Search the VMware Knowledge Base (KB)
View by Article ID

VIC Container fails to start with the error: "unable to wait for process launch status" (2151691)

  • 0 Ratings

Symptoms

  • In the Docker client, you see error message similar to:

    docker: Error response from daemon: Server error from portlayer: unable to wait for process launch status: summary.runtime.powerState=poweredOff.
  • Container is attached to a --container-network and the docker option --ip is not being set.
  • The tether.debug file, located on the VMFS datastore that the VM container's working directory contains error similar:

    Sep 14 2017 20:37:24.146Z ERROR error sending dhcp request: Got NAK from DHCP server
    Sep 14 2017 20:37:24.163Z ERROR failed to apply network endpoint config: Got NAK from DHCP server
    Sep 14 2017 20:37:24.169Z INFO Stopping extension Attach
    Sep 14 2017 20:37:24.193Z ERROR attach server is not enabled
    Sep 14 2017 20:37:24.197Z WARN Failed to cleanly stop extension Attach
    Sep 14 2017 20:37:24.201Z INFO Stopping extension Toolbox
    Sep 14 2017 20:37:24.170Z INFO Stopped reaping child processes
    [ 6.469562] reboot: Power down


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs because multiple separate DHCP servers are receiving and replying to the container DHCPRequest request. When the container accepts an offer of one DHCP server , the other separate DHCP servers will respond with DHCPNACK if the accepted IP is not within their separate DHCP IP pools. This is because the DHCP protocol uses broadcast until IP assignment is provided to allow for unicast.

Resolution

To resolve this issue:
 
  1. Validate that the network has multiple DHCP servers that are not in a cluster.
  2. Remove any rouge DHCP services. If needed, isolate the --container-network using a VLAN to ensure only one DHCP server is providing services.
    Packet captures can help find which DHCP servers are responding to the container and track down any that do not belong on the network.

    Example commands at different capture points:

    From ESXi host:
    pktcap-uw --uplink vmnic# --proto 0x11 --outfile /tmp/packet.pcap

    From any VM attached to the same DVS portgroup:
    tcpdump -i eth1 -vvv -n port 67 and 68 -w /tmp/packet.pcap

    The captures can be reviewed with wireshark or tcpdump in replay mode.

    Example for capture:

    Note the DHCP-Message and Server-ID points to the DHCP server IP:

    tcpdump -Xvvr /tmp/packet.pcap

    20:37:13.607723 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    192.168.18.1.bootps > 255.255.255.255.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 300, xid 0x7498beb0, Flags [Broadcast] (0x8000)

    Your-IP 192.168.18.209
    Client-Ethernet-Address 00:50:56:a3:ab:03 (oui Unknown)
    Vendor-rfc1048 Extensions
    Magic Cookie 0x63825363
    DHCP-Message Option 53, length 1: Offer
    Server-ID Option 54, length 4: 192.168.18.1
    Lease-Time Option 51, length 4: 7200
    Subnet-Mask Option 1, length 4: 255.255.255.0
    Default-Gateway Option 3, length 4: 192.168.18.1
    Domain-Name-Server Option 6, length 8: 192.168.18.2,10.16.65.110

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: