As 541401 pointed, while it runs without errors, it is enough.
I respectfully disagree. The scenario that I want stunnel to implement is to run as a service (i.e. also while the user *is not* logged in), and at the same time to provide the interactive user interface while the user *is* logged in. I recognize this scenario may be irrelevant for your particular use case. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQkYaEACgkQ/NU+nXTHMtGUwwCeKJG0R9N+LeB0+Yu/7FJEzGxd hNIAn0YxRWGzB1FK08sB6nNspZ+AvncT =ZFWn -----END PGP SIGNATURE-----
On Thu, 25 Sep 2014 20:40:33 +0200 Michal Trojnara <Michal.Trojnara@mirt.net> wrote:
Javier wrote:
But, anyway, as I don't usually use Stunnel as service, I dig a little more, and it isn't attached _on boot_ to the taskbar on previous Windows versions either.
At least this was something easy to fix: https://www.stunnel.org/downloads/beta/stunnel-5.05b4-installer.exe
Hi, not on Windows 2000 :P or maybe I saw fixed in XP as I have the virtual machine configured for auto-login and explorer loads before Stunnel service. In Windows 2000, at least, I saw the window when an error detected in the conf file. But I'll understand if you don't break your head to try to support this feature (icon display) for Windows 2000, as old as it is. I'm not requesting it either. It's enough to see that new versions still run, what can't be said of other simpler tools. Thanks for your efforts :) Regards.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Carter Browne wrote:
I have updated stunnel to version 5.04 on Windows 7 32 & 64 bit, Windows Server 2008R2, Windows Server 2012 and Windows Server 2012R2 and in no case does the icon appear. I explicitly set taskbar = yes in the configuration file.
Did it stop working after the upgrade? Which version worked? Best regards, Michal Trojnara -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQi/sIACgkQ/NU+nXTHMtH1ZACg5nlXtwkD/LBUzFR5LAsVqquP wdwAnj+AzAu8LhShF1ww+hD9zZLjKLp5 =HsTA -----END PGP SIGNATURE-----
participants (5)
-
541401@gmail.com -
Carter Browne -
Javier -
Michal Trojnara -
Pierre DELAAGE