Running a docker service under windows, published port is not accessible

Docker Desktop for Windows
1

Hi,
I’m trying to learn docker while running 4 VMs with windows server 1709 and docker version 17.09.2-ee-7.
I’m currently trying to run a docker service in a docker swarm with a published port … but the published port doesn’t seem to be accessible … and don’t understand why, internal routing problem or whatever …?
I don’t get an answer on port 8080 even when connecting locally from the node currently running the image with f.ex “Invoke-Webrequest” (as windows server 1709 is without GUI).

The 4 VMs are part of the same swarm (1 manager + 3 workers), the manager hostname is “DOCKER”.
C:\Users\Administrator>docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
4n96lkxy2hf2tfja391bunch8 * DOCKER Ready Active Leader
wi2wkcrpo3ae8pol7lp68ne08 DOCKER2 Ready Active
xrx1to91p0dt9id1ji58ss5a9 DOCKER1 Ready Active
ywlqqzyulav3wr0lztbikioqi DOCKER3 Ready Active

I created a service running a windows container with tomcat in it, and published the port 8080:
docker service create -d --name tomcat -p 8080:8080 192.168.5.130/tomcat
C:\Users\Administrator>docker service ls

ID NAME MODE REPLICAS IMAGE PORTS
mjmv3wjhsf9g tomcat replicated 1/1 192.168.5.130/tomcat:latest *:8080->8080/tcp

C:\Users\Administrator>docker service ps tomcat
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
nguiv29tqz55 tomcat.1 192.168.5.130/tomcat:latest DOCKER Running Running 35 minutes ago

What’s already strange is that “docker service ps tomcat” does not show any published port but “docker service ls” does show published port … anyhow.

Here is only a snip that the service is running:
C:\Users\Administrator>docker service logs tomcat
tomcat.1.nguiv29tqz55@DOCKER |
tomcat.1.nguiv29tqz55@DOCKER | C:>set CATALINA_HOME=c:\apps\tomcat
tomcat.1.nguiv29tqz55@DOCKER |
tomcat.1.nguiv29tqz55@DOCKER | C:>c:\apps\tomcat\bin\catalina.bat run
tomcat.1.nguiv29tqz55@DOCKER | Using CATALINA_BASE: “c:\apps\tomcat”
tomcat.1.nguiv29tqz55@DOCKER | Using CATALINA_HOME: “c:\apps\tomcat”
tomcat.1.nguiv29tqz55@DOCKER | Using CATALINA_TMPDIR: “c:\apps\tomcat\temp”
tomcat.1.nguiv29tqz55@DOCKER | Using JRE_HOME: “c:\apps\java\jre”
tomcat.1.nguiv29tqz55@DOCKER | Using CLASSPATH: “c:\apps\tomcat\bin\bootstrap.jar;c:\apps\tomcat\bin\tomcat-juli.jar” …

It works perfectly when simply running the same image with “docker run -d -p 8080:8080” etc, everything does work fine when running the image that way! I can access port 8080 etc.

Just in case, someone asks, the windows firewall is off!
:\Users\Administrator>netsh advfirewall show currentprofile

Public Profile Settings:

State OFF

Any clues whats wrong or why I can’t access the published port?
Thanks a lot!
Didier

Here is the exact docker version:
Client:
Version: 17.06.2-ee-7
API version: 1.30
Go version: go1.8.7
Git commit: 925df35
Built: Fri Mar 16 22:29:37 2018
OS/Arch: windows/amd64

Server:
Engine:
Version: 17.06.2-ee-7
API version: 1.30 (minimum version 1.24)
Go version: go1.8.7
Git commit: 925df35
Built: Fri Mar 16 22:39:05 2018
OS/Arch: windows/amd64
Experimental: false

PS C:\Users\Administrator> [System.Environment]::OSVersion.Version

Major Minor Build Revision

10 0 16299 0

docker service inspect tomcat

[
{
“ID”: “nguiv29tqz55dxck668yb5hvn”,
“Version”: {
“Index”: 1624
},
“CreatedAt”: “2018-03-30T14:00:14.0008327Z”,
“UpdatedAt”: “2018-03-30T14:00:15.7650737Z”,
“Labels”: {},
“Spec”: {
“ContainerSpec”: {
“Image”: “192.168.5.130/tomcat:latest@sha256:74a6d024518383dwq71c527f7a0f43beca1850141c2bd934780a61b5c2791f12”,
“DNSConfig”: {}
},
“Resources”: {
“Limits”: {},
“Reservations”: {}
},
“Placement”: {
“Platforms”: [
{
“Architecture”: “amd64”,
“OS”: “windows”
}
]
},
“ForceUpdate”: 0
},
“ServiceID”: “mjmv3wjhsf9gq1lybrvmq27cd”,
“Slot”: 1,
“NodeID”: “4n96lkxy2hf2tfja391bunch8”,
“Status”: {
“Timestamp”: “2018-03-30T14:00:15.6539325Z”,
“State”: “running”,
“Message”: “started”,
“ContainerStatus”: {
“ContainerID”: “990b3d42e8f3eb232b67cee7d7ae1c4efc50101fb7ed4b787a675a711200627b”,
“PID”: 3776
},
“PortStatus”: {}
},
“DesiredState”: “running”,
“NetworksAttachments”: [
{
“Network”: {
“ID”: “w4buysz0zx5ho7tgffls1dcbz”,
“Version”: {
“Index”: 1303
},
“CreatedAt”: “2018-03-29T12:15:38.4048356Z”,
“UpdatedAt”: “2018-03-30T13:12:57.9670584Z”,
“Spec”: {
“Name”: “ingress”,
“Labels”: {},
“DriverConfiguration”: {},
“Ingress”: true,
“IPAMOptions”: {
“Driver”: {},
“Configs”: [
{
“Subnet”: “10.255.0.0/16”,
“Gateway”: “10.255.0.1”
}
]
},
“Scope”: “swarm”
},
“DriverState”: {
“Name”: “overlay”,
“Options”: {
“com.docker.network.driver.overlay.vxlanid_list”: “4096”
}
},
“IPAMOptions”: {
“Driver”: {
“Name”: “default”
},
“Configs”: [
{
“Subnet”: “10.255.0.0/16”,
“Gateway”: “10.255.0.1”
}
]
}
},
“Addresses”: [
“10.255.0.9/16”
]
}
]
}
]