Unable to start Docker without AD domain connection #785
Comments
jasonbivins
added
area/installer
area/windows 10
kind/bug
status/triage
status/acknowledged
and removed
status/triage
labels
|
Hi @slafave thanks for posting this. I am able to reproduce this so I'll go ahead and report it as a bug. We should have a fix out for it soon. As a possible workaround for your problem - Make sure your local windows user on your laptop is a part of the docker-users local group. You should see it in computer management.
Thanks! |
|
I have the same issue, but my machine is not Domain-Joined. It is workplace-joined, so I am skeptical about access to the DC's being a factor for me. Sadly, I am unable to test as I have downgraded to the stable version, as I need to use Docker today. |
|
This is an issue for me too. Exact same behaviour and it runs fine if I connect to corporate VPN. I have access to Users and Groups on my local laptop (Admin) but when disconnecting VPN the "local user" is no longer authorized to run Docker. |
|
I have the same problem as well. I use AzureAD. For the workaround. |
|
Hi @MartinGroh Did you add your local admin account, or your actual local user account to the docker users group? I'm able to work around the issue by adding my local user account. |
|
Tried to run it as Run as different user and provided credentials for another local user account (COMPUTER_NAME\{your_local_user_account}) which is member of docker-user group. It worked. Though not sure, rest will run as expected or not. |
|
I run as my Azure user, so the “only” local user I have is the admin. |
|
@gregpakes @MartinGroh if you haven't already, can you please run diagnostics and post the diagnostic id so we have details for debugging. |
|
Hi @MartinGroh Are you locked out entirely from Docker, or are you able to access when connected to your domain? |
|
@jasonbivins it works when connected to the domain. It is possible to disconnect once docker runs, but restarting requires again to be connected to the domain. |
|
@chvndb Have you tried the workaround with the local users group? I'm curious to see how that affects the login problem. |
|
Exactly the same issue. I am completely locked out of docker now. I am not local domain joined, I am running Windows 10 with an office 365 account (so AzureAD). I cannot run docker at all, so I am unclear as to how I will get an update to fix this, as usually docker updates itself when it runs (and it wont run to get the update). How would you advise me to move forward from this position? Do I need to go back a version? If so, how would I do that? p.s. I have tried the workaround with adding my user to the local docker group, and that makes no difference (infact, my user was already in that group). Thanks... |
|
@roysbailey - I'm not sure what the official advice will be, but I just downgraded docker to the current stable. Uninstall + reinstall. |
|
Thanks @gregpakes... Do you have a link to the version you went back to? Thanks! |
|
@roysbailey The stable channel. This issue only exists on the Edge channel. |
|
Thanks @gregpakes . I have switched over to the stable channel and I am back up and running. Cheers, Roy. |
|
I don't seem to be able to start docker at all. Not only do I get the message at startup, but also if trying to start docker later
I can't use a local user. The id in question is apparently setup for PIN only - no password exists (in case that's a factor). |
|
I just installed the latest Docker update that flashed up today (I had previously downgraded to the stable version) and this problem is still there for me. I use AzureAD to login to the computer - it's not clear I can add myself to the docker-users group... I am able to run docker as our AzureAD administrator, which is in the docker-users group, by right-clicking Docker for Windows and opting to run as administrator. But then I can't run the docker commands from a non-admin shell - loading up a powershell as admin and running docker looked like it was going to work but triggered a security warning about vpnkit. At this point, I thought I'd downgrade back to the stable branch, but this feature is now in the stable branch so I'm currently having to hunt for previous versions. Boo! |
|
I'm in a similar situation after this morning's update: I'm not a domain admin on my office network, so I cannot add myself to a user group. Running the software as an administrator is, obviously enough, poor security practice. I'd like to roll back to an earlier version until this issue is resolved: Is there one available for download? |
|
Have you tried to log out and re-log in before running Docker for Windows ? Group membership update requires the user to re-log in to happen. |
|
@jayfresh I got the same error but I added "Authenticated Users" group to Docker-users and restarted laptop and it started now. Not sure which it was, could've just been the logout/login alone (for the direct user membership to docker-users to take effect). @VecchioIdraulico not sure about your setup but docker-users is a local group, not a domain group so local admin rights should be enough to add yourself into it? Related to this, I thought that it'd be easy to return to older version but can't actually find them anywhere. Are they somewhere? That should be basic stuff to keep them around in case there are any breaking changes. |
|
@htuomola Thanks. It's a corporate account, and I'm not able to administer it. (That's good security practice in my working context.) I can run Docker as a local admin, but that's not entirely safe. Trying @simonferquel's suggestion - for which, also, thanks - just gets me a toast notification that I can't run Docker because I'm not in the appropriate group. |
|
@htuomola After I logout and login again, I am able to start Docker! Thank you very much!! |
|
@htuomola thanks a lot. Logging out worked!!! |
|
My fix was to add the "Everyone" group to the docker-users group. |
|
Hit the same issue on fresh installer of Docker Tools on my Windows 10 dev box at home, will try the work around's suggested. |
|
I encountered this issue and a logout/login resolved it. |
|
If we get this issue fixed soon, it will be better and easy for windows users to kick start with Docker.. |
|
Same issue here. Thanks, guys, for working on a solution. Very useful. |
|
I use the latest stable version of Docker on Windows 10, can run Docker under an admin account, but not under my user account (which is in the At the very least, this error message is misleading, as I am in fact "part of the docker-users group". Workaround: I added "Authenticated Users" group to |
|
Upgraded to 17.09.0-ce-win32 (13529) on win10 enterprise 1607 (14393.1715) today. |
|
Main issue above replicated as AzureAD user was not by able to share a drive even as admin of computer. windows version |
|
Guys, I am having the same issue. Could anyone please explain how one can add oneself to the docker-users group? What are the actual steps? Thank you |
|
@dl7631 The docker-users group is a local users group on your machine. You can add yourself to it through the Windows GUI here |
|
alternatively if you can create a local user admin on the machine and install it that user and share your dirve it will also work. |
|
Adding "Local account" to docker-users solved the problem for me. Though I'm sure that probably opens up security issues. |
|
Still an issue. I even added everyone to the docker-users group and it doesnt work |
|
Docker version 18.03.1-ce, build 9ee9f40 still has the issue. All users are added to docker-users group!!! |
|
Resolved. I must login to active directory and add myself into docker-users group. I was using local account and that's why it failed. |
|
In certain Windows versions you might not have the "Local Users and Groups" option in the Computer Management. I used the following command to add my username to the docker user group: |
|
Thank you @nfunky. That solved my problem. I'm working on a personal laptop and didn't have Local Users and Groups. |
|
For those using AzureAD as domain and thus can't find your user in the Local Users and Groups, try reinstalling Docker Desktop while logged in as your AzureAD user. That worked for me. |
|
If you're using AzureAD, you can also try adding the account with net localgroup (even if you can't find the user in Local Users and Groups): |
|
Is there any updates for this issue? I'm having the same problem with an external user, although my user is already in the group, I still can't run docker |
|
I'm new to this. I don't have a work/school email but do want to set up docker for home media sharing for fun with nextcloud i logged in with my google account on docker, but it keeps crashing for some reason? I've been following Raid Owl's guide on youtube, not sure why docker keeps crashing on me? last thing: I'm using a windows 11 laptop with a Ryzen 7 processor |
|
I was able to resolve the issue, Thanks to @htuomola idea, |
@duncancoppedge Can you guide how did you add AD user to docker-group. My entra user logged in to laptop yet i'm not able to add it to group. His name not coming in select user pop up window. |
and others
Expected behavior
When running outside my company network with my VPN disconnected, I should be able to start and use Docker.
Actual behavior
After updating to the newest edge build, 17.06.0-rc1-ce-win13 (12433), I get an error "Unable to start Docker, you must be part of the docker-users group". It is only when I connect my VPN or connect to the internal company network, thereby getting a connection to a domain controller, that I can start docker. My AD account is indeed part of the local docker-users group, but the docker startup security check seems to only validate that local group membership if it can verify my AD account with an AD DC.
Information
Steps to reproduce the behavior
The text was updated successfully, but these errors were encountered: