Excellent. I'm glad you solved it. Thanks for closing the loop.
> El 23 jun 2016, a las 19:49, J. Michael Drew <[email protected]> > escribió: > > Jose, > > I have discovered what I did wrong. > > I did the original stunnel installs from the command line and then installed > the stunnel service from the command line as well. When I installed the > stunnel service it would break the website. So I removed the service (I > thought) then I copied a shortcut to stunnel.exe to the Win start up> > program folder. Both sites started working on the servers as long as I was > logged in through an RDP session. > > I uninstalled everything and reinstalled. Stunnel 5.32 installs a Windows GUI > on Server 2012 as well so I went back and used the Windows server 2012 > desktop applications to install the windows service and to stop the GUI > application. > > Everything is now working as expected. > > It appears that I was running two instances of stunnel at the same time and > I didn’t completely remove the original stunnel service. > > Thanks for all of your help, > > Cheers, > > Michael > > > > From: Josealf.rm [mailto:[email protected]] > Sent: Thursday, June 23, 2016 2:37 PM > To: J. Michael Drew > Subject: Re: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit > > Hi Michael, > > Did my last suggestions help with your issue? > > Regards > > > El 20 jun 2016, a las 18:00, J. Michael Drew <[email protected]> > escribió: > > .Jose, > > I appreciate your patience. > > Internet - Clients : 443 -> : https://website.company.com/website/ > > ________Firewall___________ > > Web\Presentation Layer > > 2 Win 2012 Webservers (443) not currently connected to the production LB, > application needs to work before connecting to LB. This configuration is > first time on 64 bit OS… Win 2012. > IIS 8 running Jakarta ISAPI Filter\Stunnel to redirect 9001 to 9009: > > _________Firewall\App Layer________ > Port 9009 > > Connects to App server running Apache > > > > Application is working as expected as long as I am logged in to the IIS 8 > server. I can telnet to the APP layer over 9009 and I can reach these > websites externally as expected. Firewalls are good. > > Please let me know any other information you need. > > Thank you again, > > Michael > > > > > From: Jose Alf. [mailto:[email protected]] > Sent: Monday, June 20, 2016 4:32 PM > To: J. Michael Drew > Subject: Re: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit > > Michael, > > Please take this in constructive way. I am trying to help, but it looks like > you need to do some reading and homework. > Please check http://catb.org/~esr/faqs/smart-questions.html > > I suggest you draw a picture of your environment and explain well what you're > trying to achieve. Show your client, your backend server, your stunnel > server, include the IPs and ports they're listening to and everything should > be easier. Don't forget any firewalls thay may be in the way. > > Regards, > Jose. > > From: J. Michael Drew <[email protected]> > To: 'Jose Alf.' <[email protected]> > Sent: Monday, June 20, 2016 1:00 PM > Subject: RE: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit > > Hi Jose, > > I made the changes you suggested, but I am still getting the same behavior. > > My external address is: https://website.company.com/website > > I am not adding any ports to the address. > > Thanks so much for your help! > > Michael > > From: Jose Alf. [mailto:[email protected]] > Sent: Monday, June 20, 2016 12:10 PM > To: J. Michael Drew; [email protected] > Subject: Re: [stunnel-users] FW: Stunnel with IIS8 on server 2012 64 bit > > Michael, > > > I guess what you want to do is to be able to connect to your internal > Webserver via your Win2012 stunnel proxy using a URL like: > > > https://yourwin2012dnsname:9001/ > > > if that is correct, I suggest to adjust your configuration as follows: > > > 1. Your stunnel mode must be server, not client. So adjust your service > stanza as follows: > > > [CLI9F529A0A] > accept=9001 > connect=10.xxx.xxx.xxx:9009 > client=no > > 2. In your current configuration stunnel is listening only in the localhost > ipv4 address (127.0.0.1). Therefore, you can only connect when you are logged > on the server, you can't connect from a remote client. > > Hope this helps you clarify what's going on. > > > Regards, > Jose > > From: J. Michael Drew [mailto:[email protected]] > Sent: Monday, June 20, 2016 9:54 AM > To: 'Josealf.rm' > Subject: RE: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit > > Jose, > > Once logged in to the server I can open a browser on the server and connect > through https://localhost/website and I can log in to the site externally as > expected. > > Here are the log files from IIS and stunnel where stunnel is running as a > service on the Windows 2012 server: > > When I am not logged in to the server it fails: > > #Software: Microsoft Internet Information Services 8.5 > #Version: 1.0 > #Date: 2016-06-20 00:30:21 > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username > c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status > time-taken > 2016-06-20 00:30:21 159.xxx.xxx.xxx HEAD / - 443 - 190.xxx.xxx.xxx - - 200 0 > 0 1218 > #Software: Microsoft Internet Information Services 8.5 > #Version: 1.0 > #Date: 2016-06-20 05:41:01 > #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username > c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status > time-taken > 2016-06-20 05:41:01 10.xxx.xxx.xxx OPTIONS /C$/windows/system32/NTDLL.DLL - > 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 200 0 0 500 > 2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32/NTDLL.DLL - > 80 - 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 46 > 2016-06-20 05:41:01 10.xxx.xxx.xxx PROPFIND /C$/windows/system32 - 80 - > 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 218 > 2016-06-20 05:41:16 10.xxx.xxx.xxx PROPFIND > /patch-{682810b5-36dc-4e5d-81dd-6c02cd8f445b}-patchtoolsd.exe - 80 - > 159.82.156.241 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 64 62 > 2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /N$cl64.exe - 80 - > 159.xxx.xxx.xxx 1 Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 62 > 2016-06-20 05:41:27 10.xxx.xxx.xxx PROPFIND /C$rome.dll - 80 - > 159.xxx.xxx.xxx Microsoft-WebDAV-MiniRedir/6.1.7601 - 404 0 2 296 > > Stunell.conf: > > cert = extwebsvr_ver.pem > > ; Some performance tuning > socket = l:TCP_NODELAY=1 > socket = r:TCP_NODELAY=1 > > ; Peer Authentication > verify = 2 > CAfile = extwebsvr_root.pem > > ; Debug mode - useful for troubleshooting > debug = 7 > output = stunnel.log > > > ; Client mode > client = yes > > ; Setup tunnels to each EMS node > > [CLIxxxxxxxx)] > accept=127.0.0.1:9001 > connect=10.xxx.xxx.xxx:9009 > > Stunnel.log: > > 2016.06.20 09:17:39 LOG7[main]: No limit detected for the number of clients > 2016.06.20 09:17:39 LOG5[main]: stunnel 5.27 on x86-pc-msvc-1500 platform > 2016.06.20 09:17:39 LOG5[main]: Compiled/running with OpenSSL 1.0.2e-fips 3 > Dec 2015 > 2016.06.20 09:17:39 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 > TLS:ENGINE,FIPS,OCSP,PSK,SNI > 2016.06.20 09:17:39 LOG7[main]: errno: (*_errno()) > 2016.06.20 09:17:39 LOG5[main]: Reading configuration from file stunnel.conf > 2016.06.20 09:17:39 LOG7[ui]: GUI message loop initialized > 2016.06.20 09:17:39 LOG7[cron]: Cron thread initialized > 2016.06.20 09:17:39 LOG5[main]: UTF-8 byte order mark detected > 2016.06.20 09:17:39 LOG6[main]: Initializing service [CLI9F529A0A] > 2016.06.20 09:17:39 LOG6[main]: Loading certificate from file: > extwebsvr_ver.pem > 2016.06.20 09:17:39 LOG6[main]: Certificate loaded from file: > extwebsvr_ver.pem > 2016.06.20 09:17:39 LOG6[main]: Loading private key from file: > extwebsvr_ver.pem > 2016.06.20 09:17:39 LOG6[main]: Private key loaded from file: > extwebsvr_ver.pem > 2016.06.20 09:17:39 LOG7[main]: Private key check succeeded > 2016.06.20 09:17:39 LOG4[main]: Service [CLIxxxxxxxx] uses "verify = 2" > without subject checks > 2016.06.20 09:17:39 LOG4[main]: Use "checkHost" or "checkIP" to restrict > trusted certificates > 2016.06.20 09:17:39 LOG7[main]: SSL options: 0x03000004 (+0x03000000, > -0x00000000) > 2016.06.20 09:17:39 LOG5[main]: Configuration successful > > Thanks for your help, > > Michael > > > > > From: Josealf.rm [mailto:[email protected]] > Sent: Monday, June 20, 2016 8:01 AM > To: J. Michael Drew > Cc: [email protected] > Subject: Re: [stunnel-users] Stunnel with IIS8 on server 2012 64 bit > > Michael, > > Is your stunnel running as a service? > Please post sanitized logs and configuration for a better diagnostic ... > > Regards > Jose > > El 20 jun 2016, a las 6:39, J. Michael Drew <[email protected]> > escribió: > Hi, > > I have a website on IIS8 and am using stunnel to forward requests over 9009 > inside to my application server. When I log in to the IIS server and stay > logged in everything works as expected. When I log off the IIS 8 web server > my site is unreachable with a “service is unavailable”. > > Can someone help me? > > Sincere thanks, > > Michael > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
