Have you tried to change the service dependency from "TCPIP" (the
default in the code), to "dnscache" (ok, EVEN if you do not use hostname
resolution),
this is just to be sure that stunnel relies on something that is using
tcpip as well.
question : what kind of network interface do you have :
wifi ?
ethernet board ?
Are you traversing multiple routers ?
Are you using multiple firewalls ?
Have you tuned a delay as suggested a few days ago ?
Can you try without specifying "capi engine" ?
Are you using stunnel 32 bits or 64 bits : if 64, try the 32 version as
well.
I am reviewing the code and soon enter some test on w7-32bits.
Regards
Pierre
Le 23/09/2014 15:30, John Smith a écrit :
I wish you were right but unfortunately it's running lol
On 22 September 2014 18:24, Pierre DELAAGE <[email protected]
<mailto:[email protected]>> wrote:
When you observe that log is empty and that "stunnel shows as
started",
do a CTRL ALT DEL to check if there is any process called
"stunnel" that is really running...
I have a doubt that, although scm says stunnel is running, in fact
it is not.
Regards
Pierre
Le 22/09/2014 21:43, John Smith a écrit :
Hi I used administrator account and defaults to install. It is
installed at Program Files (x86)
The service is set to run as local system account and interact
with desktop is checked.
Once the machine is booted... Login open service control panel,
stunnel shows as started. Go look at logs nothing there... In
service control panel hit the restart button. And it comes up
properly.
My config is as follows:
; Debugging stuff (may useful for troubleshooting)
;debug = 7
output = stunnel.log
; Initialize Microsoft CryptoAPI interface
engine = capi
; Also needs "engineID = capi" in each section using the CAPI engine
[es-tcp]
accept = ${SERVER_IP}:9300
connect = 127.0.0.1:9300 <http://127.0.0.1:9300>
cert = ....
CAfile = ....
verify = 2
[es-http]
accept = ${SERVER_IP}:9200
connect = 127.0.0.1:9200 <http://127.0.0.1:9200>
cert = ....
CAfile = ....
verify = 2
[es-disc-local]
client = yes
accept = 127.0.0.1:9700 <http://127.0.0.1:9700>
connect = ${SERVER_IP}:9300
cert = ....
On 22 September 2014 14:30, Pierre DELAAGE
<[email protected] <mailto:[email protected]>> wrote:
Hello,
I can tell my patch was adressing read file error on conf file,
but, unfortunately, not at all "dependencies of stunnel
service at start up",
which is likely to be the core pb preventing stunnel to start
correctly at boot time for people on that thread.
Michal added explicit dependencies at startup, that is
necessary to solve that bug. I did not check yet its
implementation.
But maybe some services, although started, are still "not
ready" when stunnel starts, so that this makes stunnel fail.
I suggest that stunnel checks, not only the availability, but
also the "efficiency" of the DNS service by trying to resolve
a well known server.
it should retry during, eg, 3 seconds, and then stops with
some reports if failing to resolve the hostname,
either by lack of network, or by lack of answer from the name
resolver.
But...it seems that when having problems at startup, it
cannot even log anything....maybe this is due to the identity
of "system user" of stunnel at that particular moment: user
that may have no right to write on the HD.
People should check also the installation location of stunnel
: it is supposed (and have predefined shortcuts for that) to
be installed PREFERABLY in "c:\program files\stunnel".
I recommend to use that location.
They also should try to resolve by hand the hostnames they
put in their stunnel conf file, just to be sure.
On some network or machines, maybe there is a problem with
the firewall and SOME services tunneled by stunnel on
forbidden ports.
On another hand, it sounds strange that just restarting
stunnel (in user mode or service mode ?) is solving the problem :
this sounds like unavailability of DNS at startup.
I did not investigate that particular problem, but I will
perform some tests soon with the last 504 (or 505).
Yours sincerely
Pierre
Le 22/09/2014 19:20, [email protected]
<mailto:[email protected]> a écrit :
Using Stunnel on several Windows Server 2008 R2 SP1 machines
(all such machines are X64 as the OS is only released as X64).
During August of 2014 I reported in this forum the current
version of Stunnel would not function as a service under the
above OS, even if using a delayed start, it might run but it
would not work. I reverted to using version 4.35, which did
work properly.
Pierre DeLagge was kind enough to provide me with a copy of
his patched Stunnel 5.02, which I am still using and which
is working flawlessly on my production servers. No delayed
start required.
I am wondering if Pierre's 5.02 patch has been incorporated
into the most recently released Stunnel, 5.04? Has anyone
been successful in getting the most current version to
actually work under the above environment without delaying
the start of the service?
Just to add a little color and background to the story, I am
using the native WS2008R2SP1 SMTP server on each machine, in
conjunction with Stunnel, so as to forward OS event
notifications through a gmail account.
On 09.22.2014 06:54, John Smith wrote:
I tried 5.04. on Windows Server 2008 R2 Enterprise Service
Pack 1 x64
Same issue. Service shows as started, but no log. If I go
manual restart it works.
Have to put delayed startup.
On 18 September 2014 16:15, John Smith
<[email protected] <mailto:[email protected]>> wrote:
For now i'm happy with 5.03 Already in production so I
will have to wait next time! :)
On 17 September 2014 17:10, Michal Trojnara
<[email protected]
<mailto:[email protected]>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jose Alf. wrote:
> Regarding stunnel service dependencies, If you
read the 5.04 beta
> announcement, the dependency is created
automatically now when you
> install stunnel as a service. Please give it a
try. Looks like it
> works for me.
>
> Thanks to Mike for implementing that.
Thank you for testing it.
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQZ+NsACgkQ/NU+nXTHMtGdAgCdFUQ6YWXDdE0g4ZNoys3DSR0Q
yLoAnRgo4jKIzb93fzEZcV79eoAQLXMR
=+xFQ
-----END PGP SIGNATURE-----
_______________________________________________
stunnel-users mailing list
[email protected]
<mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected] <mailto:[email protected]>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
