<div dir="ltr">I wish you were right but unfortunately it's running lol</div><div class="gmail_extra"><br><div class="gmail_quote">On 22 September 2014 18:24, Pierre DELAAGE <span dir="ltr"><<a href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
When you observe that log is empty and that "stunnel shows as
started",<br>
do a CTRL ALT DEL to check if there is any process called "stunnel"
that is really running...<br>
<br>
I have a doubt that, although scm says stunnel is running, in fact
it is not.<br>
<br>
Regards<br>
Pierre<br>
<br>
<div>Le 22/09/2014 21:43, John Smith a
écrit :<br>
</div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Hi I used administrator account and defaults to
install. It is installed at Program Files (x86)
<div><br>
</div>
<div>The service is set to run as local system account and
interact with desktop is checked.</div>
<div><br>
</div>
<div>Once the machine is booted... Login open service control
panel, stunnel shows as started. Go look at logs nothing
there... In service control panel hit the restart button. And
it comes up properly.</div>
<div><br>
</div>
<div>My config is as follows:</div>
<div><br>
</div>
<div>
<div>; Debugging stuff (may useful for troubleshooting)</div>
<div>;debug = 7</div>
<div>output = stunnel.log</div>
<div><br>
</div>
<div>; Initialize Microsoft CryptoAPI interface</div>
<div>engine = capi</div>
<div>; Also needs "engineID = capi" in each section using the
CAPI engine</div>
<div><br>
</div>
<div>[es-tcp]</div>
<div>accept = ${SERVER_IP}:9300</div>
<div>connect = <a href="http://127.0.0.1:9300" target="_blank">127.0.0.1:9300</a></div>
<div>cert = ....</div>
<div>CAfile = ....</div>
<div>verify = 2</div>
<div><br>
</div>
<div>[es-http]</div>
<div>accept = ${SERVER_IP}:9200</div>
<div>connect = <a href="http://127.0.0.1:9200" target="_blank">127.0.0.1:9200</a></div>
<div>cert = ....</div>
<div>CAfile = ....</div>
<div>verify = 2</div>
<div><br>
</div>
<div>[es-disc-local]</div>
<div>client = yes</div>
<div>accept = <a href="http://127.0.0.1:9700" target="_blank">127.0.0.1:9700</a></div>
<div>connect = ${SERVER_IP}:9300</div>
<div>cert = ....</div>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 22 September 2014 14:30, Pierre
DELAAGE <span dir="ltr"><<a href="mailto:delaage.pierre@free.fr" target="_blank">delaage.pierre@free.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hello,<br>
I can tell my patch was adressing read file error on conf
file, <br>
but, unfortunately, not at all "dependencies of stunnel
service at start up",<br>
which is likely to be the core pb preventing stunnel to
start correctly at boot time for people on that thread.<br>
<br>
Michal added explicit dependencies at startup, that is
necessary to solve that bug. I did not check yet its
implementation.<br>
<br>
But maybe some services, although started, are still "not
ready" when stunnel starts, so that this makes stunnel
fail.<br>
<br>
I suggest that stunnel checks, not only the availability,
but also the "efficiency" of the DNS service by trying to
resolve a well known server.<br>
it should retry during, eg, 3 seconds, and then stops with
some reports if failing to resolve the hostname,<br>
either by lack of network, or by lack of answer from the
name resolver.<br>
But...it seems that when having problems at startup, it
cannot even log anything....maybe this is due to the
identity of "system user" of stunnel at that particular
moment: user that may have no right to write on the HD.<br>
<br>
People should check also the installation location of
stunnel : it is supposed (and have predefined shortcuts
for that) to be installed PREFERABLY in "c:\program
files\stunnel".<br>
I recommend to use that location.<br>
<br>
They also should try to resolve by hand the hostnames they
put in their stunnel conf file, just to be sure.<br>
<br>
On some network or machines, maybe there is a problem with
the firewall and SOME services tunneled by stunnel on
forbidden ports.<br>
<br>
On another hand, it sounds strange that just restarting
stunnel (in user mode or service mode ?) is solving the
problem :<br>
this sounds like unavailability of DNS at startup.<br>
<br>
I did not investigate that particular problem, but I will
perform some tests soon with the last 504 (or 505).<br>
<br>
Yours sincerely<br>
Pierre<br>
<br>
<br>
<br>
<div>Le 22/09/2014 19:20, <a href="mailto:541401@gmail.com" target="_blank">541401@gmail.com</a>
a écrit :<br>
</div>
<div>
<div>
<blockquote type="cite"> Using Stunnel on several
Windows Server 2008 R2 SP1 machines (all such
machines are X64 as the OS is only released as X64).<br>
<br>
During August of 2014 I reported in this forum the
current version of Stunnel would not function as a
service under the above OS, even if using a delayed
start, it might run but it would not work. I
reverted to using version 4.35, which did work
properly.<br>
<br>
Pierre DeLagge was kind enough to provide me with a
copy of his patched Stunnel 5.02, which I am still
using and which is working flawlessly on my
production servers. No delayed start required.<br>
<br>
I am wondering if Pierre's 5.02 patch has been
incorporated into the most recently released
Stunnel, 5.04? Has anyone been successful in
getting the most current version to actually work
under the above environment without delaying the
start of the service?<br>
<br>
Just to add a little color and background to the
story, I am using the native WS2008R2SP1 SMTP server
on each machine, in conjunction with Stunnel, so as
to forward OS event notifications through a gmail
account.<br>
<br>
<br>
<br>
<div>On 09.22.2014 06:54, John Smith wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I tried 5.04. on Windows Server
2008 R2 Enterprise Service Pack 1 x64
<div><br>
</div>
<div><br>
</div>
<div>Same issue. Service shows as started, but
no log. If I go manual restart it works.<br>
<br>
Have to put delayed startup.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 18 September 2014
16:15, John Smith <span dir="ltr"><<a href="mailto:java.dev.mtl@gmail.com" target="_blank">java.dev.mtl@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">For now i'm happy with 5.03
Already in production so I will have to
wait next time! :)</div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 17
September 2014 17:10, Michal
Trojnara <span dir="ltr"><<a href="mailto:Michal.Trojnara@mirt.net" target="_blank">Michal.Trojnara@mirt.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN
PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<span><br>
Jose Alf. wrote:<br>
> Regarding stunnel service
dependencies, If you read the
5.04 beta<br>
> announcement, the
dependency is created
automatically now when you<br>
> install stunnel as a
service. Please give it a try.
Looks like it<br>
> works for me.<br>
><br>
> Thanks to Mike for
implementing that.<br>
<br>
</span>Thank you for testing it.<br>
<br>
Best regards,<br>
Mike<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br>
iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q<br>
yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR<br>
=+xFQ<br>
-----END PGP SIGNATURE-----<br>
<div>
<div>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
stunnel-users mailing list
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
stunnel-users mailing list
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org" target="_blank">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br></blockquote></div><br></div>