Docker for windows loses the ability to bind to localhost (0.0.0.0)

[zayscue]

Expected behavior

When I run a simple docker as follows:
docker run --name redis.local -p 6379:6379 -d redis
or when a I write a docker compose file like so:
version: '3'
services:
ethel2fred.api:
image: ethel2fred.api
build:
context: ./src/Services/Migration/Ethel2Fred.Api
dockerfile: Dockerfile
processing.api:
image: processing.api
build:
context: ./src/Services/ProcessingCore.Api
dockerfile: Dockerfile
ports:
- "5000:80"
depends_on:
- redis.data
- rabbitmq
status.api:
image: status.api
build:
context: .\src\Services\Status.Api
dockerfile: Dockerfile
depends_on:
- rabbitmq
- redis.data
redis.data:
image: redis:nanoserver
rabbitmq:
image: spring2/rabbitmq
ports:
- "15672:15672"
- "5672:5672"
docker for windows should bind my defined services to localhost and forward the ports to the ones I have specified above.

Actual behavior

For some reason the expect behavior I have described above stops working on Windows 10 Pro. When I first installed docker for windows on a fresh image of Windows 10 Pro the expect behavior worksed perfectly for both linux containers as well as windows containers. However randomly over time this functionality stops working and I get an "Error response from daemon: driver failed programming external connectivity on endpoint redis.local (c7f759e6146e239460a8050d4979bbce46b38ec830fc34b4cc80ad8a586e7142): Error starting userland proxy: Bind for 0.0.0.0:6379: unexpected error Permission denied" error message when I try to the port forwarding for linux containers and the windows containers just starting being assigned other internal ip addresses.

Information

I have tried uninstalling and reinstalling docker for windows as well as trying a factor default reset. Neither of these solutions worked; the only thing that I have found to work is to completely reinstall windows.

[jasonbivins]

It sounds like there's a stuck Vswitch that's holding the port.

netcfg -d --this will clean up all networking devices, and requires a reboot

[zayscue]

I tried your suggestion however the windows containers are still not binding to my localhost address. When I run docker ps I get the following output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3841b2d97a21 processing.api:dev "C:\remote_debugger\…" 2 minutes ago Up About a minute 0.0.0.0:5000->80/tcp dockercompose5827100674157232140_processing.api_1
597884aec60b status.api:dev "cmd /c 'start /B C:…" 2 minutes ago Up About a minute 0.0.0.0:20621->80/tcp dockercompose5827100674157232140_status.api_1
fda17ddbbc41 ethel2fred.api:dev "cmd /c 'start /B C:…" 2 minutes ago Up 2 minutes 0.0.0.0:19072->80/tcp dockercompose5827100674157232140_ethel2fred.api_1
d77e1521ef65 spring2/rabbitmq "powershell -Command…" 2 minutes ago Up 2 minutes 4369/tcp, 0.0.0.0:5672->5672/tcp, 5671/tcp, 0.0.0.0:15672->15672/tcp dockercompose5827100674157232140_rabbitmq_1
cc337c5cfa4c redis:nanoserver "redis-server.exe C:…" 2 minutes ago Up 2 minutes 0.0.0.0:6379->6379/tcp dockercompose5827100674157232140_redis.data_1
however I try to visit http://localhost:5000/ to access my processing.api:dev container it gives my an "Failed to connect to localhost port 5000: Connection refused" error message.

[mlmeyers]

@zayscue if running win ver: 16299.248 issue could be related to: #1707

[llorllale]

I'm having this same issue on Microsoft Windows [Version 10.0.16299.371].

Following through with the MS KB from #1707 did not work because the port I'm trying to map is not shown as reserved by the netsh utility. Scratch that, the port was in use. I found the culprit using netstat -abn | less

[rodzi]

I have been experiencing the same issue. Restarting docker from the system tray fixes the issue for me. Unfortunately I have to do this every time I turn the machine on.

[rn]

@rodzi could you try the latest Edge release? You may be experiencing an issue with fast restart, which should be fixed in the latest Edge.

[rodzi]

@rn I am on the latest version of edge. (Windows 10 pro 10.0.17134 Build 17134)

[rn]

@rodzi I mean Edge channel for Docker for Windows. Could you provide the version from "About Docker" from the whale systray menu?

[rodzi]

Version 18.03.1-ce-win65 (17513) Channel: stable 93354b3

…

On Wed, Jun 20, 2018 at 8:04 AM Rolf Neugebauer ***@***.***> wrote: @rodzi <https://github.com/rodzi> I mean Edge channel for Docker for Windows. Could you provide the version from "About Docker" from the whale systray menu? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1804 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ALGX3qYmQChBEb4nbTKZwb2ixjl5E1hIks5t-lZZgaJpZM4SiG9l> .

-- Dan

[coatsnmore]

netcfg -d cleaned it up for me and docker now starts correctly.

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[bigjonroberts]

/remove-lifecycle stale

[navarq]

1. Find out if any docker images use Redis:

    docker ps -a
   

2. Remove any images using docker Redis:

    docker rm <IMAGE ID>
   

3. Restart docker with the system tray app

4. Restart docker Redis

    docker run -d --name redis.local -p 6379:6379 -d redis
   

5. Insure the new instance is running:

    docker ps
   

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[nmccready]

This issue is a serious hamper to productivity, can we please remove the lifecycle/stale label.

[juniormayhe]

netcfg -d cleaned it up for me and docker now starts correctly.

that is dangerous command, it corrupted my docker and it does not start up anymore. Even after reinstalling HyperV. and rebooting machine. It seems that this command removes several network adapters. Also restart does nothing. I had to reset (loose) containers and images but that led me to another issue :

error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/vxxx/version: open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.

[nemetht]

Having the same issue. Nothing I've found helps:

• Restart Docker service
• netcfg -d
• Reinstall/Reset Docker and HyperV
• Nothing occupies the port (netstat -ban | grep 1433)

See the command and result below

docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=YourStrong!Passw0rd' -p 1433:1433 --name sql1 -d mcr.microsoft.com/mssql/server:2017-latest
500723d72a7d48fa44d79f98ed26e6847d597b4b286b715306ec7a32831e8cf3
docker: Error response from daemon: driver failed programming external connectivity on endpoint sql1 (104386c0391471a745a474e91c25e4f702c44e7edcbce468982de52f20f676a1): Error starting userland proxy: Bind for 0.0.0.0:1433: unexpected error Permission denied.

[imv7]

I'm having same issue, figuring out a firewall local

[imv7]

But in my case no, docker container ls shows that the port is already running.

[nemetht]

• netcfg -d

It did help after stopping the docker service, then restarting. Still it is a dangerous command.

[Alex-Rom]

This solution worked for me:

1. Disable Hyper-V
2. Reserve the port so Hyper-V cannot reserve it
3. Re-enable Hyper-V
   Based on these answers:

• Stanisalv Dontsov's answer on https://stackmobile.com/stackoverflow/questions/48478869
• enashed's answer on GitHub: Unable to bind ports: Docker-for-Windows & Hyper-V excluding but not using important port ranges #3171

[william76]

I get this same kind of behavior, but for Jenkins... It worked fine for a few days then just stopped and I can no longer bind 0.0.0.0:50000.
I'll check out some links and see what I can do but I'm about to the point where I'm just going to delete docker entirely from my system...

[ericblade]

Attempting to do same with Jenkins, getting failure when adding port mapping for 50000.

Following the above stackmobile answer to turn off HyperV, reserve port, then turn HyperV back on, results in a "The file is already in use" sort of error, which seems to indicate that it can't reserve port 50000 even when HyperV is off. netstat -an shows nothing occupying the port. Same answer is on #3171 and doesn't work. something appears to be occupying 50k, but no one wants to fess up as to who. :-S

[michaeldisaro]

I confirm that Jenkins is doing the same thing for me...

[michaeldisaro]

As stated here the option is to kill whatever is using the port and to reserve it by using:

• netsh int ipv4 add excludedportrange protocol=tcp startport=XXXXX numberofports=XXX

In my case I found there was Windows Store using that port once I restarted.

[ericblade]

@michaeldisaro ... ? how did you discover that? netstat -abn shows nothing when i do that. the excludedportrange thing isn't working, it says "file in use" which is same as "port in use" or "already in excluded range" as far as i can tell...

ofc, i also discovered that it doesn't entirely matter so much, as i can't get jenkins to run as i want it to, due to lacking host networking in windows docker... so i won't be able to use the same docker to build things from jenkins. so i'll be running jenkins on the bare machine, i think. Seems there is a transparent networking option that works similar if i convert to Windows Containers, but i don't think i want to mess with something that experimental.

[michaeldisaro]

@ericblade I used first the answer by @nemetht, typed "netcfg -d" and rebooted.

After the reboot I continued having problems and tried to apply @Alex-Rom reported solution getting the "file in use" error, after a few tries I noticed that 50k port was really being used this time!

So I killed the process, reserved the port, activated HyperV, et voilà Jenkins started again.

For my needs I don't need connecting to host, I configured Jenkins to build my dotnet project by pulling it from git and to deploy the artifact to an online cloud vps. Everything is working.

I can notice docker for windows is lacking some features, but I adopted it recently and I'm liking it anyway, I'd just like to have a way to connect to MobyVM to change containers' configuration files to match changing needs (for example with hostconfig you could change port mapping). I wish they will implement this.

[waynesi]

I got the same error when starting the MS SQL Server on Linux containner and mapping to localhost 1433. It happened all of sudden as I've been using the same script to start the same container for very long time.

Try to bind python -m http.server 1433 --bind 0.0.0.0 to port 0.0.0.0:1433, failed as well.

netstate -abn showed no processes using the port.

Tried netcfg -d, didn't work.

Uninstalled Hyper-V, tried python http server on the port, succeeded.

Reinstalled Hyper-V, immediately failed.

At the end, found out running "net stop winnat" before starting my SQL Server container cast the magic.

Now included the net stop and net start in my script. But still don't know the root cause as I was able to use the same script, same container, same docker version for quite a while.

[mdrichardson]

@waynesi Is net stop/start winnat still working well for you? It helps for me, but Docker occasionally keeps a port or two reserved. Not sure of another workaround for it.

[waynesi]

Hi @mdrichardson Sorry for delayed reply. Yes net stop/start still works well. But my ultimate solution was using netsh int ipv4 add excludedportrange tcp to permanently exclude the ports I need from Hyper-V reservation. Hope it helps.

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked