I’ve been running the connector in Docker Desktop on this server for a few months with few issues (occasionally have to manually restart the container when it gets stuck in a ‘All nameservers failed’ loop).
Several days ago, though, it started hanging at ‘State: Authentication’ :
I have tried restarting the container, restarting the server, and recreating the connector with new tokens (which usually solves any issues) but the connector still fails to connect.
–
I don’t know if it’s relevant, but I’ve always had to manually create the container in Docker Desktop, specifying the environment variables. When I try to run the script generated by the Twingate Admin portal, I just get a ‘>>’ prompt and the container isn’t created:
One thing I might suggest - try removing the grave quotes around hostname (so it would be TWINGATE_LABEL_HOSTNAME="hostname") or drop that ENV var entirely. That is potentially where the issue may be coming from, as that line is designed to pull the hostname from a linux based system to populate that ENV var, but it is not a hard requirement for the connector, I don’t believe, and the >> prompt is often the command prompts way of dealing with an open quote that was never closed properly.
I just installed another DC and was going to let it run a connector as well.
I had pre-installed the Docker connector on this server off-site and it was connecting properly when I first brought it on-site.
Once I joined it to the domain and promoted it to a DC, it’s doing the same thing - hanging at Authentication. I didn’t think to check between joining the domain and promoting to a DC.
I’ve tried disabling Windows Firewall but it has no effect.
Can you think of any other reason joining the server to the domain would prevent authentication?
(I tried removing the single-quotes from ‘hostname’ and it caused an error. I didn’t think to copy it, but something about missing a required parameter.)
Hi @Mike I was looking through your post. Trying to follow your steps, you are installing the Windows services, docker containers, joining to the domain and then promoting to a DC.
Is this a single dc in a remote site?
Is your design to have all services running on a single device just for local logins etc or do you want to run DFS/local File shares and applications/database access?
What type of hardware do you have this server running on?
Are your containers running in Windows HostProcess/Priveleged Containers? (I ask this because it sounds like the security policy for Domain Controllers is blocking the authentication process)
The Docker connectors “magically” came online this morning, so it’s no longer an issue (assuming they remain online.)
To answer your questions, anyways, though,
This is our only site, which is small - 2 physical servers (Windows 2022), one a dedicated DC and one a host for 2 virtual machines, (a Windows file server and a 2nd DC).
Docker Desktop and the Twingate Connector was installed through an admin account on the physical DC and the virtual host OS, both using Hyper-V instead of WSL.
