FW: Stunnel with IIS8 on server 2012 64 bit - stunnel-users

20 Jun 2016


      From: J. Michael Drew [mailto:jmichaeldrew@hotmail.com] 
Sent: Monday, June 20, 2016 9:54 AM
To: 'Josealf.rm'
Subject: RE: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit
Jose,
Once logged in to the server I can open a browser on the server and connect through https://localhost/website and I can log in to the site externally as expected.
Here are the log files from IIS and stunnel where stunnel is running as a service on the Windows 2012 server:
When I am not logged in to the server it fails:
#Software: Microsoft Internet Information Services 8.5
#Version: 1.0
#Date: 2016-06-20 00:30:21
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2016-06-20 00:30:21 159.xxx.xxx.xxx HEAD / - 443 - 190.xxx.xxx.xxx - - 200 0 0 1218
#Software: Microsoft Internet Information Services 8.5
#Version: 1.0
#Date: 2016-06-20 05:41:01
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2016-06-20 05:41:01 10.xxx.xxx.xxx OPTIONS /C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 200 0 0 500
2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32/NTDLL.DLL - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 46
2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32 - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 218
2016-06-20 05:41:16 10.xxx.xxx.xxx PROPFIND /patch-{682810b5-36dc-4e5d-81dd-6c02cd8f445b}-patchtoolsd.exe - 80 - 159.82.156.241 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 64 62
2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /N$cl64.exe - 80 - 159.xxx.xxx.xxx 1 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 62
2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /C$rome.dll - 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 296
Stunell.conf:
cert = extwebsvr_ver.pem
; Some performance tuning
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Peer Authentication
verify = 2
CAfile = extwebsvr_root.pem
; Debug mode - useful for troubleshooting
debug = 7
output = stunnel.log
; Client mode
client = yes
; Setup tunnels to each EMS node
[CLIxxxxxxxx)]
accept=127.0.0.1:9001
connect=10.xxx.xxx.xxx:9009
Stunnel.log:
2016.06.20 09:17:39 LOG7[main]: No limit detected for the number of clients
2016.06.20 09:17:39 LOG5[main]: stunnel 5.27 on x86-pc-msvc-1500 platform
2016.06.20 09:17:39 LOG5[main]: Compiled/running with OpenSSL 1.0.2e-fips 3 Dec 2015
2016.06.20 09:17:39 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2016.06.20 09:17:39 LOG7[main]: errno: (*_errno())
2016.06.20 09:17:39 LOG5[main]: Reading configuration from file stunnel.conf
2016.06.20 09:17:39 LOG7[ui]: GUI message loop initialized
2016.06.20 09:17:39 LOG7[cron]: Cron thread initialized
2016.06.20 09:17:39 LOG5[main]: UTF-8 byte order mark detected
2016.06.20 09:17:39 LOG6[main]: Initializing service [CLI9F529A0A]
2016.06.20 09:17:39 LOG6[main]: Loading certificate from file: extwebsvr_ver.pem
2016.06.20 09:17:39 LOG6[main]: Certificate loaded from file: extwebsvr_ver.pem
2016.06.20 09:17:39 LOG6[main]: Loading private key from file: extwebsvr_ver.pem
2016.06.20 09:17:39 LOG6[main]: Private key loaded from file: extwebsvr_ver.pem
2016.06.20 09:17:39 LOG7[main]: Private key check succeeded
2016.06.20 09:17:39 LOG4[main]: Service [CLIxxxxxxxx] uses "verify = 2" without subject checks
2016.06.20 09:17:39 LOG4[main]: Use "checkHost" or "checkIP" to restrict trusted certificates
2016.06.20 09:17:39 LOG7[main]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
2016.06.20 09:17:39 LOG5[main]: Configuration successful
Thanks for your help,
Michael
From: Josealf.rm [mailto:josealf@rocketmail.com] 
Sent: Monday, June 20, 2016 8:01 AM
To: J. Michael Drew
Cc: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit
Michael,
Is your stunnel running as a service?
Please post sanitized logs and configuration for a better diagnostic ...
Regards
Jose
El 20 jun 2016, a las 6:39, J. Michael Drew jmichaeldrew@hotmail.com escribió:
Hi,
I have a website on IIS8 and am using stunnel to forward requests over 9009 inside to my application server.  When I log in to the IIS server and stay logged in everything works as expected. When I log off the IIS 8 web server my site is unreachable with a “service is unavailable”.
Can someone help me?
Sincere thanks,
Michael
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users