Docker Community Forums

Share and learn in the Docker community.

Cannot add Windows node via UCP

(Feiock) #1

I am setting up my first Docker Swarm with Docker EE and UCP. I currently have two Linux machines running as the Managers, and two Linux machines running as worker Nodes, and those all seem to be running as expected. All machines are in Azure, and I have Network Security Groups setup to allow communication on the ports outlined in the Docker documentation.

I am now trying to add a Windows Server 2016 node to the cluster via UCP. Prior to adding the node, I follow the steps outlined here:

And once that is complete, run the doocker swarm join command. Once that is done, back in the UCP UI for the Windows node, the Status is Down and the Message is “Awaiting healthy status in classic node inventory”. At the top of UCP page, it has this message:

“Node WinCont6Host3 is a Windows node that cannot connect to its local Docker daemon. Make sure the Docker daemon is set up correctly on that node. See for more information.”

The steps outlined in the URL are the same as in the setup scripts above. I am able to Telnet from my Windows host to the Linux manager on all the ports needed (2376, 2377, 12376). Any idea on how to add this node to the cluster?

OS: Windows Server 2016 (build 1607)
UCP Win Version: 2.2.6

(Feiock) #2

I spoke with an engineer at Docker who helped me out with this issue. He suggested the following:

  • On a manager node, run ‘docker service ps ucp-agent-win’
  • Get the first task ID you see and do a docker inspect --format '{{.Status.Err}}' <id>
    • If the full message is “invalid mount config for type “bind”: bind source path does not exist”, then move on to the next step
  • Run docker inspect --format '{{.Spec.ContainerSpec.Mounts}}' <id>
    • If the output looks like this:
    • [{bind c:\ProgramData\docker\daemoncerts c:\ProgramData\docker\daemoncerts true <nil> <nil> <nil>}]
    • Then there is something wrong with your certs, and the script in the documentation did not work properly. Try this instead on the affected Windows node:
    • $script = [ScriptBlock]::Create((docker run --rm docker/ucp-agent-win:2.2.6 windows-script | Out-String)) Invoke-Command $script
  • Once that is done, verify this directory exists: c:\ProgramData\docker\daemoncerts and that there are 3 files in there: ca.pem, cert.pem, and key.pem