Docker application fails startup health check in TAS/ERT when image exposes multiple ports
search cancel

Docker application fails startup health check in TAS/ERT when image exposes multiple ports

book

Article ID: 430901

calendar_today

Updated On:

Products

VMware Tanzu Platform Core

Issue/Introduction

A Docker-based application deployed to VMware Tanzu Application Service (TAS) for VMs fails during startup with errors similar to:

  • Instance never healthy after 4m0s:
  • Timed out waiting for startup check to succeed:
  • failed to make TCP connection to <container-ip>:<container-port>: connection refused
  • failed to make TCP connection to <container-ip>:<container-port>: connection refused
  • failed to make TCP connection to <container-ip>:<container-port>: connection refused

 

2026-02-24T16:35:17.69+0100 [API/0] OUT App instance exited with guid ########-####-####-####-############ payload: {"instance"=>"########-####-####-####", "index"=>0, "cell_id"=>"########-####-####-####-############ , "reason"=>"CRASHED", "exit_description"=>"Instance never healthy after 4m0.466s: Timed out after 4m0s (120 attempts) waiting for startup check to succeed: failed to make TCP connection to ###.###.###.###:8125: dial tcp ###.###.###.###:8125: connect: connection refused; Timed out after 4m0s (120 attempts) waiting for startup check to succeed: failed to make TCP connection to ###.###.###.###:8793: dial tcp 1###.###.###.###:8793: connect: connection refused; Timed out after 4m0s (120 attempts) waiting for startup check to succeed: failed to make TCP connection to 1###.###.###.###:8794: dial tcp ###.###.###.###:8794: connect: connection refused", "crash_count"=>8, "crash_timestamp"=>1771947317636269822, "version"=>"########-####-####-####-############ "}

 

Even when configuring:

  • health-check-type: http
  • health-check-http-endpoint: /

the platform continues attempting TCP checks on multiple ports.

Environment

 

  • VMware Tanzu Elastic Application Runtime EAR ( formerly TAS)

  • Docker-based application deployment

 

Cause

Some Docker images — particularly those built for Kubernetes — declare multiple ports using the EXPOSE directive in the Dockerfile. E.g

EXPOSE 8080 8125 8793 8794

In ERT/TAS:

  • Diego detects all exposed ports.

  • The platform performs startup health checks against each configured port.

  • If the container does not listen on all exposed ports, health checks fail.

  • The instance is marked as unhealthy and is restarted.

This commonly occurs with multi-role container images, where:

  • The image supports multiple component types (webserver, scheduler, worker, etc.).

  • Not all types open all ports (typically one type opens only one port )

Even when health-check-type: http is configured, ERT/TAS still probe additional exposed ports if they remain configured in the application metadata.

Resolution

R&D is looking into this issue and will provide a fix.

For the time being, the workaound is to set "health-check-type: process". This instructs ERT/TAS to verify that the process is running without performing TCP or HTTP port checks.

Powered by Wolken Software