How to configure RKE2 Windows nodes to run behind an authenticated proxy

This document (000021459) is provided subject to the disclaimer at the end of this document.

Environment

• Downstream RKE2 cluster configured with Windows machines as worker nodes.
• The Windows nodes work behind a proxy with authentication for internet access.

Situation

You have followed the recommended steps to register a new Windows node in a cluster:

• You can add Windows hosts to the cluster by creating or editing the cluster and choosing the Windows option.

• In the upper left corner, click ☰ > Cluster Management.

• Go to the cluster that you created and click ⋮ > Edit Config.
• Scroll down to Node Operating System. Choose Windows. Note: You will see that the worker role is the only available role.
• Copy the command displayed on the screen to your clipboard.

• Log in to your Windows host using your preferred tool, such as Microsoft Remote Desktop. Run the command copied to your clipboard in the Command Prompt (CMD).

• However, as your Windows node runs under a proxy, the registration command would get stuck with the following error message:

• ``` Error writing proxy setting. (87) The parameter is incorrect.

  Current WinHTTP proxy settings:

  Direct access (no proxy server)
  

  - Likewise, a proxy error configuration can be confirmed by checking the 'rancher-wins' logs: - Get-EventLog -LogName Application -Source 'rancher-wins' -Newest 100 | format-table -Property TimeGenerated, ReplacementStrings -Wrap

  . . . {error executing instruction 0: Get "https://index.docker.io/v2/": dial tcp: lookup index.docker.io: getaddrinfow: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.: failed to get image index.docker.io/rancher/system-agent-installer-rke2:v1.27.12-rke2r1} ```

Resolution

In addition to the configuration of Proxy Settings for the Windows Server, under Internet Settings -> Local LAN Settings -> proxy Server Settings, you need to configure authentication for the proxy to solve the issue. This can be configured using the Windows Server tools:

1. Open the start menu and type 'credential manager'.
2. In the new window, select 'Add a Windows Credential'.
3. Add the proxy URL, username, and password.
4. Restart the Windows node.

Once the authenticated proxy is configured from Windows settings, the node should be able to access the internet via the proxy. The node registration should finish as expected after this proxy configuration.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.