moby: Windows Server 2019 publish ports in swarm not working

Description

When running a container in a single node swarm on Windows Server 2019 you can not access the published ports.

Steps to reproduce the issue:

Create a fresh VM on Azure using the Windows Server 2019 Datacenter with Containers image
Fully patch the VM.
Install latest docker update 18.09.6
Run swarm init
Use the following service yml file

version: '3.5'

services:
  webtest:
    image: mcr.microsoft.com/dotnet/core/samples:aspnetapp
    deploy:
      replicas: 1
      endpoint_mode: dnsrr          
    ports:
      - target: 80
        published: 8000
        protocol: tcp
        mode: host

Run the following to deploy the service

docker stack deploy -c .\service_test.yml service_test

Try and browse to http://localhost:8000 or http://local ip of machine:8000

Describe the results you received:

The browser sits there forever and never makes a connection. If you look in the resource monitor in Windows you see that dockerd.exe is listening on port 8000 on all interfaces.

When you point a browser at that port you can see in resource monitor that dockerd has accepted a connection on port 8000 but it just doesn’t appear to be doing anything with it.

If you just run the command

docker run -it --rm -p 8000:80 --name aspnetcore_sample mcr.microsoft.com/dotnet/core/samples:aspnetapp

I.E just run is as a container by itself and not on the swarm then everything works fine.

If I do the same steps using the following yml

version: '3.5'

services:
  webtest:
    image: mcr.microsoft.com/dotnet/core/samples:aspnetapp
    deploy:
      replicas: 1      
    ports:
      - target: 80
        published: 8000
        protocol: tcp

It still fails but this time I don’t see any listening ports for dockerd in resource monitor.

If I restart the docker service I find that the following events are logged in event viewer

HNSNetwork Request ={"Name":"uzjewd94ge9hi38jqzpseo0zx","Type":"overlay","Subnets":[{"AddressPrefix":"10.255.0.0/16","GatewayAddress":"10.255.0.1","Policies":[{"Type":"VSID","VSID":4096}]}],"AutomaticDNS":true}

followed by

Failed creating ingress network: hnsCall failed in Win32: An adapter was not found. (0x803b0006)

I found some comments online indicating this had something to do with only one physical network adapter being available on the machine so I added another network adapter in Azure and this error disappears but I still can’t access the container when it is in a swarm.

Describe the results you expected:

I’d expect to be able to access the website inside the container.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

Client: Docker Engine - Enterprise
 Version:           18.09.6
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        1578dcadd2
 Built:             05/04/2019 02:34:11
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Enterprise
 Engine:
  Version:          18.09.6
  API version:      1.39 (minimum version 1.24)
  Go version:       go1.10.8
  Git commit:       1578dcadd2
  Built:            05/04/2019 02:32:24
  OS/Arch:          windows/amd64
  Experimental:     false

Output of docker info:

Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 3
Server Version: 18.09.6
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: ics l2bridge l2tunnel nat null overlay transparent
 Log: awslogs etwlogs fluentd gelf json-file local logentries splunk syslog
Swarm: active
 NodeID: z59hrmf76s22pnnjo3t8xz7vt
 Is Manager: true
 ClusterID: lp7wuobnabi7rj0eow628k2x5
 Managers: 1
 Nodes: 1
 Default Address Pool: 10.0.0.0/8
 SubnetSize: 24
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 10.0.5.5
 Manager Addresses:
  10.0.5.5:2377
Default Isolation: process
Kernel Version: 10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)
Operating System: Windows Server 2019 Datacenter Version 1809 (OS Build 17763.475)
OSType: windows
Architecture: x86_64
CPUs: 2
Total Memory: 4GiB
Name: docker2019
ID: T6FB:4SLL:ASKC:YHC6:3CP3:N2Q6:ULCQ:GAWL:PSEZ:3REE:GYFM:CJ7X
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

Azure

About this issue

Original URL
State: open
Created 5 years ago
Comments: 36 (5 by maintainers)

Links to this issue

How to fix Docker error "hnsCall failed in Win32: An adapter was not found" when deploying service? - Stack Overflow

Most upvoted comments

Thanks @olljanat & @darrensteadman we will take a look at this and related bugs.

@pradipd FYI

daschott on May 13, 2019

No, it does not work from within an overlay network.

When I do:

docker run --rm mcr.microsoft.com/dotnet/core/runtime:2.2 curl google.com

It works, I get a response.

When I do:

docker network create mynet -d overlay --attachable
docker run --rm --network mynet mcr.microsoft.com/dotnet/core/runtime:2.2 curl google.com

I do not get a response. Neither when I use an IP address:

docker run --network mynet --rm mcr.microsoft.com/dotnet/core/runtime:2.2 curl 13.90.143.69

ipconfig /all from within the container:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : 64752046c74b
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : 3pqjrsfb5kxubpm0bn2bf4tkfc.bx.internal.cloudapp.net

Ethernet adapter vEthernet (bd1232ac2c7b1a9981cb7a9fa9df509d5f97752a2a3b18fdaf21307bf20a7d79):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
   Physical Address. . . . . . . . . : 00-15-5D-67-FB-A0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4d4f:f96e:80b7:3128%31(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.8.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.8.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

I also tried this:

docker network create -d overlay -o com.docker.network.windowsshim.enable_outboundnat=true mynet

But that didn’t change anything.

ipconfig /all on the host:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : dan2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : 3pqjrsfb5kxubpm0bn2bf4tkfc.bx.internal.cloudapp.net

Ethernet adapter vEthernet (Ethernet):

   Connection-specific DNS Suffix  . : 3pqjrsfb5kxubpm0bn2bf4tkfc.bx.internal.cloudapp.net
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-0D-3A-11-E5-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f490:a498:e28:115d%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, February 27, 2020 5:05:48 PM
   Lease Expires . . . . . . . . . . : Monday, April 5, 2156 12:38:09 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DHCPv6 IAID . . . . . . . . . . . : 134221114
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-E9-27-25-00-0D-3A-11-E5-7F
   DNS Servers . . . . . . . . . . . : 168.63.129.16
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (nat):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-15-5D-60-FC-83
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::443f:58c8:5234:cfd0%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.18.16.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 201332061
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-E9-27-25-00-0D-3A-11-E5-7F
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

So when I init the swarm I init on --advertise-addr=10.0.0.7, but I have tried the other network as well. Do I need to somehow create another hnsnetwork?

Get-HnsNetwork:

ActivityId             : BDCC1224-0BBA-4744-B4BC-9F2559100748
AdditionalParams       :
CurrentEndpointCount   : 0
Extensions             : {@{Id=E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A; IsEnabled=False; Name=Microsoft Windows Filtering Platform},
                         @{Id=E9B59CFA-2BE1-4B21-828F-B6FBDBDDC017; IsEnabled=False; Name=Microsoft Azure VFP Switch Extension},
                         @{Id=EA24CD6C-D17A-4348-9190-09F0D5BE83DD; IsEnabled=True; Name=Microsoft NDIS Capture}}
Flags                  : 0
Health                 : @{AddressNotificationMissedCount=0; AddressNotificationSequenceNumber=0; InterfaceNotificationMissedCount=0;
                         InterfaceNotificationSequenceNumber=0; LastErrorCode=0; LastUpdateTime=132272940699156224; RouteNotificationMissedCount=0;
                         RouteNotificationSequenceNumber=0}
ID                     : C1FE57EA-258F-4849-B625-9950F7525209
IPv6                   : False
LayeredOn              : 0DAA07CA-FD5D-4092-87F7-95C2D722FFA4
MacPools               : {@{EndMacAddress=00-15-5D-60-FF-FF; StartMacAddress=00-15-5D-60-F0-00}}
MaxConcurrentEndpoints : 1
Name                   : nat
NatName                : ICS609D6AAE-A517-44CB-BFFF-D992208A8AF0
Policies               : {}
Resources              : @{AdditionalParams=; AllocationOrder=2; Allocators=System.Object[]; Health=; ID=BDCC1224-0BBA-4744-B4BC-9F2559100748;
                         PortOperationTime=0; State=1; SwitchOperationTime=0; VfpOperationTime=0; parentId=F75F5115-E6AB-4520-867F-8C4A9399611D}
State                  : 1
Subnets                : {@{AdditionalParams=; AddressPrefix=172.18.16.0/20; GatewayAddress=172.18.16.1; Health=;
                         ID=350C5192-26EC-4CE8-8ECD-401C2DD927C8; Policies=System.Object[]; State=0}}
TotalEndpoints         : 4
Type                   : nat
Version                : 38654705666

ActivityId             : F170AD8C-F16F-4742-ADD4-9F0EC026175C
AdditionalParams       :
AutomaticDNS           : True
CurrentEndpointCount   : 0
DNSServerCompartment   : 3
DrMacAddress           : 00-15-5D-EC-0F-71
Extensions             : {@{Id=E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A; IsEnabled=False; Name=Microsoft Windows Filtering Platform},
                         @{Id=E9B59CFA-2BE1-4B21-828F-B6FBDBDDC017; IsEnabled=True; Name=Microsoft Azure VFP Switch Extension},
                         @{Id=EA24CD6C-D17A-4348-9190-09F0D5BE83DD; IsEnabled=True; Name=Microsoft NDIS Capture}}
Flags                  : 0
Health                 : @{LastErrorCode=0; LastUpdateTime=132272967464704708}
ID                     : A72D4A38-A708-474B-B715-D6100EA4ADD4
IPv6                   : False
LayeredOn              : B748510C-0D60-4002-A91C-9614F956E7AB
MacPools               : {@{EndMacAddress=00-15-5D-F6-AF-FF; StartMacAddress=00-15-5D-F6-A0-00}}
ManagementIP           : 10.0.0.7
MaxConcurrentEndpoints : 0
Name                   : r46hdjhp98pikok2jb67l5avp
Policies               : {}
Resources              : @{AdditionalParams=; AllocationOrder=1; Allocators=System.Object[]; Health=; ID=F170AD8C-F16F-4742-ADD4-9F0EC026175C;
                         PortOperationTime=0; State=1; SwitchOperationTime=0; VfpOperationTime=0; parentId=D3C26B4D-7DC8-43D7-AE5D-173ACC792246}
State                  : 1
Subnets                : {@{AdditionalParams=; AddressPrefix=10.0.0.0/24; GatewayAddress=10.0.0.1; Health=; ID=1CADAE94-3D55-49F2-B9C8-E939595D9F5E;
                         ObjectType=5; Policies=System.Object[]; State=0}}
TotalEndpoints         : 0
Type                   : overlay
Version                : 38654705666

djarvis on Feb 27, 2020

@darrensteadman @vitaliy-leschenko @daschott I just spun up a VM on Azure and stack deployed the following compose to a single node Win2019 server with containers.

services: 
    testsvc :
        image: mcr.microsoft.com/windows/servercore:ltsc2019
        command: ping localhost /t

Whilst I did not test the port access issue @darrensteadman reported, I was more interested in the error

hnsCall failed in Win32: An adapter was not found

On the azure VM the service and task start just fine.

However on a fully patched Win10 desktop with docker desktop community 19.03.05 the single node swarm service continually terminates the task and attempts to restart it every 5 seconds, citing the error above.

@daschott Will whatever fixed this in Enterprise trickle down to community version ? Would be nice to keep testing locally.

ordinaryorange on Dec 29, 2019