DCOM not working in windows

Question

DCOM not working in windows

jvnvenu opened this issue 11 days ago · comments

Environmental Info:
RKE2 Version:
v1.30.1

Node(s) CPU architecture, OS, and Version:
Cluster 1
3 Linux nodes - master - RHEL 8
1 windows - agent - Window server 2022
Cni: flannel
Cluster 2
3 Linux nodes - master - RHEL 8
2 windows - agent - Window server 2019
Cni: flannel

Describe the bug:
Our application is trying to connect a DCOM server from this windows containers.
We are getting RPC unavailable error.
We are using mcr.microsoft.com/dotnet/aspnet:8.0.6-windowsservercore-ltsc2022

We raised Microsoft ticket regarding this but looks like it is related to RKE2 network. Because if I change the network mode to host it is working where as in Cluster mode it is not working

Steps To Reproduce:
wmic /node:**<any windows server Ip>** os get caption

Expected behavior:
Caption
Microsoft Windows Server 2022 Standard

Actual behavior:
ERROR:
Description = The RPC server is unavailable.

Brad Davidson · Answer 1 · Tue Jul 16 2024 00:32:02 GMT+0800 (China Standard Time)

Is DCOM (wmic) to the host expected to work in Windows containers, when not using host network? I'm not seeing how this issue is unique to RKE2. Can Microsoft confirm that this is even supposed to be supported?

jvnvenu · Answer 2 · Tue Jul 16 2024 00:35:43 GMT+0800 (China Standard Time)

With docker desktop it is working

Brad Davidson · Answer 3 · Tue Jul 16 2024 00:42:51 GMT+0800 (China Standard Time)

Docker Desktop isn't Kubernetes?

jvnvenu · Answer 4 · Tue Jul 16 2024 00:47:57 GMT+0800 (China Standard Time)

It supports Kubernetes but I have tried running as a container directly like docker run

jvnvenu · Answer 5 · Tue Jul 16 2024 00:55:30 GMT+0800 (China Standard Time)

One more information 6 months back even RKE2 it works with 2019 but not 2022. At that time we used 1.24* version with calico CNI

jvnvenu · Answer 6 · Fri Jul 19 2024 02:34:02 GMT+0800 (China Standard Time)

@brandond any update on this?

Brad Davidson · Answer 7 · Fri Jul 19 2024 03:12:54 GMT+0800 (China Standard Time)

No, I don't know enough about how DCOM connects to hosts over the container network to even begin suggesting where the problem lies. Did MS have any ideas, other than pointing their finger at the CNI?

jvnvenu · Answer 8 · Fri Jul 19 2024 19:05:27 GMT+0800 (China Standard Time)

@brandond Apart from DCOM I did some analysis found below network issue.

I have a application which is hosting a WCF service on a port 9500 and it is running in a windows container. If I try to access the service from another windows container. APITest is test application to access the service.
Success - PodIP - Target Port - dotnet .\APITest.dll net.tcp://10.42.16.102:9500/
Success - Node IP - Node Port - dotnet .\APITest.dll net.tcp://10.36.254.81:30815/
Fail - ServiceIP - Service Port - dotnet .\APITest.dll net.tcp://10.43.217.208:9500/

To make it more simple i have used windows PowerShell script command
Success - PodIP - Target Port - Test-NetConnection 10.42.16.102 -port 9500
Success - Node IP - Node Port - Test-NetConnection 10.36.254.81 -port 30815
Fail - ServiceIP - Service Port - Test-NetConnection 10.43.217.208 -port 9500

for RPC the port 135 should be accessible. So I tried the same for port 135 the result are same, through service IP it is failing.

If I do the same hosting a service in linux container and try to access from another windows container all 3 combinations succeeded.

So there must some network issue when a service is running in windows container

jvnvenu · Answer 9 · Mon Jul 22 2024 21:20:49 GMT+0800 (China Standard Time)

@brandond any update on the network issue when using service IP and port