0 0 Share PDF

Unable to join Windows worker node to UCP cluster

Article ID: KB000453


Even after running the Windows node setup script and running the docker swarm join command, UCP is showing the node as unavailable.

On Windows worker node side, join seems to be successful:

PS C:\Users\Administrator> docker swarm join --token SWMTKN-... 
This node joined a swarm as a worker. 

However, on UCP UI, the node is showing heartbeat failure.

This symptom in general indicates a communication issue between a worker node and UCP managers such as firewall or proxy server settings.

If you have UCP 2.2.4, this could be because of a known issue with setup script. Here are steps to verify.

  1. List all the ports configured by Windows node setup script:

    Get-NetFirewallRule | Where { $_.DisplayName –like ‘docker*'} | Get-NetFirewallPortFilter
  2. Make sure all ports listed in system requirements are open for both TCP and UDP protocols. Specifically, your Windows node may lack entries for UDP at port 7946.


The following steps will open the required ports and then have the node try to rejoin:

  1. From UCP Admin UI, force remove the failing Windows node.

  2. Log into the worker node and leave the swarm using this command:

    docker swarm leave
  3. Open port 7946 for both direction for UDP:

    netsh advfirewall firewall add rule name="docker_7946_in UDP" dir=in action=allow protocol=UDP localport=7946 | Out-Null;
    netsh advfirewall firewall add rule name="docker_7946_out UDP" dir=out action=allow protocol=UDP localport=7946 | Out-Null;
  4. Restart Windows node.

  5. Run swarm join command again.

  6. Go back to UCP Admin UI, and wait few minutes for the node to initiate.

What's Next

Windows node setup script will be fixed such that it will open port 7946 for UDP in future releases of UCP.