[stunnel-users] Stunnel as windows service doesn't start on restart.

Pierre DELAAGE delaage.pierre at free.fr
Tue Sep 23 00:24:58 CEST 2014 

When you observe that log is empty and that "stunnel shows as started",
do a CTRL ALT DEL to check if there is any process called "stunnel" that 
is really running...

I have a doubt that, although scm says stunnel is running, in fact it is 
not.

Regards
Pierre

Le 22/09/2014 21:43, John Smith a écrit :
> Hi I used administrator account and defaults to install. It is 
> installed at Program Files (x86)
>
> The service is set to run as local system account and interact with 
> desktop is checked.
>
> Once the machine is booted... Login open service control panel, 
> stunnel shows as started. Go look at logs nothing there... In service 
> control panel hit the restart button. And it comes up properly.
>
> My config is as follows:
>
> ; Debugging stuff (may useful for troubleshooting)
> ;debug = 7
> output = stunnel.log
>
> ; Initialize Microsoft CryptoAPI interface
> engine = capi
> ; Also needs "engineID = capi" in each section using the CAPI engine
>
> [es-tcp]
> accept = ${SERVER_IP}:9300
> connect = 127.0.0.1:9300 <http://127.0.0.1:9300>
> cert = ....
> CAfile = ....
> verify = 2
>
> [es-http]
> accept = ${SERVER_IP}:9200
> connect = 127.0.0.1:9200 <http://127.0.0.1:9200>
> cert = ....
> CAfile = ....
> verify = 2
>
> [es-disc-local]
> client = yes
> accept = 127.0.0.1:9700 <http://127.0.0.1:9700>
> connect = ${SERVER_IP}:9300
> cert = ....
>
>
>
> On 22 September 2014 14:30, Pierre DELAAGE <delaage.pierre at free.fr 
> <mailto:delaage.pierre at free.fr>> wrote:
>
>     Hello,
>     I can tell my patch was adressing read file error on conf file,
>     but, unfortunately, not at all "dependencies of stunnel service at
>     start up",
>     which is likely to be the core pb preventing stunnel to start
>     correctly at boot time for people on that thread.
>
>     Michal added explicit dependencies at startup, that is necessary
>     to solve that bug. I did not check yet its implementation.
>
>     But maybe some services, although started, are still "not ready"
>     when stunnel starts, so that this makes stunnel fail.
>
>     I suggest that stunnel checks, not only the availability, but also
>     the "efficiency" of the DNS service by trying to resolve a well
>     known server.
>     it should retry during, eg, 3 seconds, and then stops with some
>     reports if failing to resolve the hostname,
>     either by lack of network, or by lack of answer from the name
>     resolver.
>     But...it seems that when having problems at startup, it cannot
>     even log anything....maybe this is due to the identity of "system
>     user" of stunnel at that particular moment: user that may have no
>     right to write on the HD.
>
>     People should check also the installation location of stunnel : it
>     is supposed (and have predefined shortcuts for that) to be
>     installed PREFERABLY in "c:\program files\stunnel".
>     I recommend to use that location.
>
>     They also should try to resolve by hand the hostnames they put in
>     their stunnel conf file, just to be sure.
>
>     On some network or machines, maybe there is a problem with the
>     firewall and SOME services tunneled by stunnel on forbidden ports.
>
>     On another hand, it sounds strange that just restarting stunnel
>     (in user mode or service mode ?) is solving the problem :
>     this sounds like unavailability of DNS at startup.
>
>     I did not investigate that particular problem, but I will perform
>     some tests soon with the last 504 (or 505).
>
>     Yours sincerely
>     Pierre
>
>
>
>     Le 22/09/2014 19:20, 541401 at gmail.com <mailto:541401 at gmail.com> a
>     écrit :
>>     Using Stunnel on several Windows Server 2008 R2 SP1 machines (all
>>     such machines are X64 as the OS is only released as X64).
>>
>>     During August of 2014 I reported in this forum the current
>>     version of Stunnel would not function as a service under the
>>     above OS, even if using a delayed start, it might run but it
>>     would not work.  I reverted to using version 4.35, which did work
>>     properly.
>>
>>     Pierre DeLagge was kind enough to provide me with a copy of his
>>     patched Stunnel 5.02, which I am still using and which is working
>>     flawlessly on my production servers.  No delayed start required.
>>
>>     I am wondering if Pierre's 5.02 patch has been incorporated into
>>     the most recently released Stunnel, 5.04?  Has anyone been
>>     successful in getting the most current version to actually work
>>     under the above environment without delaying the start of the
>>     service?
>>
>>     Just to add a little color and background to the story, I am
>>     using the native WS2008R2SP1 SMTP server on each machine, in
>>     conjunction with Stunnel, so as to forward OS event notifications
>>     through a gmail account.
>>
>>
>>
>>     On 09.22.2014 06:54, John Smith wrote:
>>>     I tried 5.04. on Windows Server 2008 R2 Enterprise Service Pack
>>>     1 x64
>>>
>>>
>>>     Same issue. Service shows as started, but no log. If I go manual
>>>     restart it works.
>>>
>>>     Have to put delayed startup.
>>>
>>>     On 18 September 2014 16:15, John Smith <java.dev.mtl at gmail.com
>>>     <mailto:java.dev.mtl at gmail.com>> wrote:
>>>
>>>         For now i'm happy with 5.03 Already in production so I will
>>>         have to wait next time! :)
>>>
>>>         On 17 September 2014 17:10, Michal Trojnara
>>>         <Michal.Trojnara at mirt.net <mailto:Michal.Trojnara at mirt.net>>
>>>         wrote:
>>>
>>>             -----BEGIN PGP SIGNED MESSAGE-----
>>>             Hash: SHA1
>>>
>>>             Jose Alf. wrote:
>>>             > Regarding stunnel service dependencies, If you read
>>>             the 5.04 beta
>>>             > announcement, the dependency is created automatically
>>>             now when you
>>>             > install stunnel as a service. Please give it a try.
>>>             Looks like it
>>>             > works for me.
>>>             >
>>>             > Thanks to Mike for implementing that.
>>>
>>>             Thank you for testing it.
>>>
>>>             Best regards,
>>>                     Mike
>>>             -----BEGIN PGP SIGNATURE-----
>>>             Version: GnuPG v1
>>>
>>>             iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q
>>>             yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR
>>>             =+xFQ
>>>             -----END PGP SIGNATURE-----
>>>             _______________________________________________
>>>             stunnel-users mailing list
>>>             stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>>>             https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     stunnel-users mailing list
>>>     stunnel-users at stunnel.org  <mailto:stunnel-users at stunnel.org>
>>>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>>
>>     _______________________________________________
>>     stunnel-users mailing list
>>     stunnel-users at stunnel.org  <mailto:stunnel-users at stunnel.org>
>>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>     _______________________________________________
>     stunnel-users mailing list
>     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140923/b6b4a93c/attachment.html>

More information about the stunnel-users mailing list