IBM Support

Troubleshooting issues related to docker network- HNS failed with error - or PA Workspace not accessible from outside the NAT

Troubleshooting


Problem

Error when trying to start Planning Analytics Workspace:
Cannot start service pa-gateway: failed to create endpoint pa-gateway on network nat: HNS failed with error : Unspecified error
Execution failed with exit code 1
Or
Planning Analytics Workspace containers are correctly started up, but Planning Analytics Workspace cannot be reached through the web browser. One possible message is "An unknown error has occurred", or a classic HTTP 404 error might occur when the docker network is not accessible at all.

Resolving The Problem

1) Open <PAW>/config/paw.ps1 and check if custom ports are defined. If there is no PAGatewayHTTPPort nor PAGatewayHTTPSPort parameters in that file, then the default values are used (from <PAW>/config/defaults.ps1, which must never be modified). These default values are 80 and 443. Both must be free, whether Planning Analytics Workspace is configured with SSL or not.
If pa-gateway fails to start, then run "resmon.exe" from the Windows Search menu, select "Listening ports", sort by "Port" column, and verify that the Planning Analytics Workspace ports are not in use (they must not appear in the list).
2) If there is a firewall, then verify these ports are not blocked.
3) If there is an antivirus, then exclude these folders (and subfolders), and applications from being scanned:
Folders:
<Your_PA_Workspace_install_path>
C:\ProgramData\Microsoft\Windows\HNS
C:\ProgramData\Docker
C:\Program Files\Docker
Applications:
C:\Program Files\Docker\docker.exe
C:\Program Files\Docker\dockerd.exe
C:\Program Files\Docker\docker-compose.exe
 
4) Let's try to simply regenerate containers first, stop and restart HNS and docker services. Open Powershell in elevated admin mode (right-click Powershell and select "Run as administrator"), run the following commands in order to delete all containers and re-create them (it won't delete the volumes and databases that contain books and users, nor the images):
cd <Your_PAW_install_path>
./scripts/paw.ps1 down
stop-service docker
stop-service hns
start-service hns
start-service docker
./scripts/paw.ps1
After few minutes, verify container states:
./scripts/paw.ps1 ps
As long as the bss-init is still running, the "Planning Analytics Workspace is unavailable" error is displayed on the users' side. Waiting few minutes might be necessary before Planning Analytics Workspace becomes fully operational. If bss-init never stops, this indicates a problem while trying to access the security provider used by Planning Analytics Workspace (either "tm1 or "cam").
5) Try to apply this other document:

6) Download and use the "WindowsContainerNetworking-LoggingAndCleanupAide.ps1" script.
Here is the IBM Documentation about this tool:

How do I handle errors with the Host Network Service (HNS)?

And here is a direct link to the content of this script:

Copy the whole content and paste it into a text editor. Save the file as WindowsContainerNetworking-LoggingAndCleanupAide.ps1
Then, run the following command in Powershell with elevated admin rights (right-click Powershell and select "Run as Administrator"):
.\WindowsContainerNetworking-LoggingAndCleanupAide.ps1 -Cleanup -ForceDeleteAllSwitches
After the script finished its job, run <PAW>\scripts\paw.ps1 in order to regenerate the containers.
There might be cases when after running the Windows container network clean-up script, the docker service is not able to start anymore. It can be resolved by running an extra "Get-ContainerNetwork | Remove-ContainerNetwork -force" command in Powershell.

7) Check the priority order of the network adapters. Run this command in Powershell:
Get-NetIPInterface
It shows the Interface Metric Number of each network card, for example:

ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- --------------                  ------------- ------------ --------------- ----     --------------- -----------
6       Ethernet0                       IPv4                  1500              25 Disabled Connected       ActiveStore
8       vEthernet (HNS Internal NIC)    IPv4                  1500              15 Enabled  Connected       ActiveStore
...

The network adapter having the lowest Interface Metric number has priority. That means that, if the "vEthernet (HNS internal NIC)" card has the smaller Interface Metric number, then Planning Analytics Workspace cannot be accessible from outside the host.

In that case, modify the Interface Metric Number of the ipv4 "vEthernet (HNS internal NIC)" card so that it is higher or equal to the Interface Metric Number of the ipv4 Ethernet card (here "Ethernet0"). For example, in that case, we could try this command:

Set-NetIPInterface -InterfaceIndex 8 -InterfaceMetric 35

The result is as follows:

ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- --------------                  ------------- ------------ --------------- ----     --------------- -----------
6       Ethernet0                       IPv4                  1500              25 Disabled Connected       ActiveStore
8       vEthernet (HNS Internal NIC)    IPv4                  1500              35 Enabled  Connected       ActiveStore
...

It is now necessary to reboot the machine.
 

 

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"Component":"Planning Analytics Workspace;PAW","Platform":[{"code":"PF033","label":"Windows"}],"Version":"Windows Server 2016","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
17 January 2023

UID

ibm11101933

Page Feedback