1. Describe your incident:
I’m trying to create a Windows Container with Graylog Sidecar and Fluentd, but when I run the container, I receive this message in the log:
level=fatal msg=“The service process could not connect to the service controller.”
Service logs, configurations, and environment variables:
sidecar log:
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_SERVER_URL}’ with ‘https://redacted/api/’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_SERVER_API_TOKEN}’ with ‘redacted’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_UPDATE_INTERVAL}’ with ‘10’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_TLS_SKIP_VERIFY}’ with ‘true’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_SEND_STATUS}’ with ‘true’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_LIST_LOG_FILES}’ with ‘’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_NODE_ID}’ with ‘Fluentd-Windows-Docker’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_NODE_NAME}’ with ‘windows-fluentd-docker’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_COLLECTOR_ID}’ with ‘’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_LOG_ROTATION_TIME}’ with ‘86400’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“[ConfigFile] Replacing config environment variable ‘${GS_LOG_MAX_AGE}’ with ‘604800’”
time=“2022-04-26T00:59:22-03:00” level=info msg=“Using node-id: Fluentd-Windows-Docker”
time=“2022-04-26T00:59:22-03:00” level=fatal msg=“The service process could not connect to the service controller.”
3. What steps have you already taken to try and solve the problem?
Tried to play with different kind of configurations, like different entrypoints (first powershell or cmd, and after that a bat script that run the graylog-sidecar executable with -c to point to sidecar.yml config, or directly as entrypoint the graylog-sidecar executable with -c to point to sidecar.yml config), with no luck.
4. How can the community help?
Anybody tried to use Graylog Sidecar inside a Windows Docker Container with success? The idea here is to use Fluentd newest input in_windows_eventlog2 of fluentd, that can collect Windows Event Logs remotely, so I can do it from inside a Docker Container, controlling the versioning with Docker and the configuration with Graylog Sidecar.
Thanks in advance for your help.
Regards,
Alejandro
Reading about this in other technologies, I think maybe is related to this:
Collector doesn’t start in Windows Docker containers
The process might fail to start in a custom built, Windows-based Docker container, resulting in a “The service process could not connect to the service controller.” error message.
In this case, the NO_WINDOWS_SERVICE=1 environment variable must be set to force the Splunk OpenTelemetry Collector to start as if it were running in an interactive terminal, without attempting to run as a Windows service.
Is somebody know if there is a similar environment variable for Graylog Sidecar, like the mentioned NO_WINDOWS_SERVICE?
By chance what does you .yml file look like? The reason I ask was this in your logs.
Correct me if I’m wrong but I would assume it should have looked like this.
GRAYLOG_SERVER_API_TOKEN
I do have a question with this. If your Windows container is functioning is there access using like RDP, or something similar?
If so, then can you logon to this windows node and download Graylog sidecar from w Web UI?
Windows Containers are really different on how do they work on many ways to Linux Containers (in a bad way, )
About your question of GS_X environment variables, I think they refer to Graylog Sidecar, and that is the reason. For instance, on Linux Containers they are working right.
The Windows container image that I’m using, which is servercore:ltsc2019, I think don’t have RDP option, but I didn’t review that. Anyway, is not common to access to a container using RDP or SSH, you access using “docker exec” commonly.
I’m doing the installation of the Graylog Sidecar and Fluentd binary with a Dockerfile. Here is the file:
I see your running Windows Server 2019 core? Is this correct? If so that sucks on my plan for logging into the windows container and downloading Graylog sidecar through browser. It can be done through PowerShell thou if permissions will allow it.
Second, Windows server 2019 Core/Desktop does have RDP but you need to enable it through the server Manager.
My apologies, I don’t think I explain this well. I was looking at creating a Windows Docker container and then log into it using RDP session. Once you in the Windows environment you can down load it through the Browser and/or PowerShell. Not sure if that would help but its an idea if the Windows server 2019 is running. I believe once that is functioning you can make a copy of that container.
Just an Idea, sorry I can be more help but if I run into a situation like yours I post back here.