[stunnel-users] Stunnel as windows service doesn't start on restart.

Carter Browne cbcs at comcast.net
Tue Sep 23 16:02:53 CEST 2014


Did you do a netstat to see if stunnel was listing on the selected 
ports?  Also enabling the debug might help identify the issue..

Carter Browne
cbrowne at cbcs-usa.com

On 9/23/2014 9:30 AM, John Smith wrote:
> I wish you were right but unfortunately it's running lol
>
> On 22 September 2014 18:24, Pierre DELAAGE <delaage.pierre at free.fr 
> <mailto:delaage.pierre at free.fr>> wrote:
>
>     When you observe that log is empty and that "stunnel shows as
>     started",
>     do a CTRL ALT DEL to check if there is any process called
>     "stunnel" that is really running...
>
>     I have a doubt that, although scm says stunnel is running, in fact
>     it is not.
>
>     Regards
>     Pierre
>
>     Le 22/09/2014 21:43, John Smith a écrit :
>>     Hi I used administrator account and defaults to install. It is
>>     installed at Program Files (x86)
>>
>>     The service is set to run as local system account and interact
>>     with desktop is checked.
>>
>>     Once the machine is booted... Login open service control panel,
>>     stunnel shows as started. Go look at logs nothing there... In
>>     service control panel hit the restart button. And it comes up
>>     properly.
>>
>>     My config is as follows:
>>
>>     ; Debugging stuff (may useful for troubleshooting)
>>     ;debug = 7
>>     output = stunnel.log
>>
>>     ; Initialize Microsoft CryptoAPI interface
>>     engine = capi
>>     ; Also needs "engineID = capi" in each section using the CAPI engine
>>
>>     [es-tcp]
>>     accept = ${SERVER_IP}:9300
>>     connect = 127.0.0.1:9300 <http://127.0.0.1:9300>
>>     cert = ....
>>     CAfile = ....
>>     verify = 2
>>
>>     [es-http]
>>     accept = ${SERVER_IP}:9200
>>     connect = 127.0.0.1:9200 <http://127.0.0.1:9200>
>>     cert = ....
>>     CAfile = ....
>>     verify = 2
>>
>>     [es-disc-local]
>>     client = yes
>>     accept = 127.0.0.1:9700 <http://127.0.0.1:9700>
>>     connect = ${SERVER_IP}:9300
>>     cert = ....
>>
>>
>>
>>     On 22 September 2014 14:30, Pierre DELAAGE
>>     <delaage.pierre at free.fr <mailto:delaage.pierre at free.fr>> wrote:
>>
>>         Hello,
>>         I can tell my patch was adressing read file error on conf file,
>>         but, unfortunately, not at all "dependencies of stunnel
>>         service at start up",
>>         which is likely to be the core pb preventing stunnel to start
>>         correctly at boot time for people on that thread.
>>
>>         Michal added explicit dependencies at startup, that is
>>         necessary to solve that bug. I did not check yet its
>>         implementation.
>>
>>         But maybe some services, although started, are still "not
>>         ready" when stunnel starts, so that this makes stunnel fail.
>>
>>         I suggest that stunnel checks, not only the availability, but
>>         also the "efficiency" of the DNS service by trying to resolve
>>         a well known server.
>>         it should retry during, eg, 3 seconds, and then stops with
>>         some reports if failing to resolve the hostname,
>>         either by lack of network, or by lack of answer from the name
>>         resolver.
>>         But...it seems that when having problems at startup, it
>>         cannot even log anything....maybe this is due to the identity
>>         of "system user" of stunnel at that particular moment: user
>>         that may have no right to write on the HD.
>>
>>         People should check also the installation location of stunnel
>>         : it is supposed (and have predefined shortcuts for that) to
>>         be installed PREFERABLY in "c:\program files\stunnel".
>>         I recommend to use that location.
>>
>>         They also should try to resolve by hand the hostnames they
>>         put in their stunnel conf file, just to be sure.
>>
>>         On some network or machines, maybe there is a problem with
>>         the firewall and SOME services tunneled by stunnel on
>>         forbidden ports.
>>
>>         On another hand, it sounds strange that just restarting
>>         stunnel (in user mode or service mode ?) is solving the problem :
>>         this sounds like unavailability of DNS at startup.
>>
>>         I did not investigate that particular problem, but I will
>>         perform some tests soon with the last 504 (or 505).
>>
>>         Yours sincerely
>>         Pierre
>>
>>
>>
>>         Le 22/09/2014 19:20, 541401 at gmail.com
>>         <mailto:541401 at gmail.com> a écrit :
>>>         Using Stunnel on several Windows Server 2008 R2 SP1 machines
>>>         (all such machines are X64 as the OS is only released as X64).
>>>
>>>         During August of 2014 I reported in this forum the current
>>>         version of Stunnel would not function as a service under the
>>>         above OS, even if using a delayed start, it might run but it
>>>         would not work.  I reverted to using version 4.35, which did
>>>         work properly.
>>>
>>>         Pierre DeLagge was kind enough to provide me with a copy of
>>>         his patched Stunnel 5.02, which I am still using and which
>>>         is working flawlessly on my production servers.  No delayed
>>>         start required.
>>>
>>>         I am wondering if Pierre's 5.02 patch has been incorporated
>>>         into the most recently released Stunnel, 5.04?  Has anyone
>>>         been successful in getting the most current version to
>>>         actually work under the above environment without delaying
>>>         the start of the service?
>>>
>>>         Just to add a little color and background to the story, I am
>>>         using the native WS2008R2SP1 SMTP server on each machine, in
>>>         conjunction with Stunnel, so as to forward OS event
>>>         notifications through a gmail account.
>>>
>>>
>>>
>>>         On 09.22.2014 06:54, John Smith wrote:
>>>>         I tried 5.04. on Windows Server 2008 R2 Enterprise Service
>>>>         Pack 1 x64
>>>>
>>>>
>>>>         Same issue. Service shows as started, but no log. If I go
>>>>         manual restart it works.
>>>>
>>>>         Have to put delayed startup.
>>>>
>>>>         On 18 September 2014 16:15, John Smith
>>>>         <java.dev.mtl at gmail.com <mailto:java.dev.mtl at gmail.com>> wrote:
>>>>
>>>>             For now i'm happy with 5.03 Already in production so I
>>>>             will have to wait next time! :)
>>>>
>>>>             On 17 September 2014 17:10, Michal Trojnara
>>>>             <Michal.Trojnara at mirt.net
>>>>             <mailto:Michal.Trojnara at mirt.net>> wrote:
>>>>
>>>>                 -----BEGIN PGP SIGNED MESSAGE-----
>>>>                 Hash: SHA1
>>>>
>>>>                 Jose Alf. wrote:
>>>>                 > Regarding stunnel service dependencies, If you
>>>>                 read the 5.04 beta
>>>>                 > announcement, the dependency is created
>>>>                 automatically now when you
>>>>                 > install stunnel as a service. Please give it a
>>>>                 try. Looks like it
>>>>                 > works for me.
>>>>                 >
>>>>                 > Thanks to Mike for implementing that.
>>>>
>>>>                 Thank you for testing it.
>>>>
>>>>                 Best regards,
>>>>                         Mike
>>>>                 -----BEGIN PGP SIGNATURE-----
>>>>                 Version: GnuPG v1
>>>>
>>>>                 iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q
>>>>                 yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR
>>>>                 =+xFQ
>>>>                 -----END PGP SIGNATURE-----
>>>>                 _______________________________________________
>>>>                 stunnel-users mailing list
>>>>                 stunnel-users at stunnel.org
>>>>                 <mailto:stunnel-users at stunnel.org>
>>>>                 https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         stunnel-users mailing list
>>>>         stunnel-users at stunnel.org  <mailto:stunnel-users at stunnel.org>
>>>>         https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>>         _______________________________________________
>>>         stunnel-users mailing list
>>>         stunnel-users at stunnel.org  <mailto:stunnel-users at stunnel.org>
>>>         https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>>         _______________________________________________
>>         stunnel-users mailing list
>>         stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>>         https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
>
>     _______________________________________________
>     stunnel-users mailing list
>     stunnel-users at stunnel.org <mailto:stunnel-users at stunnel.org>
>     https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140923/2a36b2ff/attachment-0001.html>


More information about the stunnel-users mailing list