[stunnel-users] Stunnel as windows service doesn't start on restart.

John Smith java.dev.mtl at gmail.com
Tue Sep 23 18:05:42 CEST 2014


Network: Ethernet
Multiple routers: No
Firewall: No
Delay: Yes, Automitic (Delayed Start) works like a charm.
Capi engine: Yes tried turning it off
32 bit or 64 bit: 32bit running on 64 bit server. I don't see a 64 bit
version on the download page?
dnscache: Haven't tried it yet.


- stunnel works fine on the server specifically with the service set to
Automatic (Delayed Start). And I even tunnel properly to other machines so
it not firewalls or routers or network.
- Only when it's NOT (Delayed Start)  stunnel doe not seem to start even
though the service shows as started.
- I managed to tunnel from my Desktop to the Server. I have not tried
automatic service startup on Desktop because I don't have enough
privilidges. But trying to setup the server, since that's the machine that
will have stunnel in production.




On 23 September 2014 10:04, Pierre DELAAGE <delaage.pierre at free.fr> wrote:

>  Have you tried to change the service dependency from "TCPIP" (the default
> in the code), to "dnscache" (ok, EVEN if you do not use hostname
> resolution),
> this is just to be sure that stunnel relies on something that is using
> tcpip as well.
>
> question : what kind of network interface do you have :
>
> wifi ?
> ethernet board ?
>
> Are you traversing multiple routers ?
>
> Are you using multiple firewalls ?
>
> Have you tuned a delay as suggested a few days ago ?
>
> Can you try without specifying "capi engine" ?
>
> Are you using stunnel 32 bits or 64 bits : if 64, try the 32 version as
> well.
>
> I am reviewing the code and soon enter some test on w7-32bits.
>
> Regards
> Pierre
>
>
>
> Le 23/09/2014 15:30, John Smith a écrit :
>
> I wish you were right but unfortunately it's running lol
>
> On 22 September 2014 18:24, Pierre DELAAGE <delaage.pierre at free.fr> wrote:
>
>>  When you observe that log is empty and that "stunnel shows as started",
>> do a CTRL ALT DEL to check if there is any process called "stunnel" that
>> is really running...
>>
>> I have a doubt that, although scm says stunnel is running, in fact it is
>> not.
>>
>> Regards
>> Pierre
>>
>> Le 22/09/2014 21:43, John Smith a écrit :
>>
>> Hi I used administrator account and defaults to install. It is installed
>> at Program Files (x86)
>>
>>  The service is set to run as local system account and interact with
>> desktop is checked.
>>
>>  Once the machine is booted... Login open service control panel, stunnel
>> shows as started. Go look at logs nothing there... In service control panel
>> hit the restart button. And it comes up properly.
>>
>>  My config is as follows:
>>
>>  ; Debugging stuff (may useful for troubleshooting)
>> ;debug = 7
>> output = stunnel.log
>>
>>  ; Initialize Microsoft CryptoAPI interface
>> engine = capi
>> ; Also needs "engineID = capi" in each section using the CAPI engine
>>
>>  [es-tcp]
>> accept = ${SERVER_IP}:9300
>> connect = 127.0.0.1:9300
>> cert = ....
>> CAfile = ....
>> verify = 2
>>
>>  [es-http]
>> accept = ${SERVER_IP}:9200
>> connect = 127.0.0.1:9200
>> cert = ....
>> CAfile = ....
>> verify = 2
>>
>>  [es-disc-local]
>> client = yes
>> accept = 127.0.0.1:9700
>> connect = ${SERVER_IP}:9300
>> cert = ....
>>
>>
>>
>> On 22 September 2014 14:30, Pierre DELAAGE <delaage.pierre at free.fr>
>> wrote:
>>
>>>  Hello,
>>> I can tell my patch was adressing read file error on conf file,
>>> but, unfortunately, not at all "dependencies of stunnel service at start
>>> up",
>>> which is likely to be the core pb preventing stunnel to start correctly
>>> at boot time for people on that thread.
>>>
>>> Michal added explicit dependencies at startup, that is necessary to
>>> solve that bug. I did not check yet its implementation.
>>>
>>> But maybe some services, although started, are still "not ready" when
>>> stunnel starts, so that this makes stunnel fail.
>>>
>>> I suggest that stunnel checks, not only the availability, but also the
>>> "efficiency" of the DNS service by trying to resolve a well known server.
>>> it should retry during, eg, 3 seconds, and then stops with some reports
>>> if failing to resolve the hostname,
>>> either by lack of network, or by lack of answer from the name resolver.
>>> But...it seems that when having problems at startup, it cannot even log
>>> anything....maybe this is due to the identity of "system user" of stunnel
>>> at that particular moment: user that may have no right to write on the HD.
>>>
>>> People should check also the installation location of stunnel : it is
>>> supposed (and have predefined shortcuts for that) to be installed
>>> PREFERABLY in "c:\program files\stunnel".
>>> I recommend to use that location.
>>>
>>> They also should try to resolve by hand the hostnames they put in their
>>> stunnel conf file, just to be sure.
>>>
>>> On some network or machines, maybe there is a problem with the firewall
>>> and SOME services tunneled by stunnel on forbidden ports.
>>>
>>> On another hand, it sounds strange that just restarting stunnel (in user
>>> mode or service mode ?) is solving the problem :
>>> this sounds like unavailability of DNS at startup.
>>>
>>> I did not investigate that particular problem, but I will perform some
>>> tests soon with the last 504 (or 505).
>>>
>>> Yours sincerely
>>> Pierre
>>>
>>>
>>>
>>> Le 22/09/2014 19:20, 541401 at gmail.com a écrit :
>>>
>>> Using Stunnel on several Windows Server 2008 R2 SP1 machines (all such
>>> machines are X64 as the OS is only released as X64).
>>>
>>> During August of 2014 I reported in this forum the current version of
>>> Stunnel would not function as a service under the above OS, even if using a
>>> delayed start, it might run but it would not work.  I reverted to using
>>> version 4.35, which did work properly.
>>>
>>> Pierre DeLagge was kind enough to provide me with a copy of his patched
>>> Stunnel 5.02, which I am still using and which is working flawlessly on my
>>> production servers.  No delayed start required.
>>>
>>> I am wondering if Pierre's 5.02 patch has been incorporated into the
>>> most recently released Stunnel, 5.04?  Has anyone been successful in
>>> getting the most current version to actually work under the above
>>> environment without delaying the start of the service?
>>>
>>> Just to add a little color and background to the story, I am using the
>>> native WS2008R2SP1 SMTP server on each machine, in conjunction with
>>> Stunnel, so as to forward OS event notifications through a gmail account.
>>>
>>>
>>>
>>> On 09.22.2014 06:54, John Smith wrote:
>>>
>>> I tried 5.04. on Windows Server 2008 R2 Enterprise Service Pack 1 x64
>>>
>>>
>>>  Same issue. Service shows as started, but no log. If I go manual
>>> restart it works.
>>>
>>> Have to put delayed startup.
>>>
>>> On 18 September 2014 16:15, John Smith <java.dev.mtl at gmail.com> wrote:
>>>
>>>> For now i'm happy with 5.03 Already in production so I will have to
>>>> wait next time! :)
>>>>
>>>> On 17 September 2014 17:10, Michal Trojnara <Michal.Trojnara at mirt.net>
>>>> wrote:
>>>>
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>> Jose Alf. wrote:
>>>>> > Regarding stunnel service dependencies, If you read the 5.04 beta
>>>>> > announcement, the dependency is created automatically now when you
>>>>> > install stunnel as a service. Please give it a try. Looks like it
>>>>> > works for me.
>>>>> >
>>>>> > Thanks to Mike for implementing that.
>>>>>
>>>>> Thank you for testing it.
>>>>>
>>>>> Best regards,
>>>>>         Mike
>>>>> -----BEGIN PGP SIGNATURE-----
>>>>> Version: GnuPG v1
>>>>>
>>>>> iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q
>>>>> yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR
>>>>> =+xFQ
>>>>> -----END PGP SIGNATURE-----
>>>>>  _______________________________________________
>>>>> stunnel-users mailing list
>>>>> stunnel-users at stunnel.org
>>>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> stunnel-users mailing liststunnel-users at stunnel.orghttps://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> stunnel-users mailing liststunnel-users at stunnel.orghttps://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>>
>>> _______________________________________________
>>> stunnel-users mailing list
>>> stunnel-users at stunnel.org
>>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>>
>>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>>
>>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140923/f246242d/attachment-0001.html>


More information about the stunnel-users mailing list