To implement failover in nginx we need a immediate 'connection refused' from the servers, otherwise we don't know if there is no service listing on this port. This is not possible with Windows 2016 Server as there is a security function 'stealth mode'. It means that there is not response for closed ports in TCP (no RST - RESET), requests run in timeout. Like this it's impossible to implement failover, because the LB never knows if there is no response from the service because it's slow or because it's not running.
 
Disabling the stealth mode is not possible for single ports, only for the whole machine. Because stealth mode is an important security feature, we don't want to disable it.

Anyone had the same issue and found a solution?