[stunnel-users] Stunnel as windows service doesn't start on restart.
Carter Browne
cbcs at comcast.net
Tue Sep 23 16:02:53 CEST 2014
Did you do a netstat to see if stunnel was listing on the selected
ports? Also enabling the debug might help identify the issue..
Carter Browne
cbrowne at cbcs-usa.com
On 9/23/2014 9:30 AM, John Smith wrote:
> I wish you were right but unfortunately it's running lol
>
> On 22 September 2014 18:24, Pierre DELAAGE <delaage.pierre at free.fr
> <mailto:delaage.pierre at free.fr>> wrote:
>
> When you observe that log is empty and that "stunnel shows as
> started",
> do a CTRL ALT DEL to check if there is any process called
> "stunnel" that is really running...
>
> I have a doubt that, although scm says stunnel is running, in fact
> it is not.
>
> Regards
> Pierre
>
> Le 22/09/2014 21:43, John Smith a écrit :
>> Hi I used administrator account and defaults to install. It is
>> installed at Program Files (x86)
>>
>> The service is set to run as local system account and interact
>> with desktop is checked.
>>
>> Once the machine is booted... Login open service control panel,
>> stunnel shows as started. Go look at logs nothing there... In
>> service control panel hit the restart button. And it comes up
>> properly.
>>
>> My config is as follows:
>>
>> ; Debugging stuff (may useful for troubleshooting)
>> ;debug = 7
>> output = stunnel.log
>>
>> ; Initialize Microsoft CryptoAPI interface
>> engine = capi
>> ; Also needs "engineID = capi" in each section using the CAPI engine
>>
>> [es-tcp]
>> accept = ${SERVER_IP}:9300
>> connect = 127.0.0.1:9300 <http://127.0.0.1:9300>
>> cert = ....
>> CAfile = ....
>> verify = 2
>>
>> [es-http]
>> accept = ${SERVER_IP}:9200
>> connect = 127.0.0.1:9200 <http://127.0.0.1:9200>
>> cert = ....
>> CAfile = ....
>> verify = 2
>>
>> [es-disc-local]
>> client = yes
>> accept = 127.0.0.1:9700 <http://127.0.0.1:9700>
>> connect = ${SERVER_IP}:9300
>> cert = ....
>>
>>
>>
>> On 22 September 2014 14:30, Pierre DELAAGE
>> <delaage.pierre at free.fr <mailto:delaage.pierre at free.fr>> wrote:
>>
>> Hello,
>> I can tell my patch was adressing read file error on conf file,
>> but, unfortunately, not at all "dependencies of stunnel
>> service at start up",
>> which is likely to be the core pb preventing stunnel to start
>> correctly at boot time for people on that thread.
>>
>> Michal added explicit dependencies at startup, that is
>> necessary to solve that bug. I did not check yet its
>> implementation.
>>
>> But maybe some services, although started, are still "not
>> ready" when stunnel starts, so that this makes stunnel fail.
>>
>> I suggest that stunnel checks, not only the availability, but
>> also the "efficiency" of the DNS service by trying to resolve
>> a well known server.
>> it should retry during, eg, 3 seconds, and then stops with
>> some reports if failing to resolve the hostname,
>> either by lack of network, or by lack of answer from the name
>> resolver.
>> But...it seems that when having problems at startup, it
>> cannot even log anything....maybe this is due to the identity
>> of "system user" of stunnel at that particular moment: user
>> that may have no right to write on the HD.
>>
>> People should check also the installation location of stunnel
>> : it is supposed (and have predefined shortcuts for that) to
>> be installed PREFERABLY in "c:\program files\stunnel".
>> I recommend to use that location.
>>
>> They also should try to resolve by hand the hostnames they
>> put in their stunnel conf file, just to be sure.
>>
>> On some network or machines, maybe there is a problem with
>> the firewall and SOME services tunneled by stunnel on
>> forbidden ports.
>>
>> On another hand, it sounds strange that just restarting
>> stunnel (in user mode or service mode ?) is solving the problem :
>> this sounds like unavailability of DNS at startup.
>>
>> I did not investigate that particular problem, but I will
>> perform some tests soon with the last 504 (or 505).
>>
>> Yours sincerely
>> Pierre
>>
>>
>>
>> Le 22/09/2014 19:20, 541401 at gmail.com
>> <mailto:541401 at gmail.com> a écrit :
>>> Using Stunnel on several Windows Server 2008 R2 SP1 machines
>>> (all such machines are X64 as the OS is only released as X64).
>>>
>>> During August of 2014 I reported in this forum the current
>>> version of Stunnel would not function as a service under the
>>> above OS, even if using a delayed start, it might run but it
>>> would not work. I reverted to using version 4.35, which did
>>> work properly.
>>>
>>> Pierre DeLagge was kind enough to provide me with a copy of
>>> his patched Stunnel 5.02, which I am still using and which
>>> is working flawlessly on my production servers. No delayed
>>> start required.
>>>
>>> I am wondering if Pierre's 5.02 patch has been incorporated
>>> into the most recently released Stunnel, 5.04? Has anyone
>>> been successful in getting the most current version to
>>> actually work under the above environment without delaying
>>> the start of the service?
>>>
>>> Just to add a little color and background to the story, I am
>>> using the native WS2008R2SP1 SMTP server on each machine, in
>>> conjunction with Stunnel, so as to forward OS event
>>> notifications through a gmail account.
>>>
>>>
>>>
>>> On 09.22.2014 06:54, John Smith wrote:
>>>> I tried 5.04. on Windows Server 2008 R2 Enterprise Service
>>>> Pack 1 x64
>>>>
>>>>
>>>> Same issue. Service shows as started, but no log. If I go
>>>> manual restart it works.
>>>>
>>>> Have to put delayed startup.
>>>>
>>>> On 18 September 2014 16:15, John Smith
>>>> <java.dev.mtl at gmail.com <mailto:java.dev.mtl at gmail.com>> wrote:
>>>>
>>>> For now i'm happy with 5.03 Already in production so I
>>>> will have to wait next time! :)
>>>>
>>>> On 17 September 2014 17:10, Michal Trojnara
>>>> <Michal.Trojnara at mirt.net
>>>> <mailto:Michal.Trojnara at mirt.net>> wrote:
>>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Jose Alf. wrote:
>>>> > Regarding stunnel service dependencies, If you
>>>> read the 5.04 beta
>>>> > announcement, the dependency is created
>>>> automatically now when you
>>>> > install stunnel as a service. Please give it a
>>>> try. Looks like it
>>>> > works for me.
>>>> >
>>>> > Thanks to Mike for implementing that.
>>>>
>>>> Thank you for testing it.
>>>>
>>>> Best regards,
>>>> Mike
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1
>>>>
>>>> iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q
>>>> yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR
>>>> =+xFQ
>>>> -----END PGP SIGNATURE-----
>>>> _______________________________________________
>>>> stunnel-users mailing list
>>>> stunnel-users at stunnel.org
>>>> <mailto:stunnel-users at stunnel.org>
>>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> stunnel-users mailing list
>>>> stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>> _______________________________________________
>>> stunnel-users mailing list
>>> stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140923/2a36b2ff/attachment.html>
More information about the stunnel-users
mailing list