if someone has played with sTunnel/EWB/dbisam installed as 'services' on a Windows 2008 server..

..

I'm using Windows Server 2008r2, and I installed 'sTunnel', 'EWB' and dbisam as 'services', and that works great!

But i'm observing something peculiar, and I'm wondering if anyone else has seen this..

1. As long as I remain 'logged in' to the Windows Server, my httpS requests get channeled properly and I can get the html back, and run-time calls of 'database.load(..)' do return data as expected. Great!

2. However, if I 'log out' of the Windows Server (but leave sTunnel,EWB,dbisam services running), my web app properly responds and gives me the html, but a run-time call of 'database.load(..)' does not return anything (database load error).

so i'm puzzled. the only difference here is that in '1' I remain 'logged in', while in '2' I actually 'log out' of the Windows Server.

I did some further testing with a simple direct call to the database (stock example) using the browser directly:

httpS://localhost/datasets?method=rows&dataset=CustomerOrders&CustomerID='ADF'

and that responds properly whether i'm logged in or not to the Windows Server, so it would appear that the sTunnel/EWB/dbisam are indeed working correctly

i studied the sTunnel log file but it offers little insight as to why it behaves this way, with the logs being virtually identical whether i'm logged in or not to the Windows Server


//////////////

anyway, I might be best to go to the sTunnel forums, but I thought i'd start here in case someone else has observed this and found a way around it.


regards.. Bruno

(this is with v2b5, I did not try v1)
Logiciels Bitwise Software
Edmonton, AB, Canada

Bruno Larochelle wrote:

> why it behaves this way, with the logs being virtually identical
> whether i'm logged in or not to the Windows Server

I have no idea, but my thought would be to test after a restart. What
is actually working, and what not? That will show that they really are
services.


Also, are any resources constrained by user accounts? Where are the
databases? If they are in \users\bruno then the services probably can't
access them easily. You might need to start the services with a user
account credentials, as they usually cannot access network services
IIRC.

--

Matthew Jones

thanks Matthew for your suggestions

1. I did the old 'on/off' trick, and it worked. The services were running and the webapp was responding, including calls to 'database.load'. Cool!

2. What I still notice though is that if I then log in/out of the Windows Server (2008r2) - then the same situation is present again (ie. The services seem to work but do not respond to a 'database.load' within the web app).

3. I played with the 'Log on as' stuff, but that appears to have made no difference. My DBs are local and not in a private location (accessible to all users)

Anyway, bottom line is I have a solution for now.. I just re-boot the machine. Might be a problem in the long run on a production machine, so I'll continue poking around, and advise back if I find a solution.

regards.. Bruno

///////////////////////////


"Matthew Jones" wrote:

Bruno Larochelle wrote:

> why it behaves this way, with the logs being virtually identical
> whether i'm logged in or not to the Windows Server

I have no idea, but my thought would be to test after a restart. What
is actually working, and what not? That will show that they really are
services.


Also, are any resources constrained by user accounts? Where are the
databases? If they are in \users\bruno then the services probably can't
access them easily. You might need to start the services with a user
account credentials, as they usually cannot access network services
IIRC.

--

Matthew Jones

Bruno Larochelle wrote:

> 2. What I still notice though is that if I then log in/out of the
> Windows Server (2008r2) - then the same situation is present again
> (ie. The services seem to work but do not respond to a
> 'database.load' within the web app).

That I have no hypothesis about! One would have to work out what is
happening that changes the behaviour.

--

Matthew Jones

It took me five years to figure this out, and it may not be of much use.. but if anyone needs to run sTunnel as an 'NT Service' with no user logged in.. then "remming out" the command 'TIMEOutClose=0' in the stunnel.conf file appears to fix this issue. The sTunnel documentation mentions that this is set to get around a buggy IE, and.. being this was in 2015.. I am sort of assuming this problem maybe be something of the past.

; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0