Problem with Docker on Windows Server 2019: not running Linux containers - windows

I was trying to install Docker on a fresh Windows Server 2019 using this guide (other guides seem to use the same procedure).
NB: I was given a Windows Server 2019 with Hyper-V installed, but with no virtual machine.
My installation commands were:
Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All -NoRestart
Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Restart-Computer –Force
And then:
Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true
Which returns an error:
Get-VM : Hyper-V was unable to find a virtual machine with name "WinContainerHost".
At line:1 char:1
+ Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtens ...
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (WinContainerHost:String) [Get-VM], VirtualizationException
+ FullyQualifiedErrorId : InvalidParameter,Microsoft.HyperV.PowerShell.Commands.GetVM
Now, my first question is: what is WinContainerHost? Who did create it? I cannot see it in my Hyper-V Management Console.
Nevertheless, I try to go on with the Docker installation process:
Install-Module DockerProvider
Install-Package Docker -ProviderName DockerProvider -RequiredVersion preview
[Environment]::SetEnvironmentVariable(“LCOW_SUPPORTED”, “1”, “Machine”)
Restart-Service docker
After the process, typing docker --version, I get:
Docker version 17.10.0-ee-preview-3, build 1649af8
It seems that Docker is installed. I then try to launch a container with:
docker pull nginx:latest
which results in:
latest: Pulling from library/nginx
33847f680f63: Extracting [==================================================>] 27.15MB/27.15MB
dbb907d5159d: Download complete
8a268f30c42a: Download complete
b10cf527a02d: Download complete
c90b090c213b: Download complete
1f41b2f2bf94: Download complete
failed to register layer: failed to start service utility VM (applydiff 8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a):
container 8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a_svm encountered an error during CreateContainer: failure in a
Windows system call: The virtual machine could not be started because a required feature is not installed. (0xc0370102) extra info: {"SystemType"
:"container","Name":"8f46920b86bdcdab20b89a73c657f59c52f0271fd2fa27bf87bb875c55c11f7a_svm","Layers":null,"HvPartition":true,"HvRuntime":{"ImagePath"
:"C:\\Program Files\\Linux Containers","LinuxInitrdFile":"initrd.img","LinuxKernelFile":"bootx64.efi"},"ContainerType":"linux",
"TerminateOnLastHandleClosed":true}
My intuition tells me that the problem is with the Get-VM WinContainerHost | Set-VMProcessor -ExposeVirtualizationExtensions $true, but I cannot find a way to solve it.
Could someone please give me more insight on this? Thanks in advance.

Related

MSIX in Docker container

Does anyone know how to install an MSIX package into a Docker container?
Currently my Dockerfile does the following:
Install PFX certificate to "Trusted Root Certification Authorities", which is specified by "Cert:\LocalMachine\Root" in the PowerShell command.
Copy MSIX package from network drive.
Install MSIX as an app. (Fails)
Remove local copy of MSIX package.
Dockerfile:
RUN powershell $pwd = ConvertTo-SecureString -String 'CeRtPaSsWoRd' -AsPlainText -Force; Import-PfxCertificate -Password $pwd -FilePath "R:/app-stream-cert.pfx" -CertStoreLocation Cert:\LocalMachine\Root \
&& copy "R:/mcre-22-r2-x64.msix" "C:/" \
&& powershell Add-AppPackage -path "C:/mcre-22-r2-x64.msix" \
&& del "C:/mcre-22-r2-x64.msix"
I have this error:
Add-AppPackage : Deployment failed with HRESULT: 0x80073D19, An error occurred
because a user was logged off.
error 0x80073D0A: Failed to install package
AnsysInc.mcre-22-r2_22.2.0.0_x64__13gfg92hgbc9g because the firewall service
is not running. Ensure that the firewall service is enabled and started.
NOTE: For additional information, look for [ActivityId]
b9bbd738-fed5-0000-fec9-bdb9d5fed801 in the Event Log or use the command line
Get-AppPackageLog -ActivityID b9bbd738-fed5-0000-fec9-bdb9d5fed801
At line:1 char:1
+ Add-AppPackage -path C:/mcre-22-r2-x64.msix
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (C:\mcre-22-r2-x64.msix:String) [A
dd-AppxPackage], Exception
+ FullyQualifiedErrorId : DeploymentError,Microsoft.Windows.Appx.PackageMa
nager.Commands.AddAppxPackageCommand
I've tried enabling firewall service in the container and on the host machine using powershell Start-Service -Name mpssvc. I'm able to enable firewall service on the host, but not in the container. Some posts indicate that Windows Docker containers share firewall service with their host. However my 0x80073D0A error still persists.
Environment info:
Docker engine version 20.10.21
Base image mcr.microsoft.com/windows:20H2
Host OS Win 10 Pro 10.0.19044.2251

Installing Print-Server on windows docker contaiener container fails

I am running a fresh mcr.microsoft.com/dotnet/framework/runtime:4.8-windowsservercore-ltsc2019
The first thing I try to do is install Print-Server but gives me an error (It is the first time I am installing a windows feature with powershell):
add-WindowsFeature -Name Print-Server
add-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source
location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f081f
At line:1 char:1
+ add-WindowsFeature -Name Print-Services -IncludeAllSubFeature
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (#{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand
I have tried to mount my host WinSxS inside the container and use the sources folder , but I get the same error.
Install-WindowsFeature -Name Print-Server -Source c:\sources
I have also tried online with Enable-WindowsOptionalFeature but gives me this error :
PS C:\> Enable-WindowsOptionalFeature -Online -FeatureName Print-Server
Enable-WindowsOptionalFeature : Feature name Print-Server is unknown.
At line:1 char:1
+ Enable-WindowsOptionalFeature -Online -FeatureName Print-Server
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-WindowsOptionalFeature], COMException
+ FullyQualifiedErrorId : Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand
Looking at other questions this part seams to be working for other people. I am running windows 10 enterprise 2004.
Does someone know what can I do ?
From here:
The mcr.microsoft.com/windows image should be the targeted base image.
Other Windows container base images (such as Nano Server and Windows
Server Core) do not carry the Printing Server Role.

Not able to install packages using chcolatey in docker container

I am building a windows container with following software installed
Notepad++
MariaDB
HeidiSQL
.NET Framework 2.0 and 3.5
This is the docker image I created.
https://hub.docker.com/repository/docker/mhhaji/winserver2016_base
What I tried :
Steps to run the container
docker run --name mycontainer mhhaji/winserver2016_base:v1 ping -t localhost
docker exec -it mycontainer powershell
Once powershell is running,
I execute the following commands
Get-PackageProvider
#Chocolatey is not existing so I install chocolatey
Find-Package -Provider chocolatey
#Enter [Y] when prompted
#Install notepad++
Find-Package -Provider chocolatey -name notepad*
I get the following error
PS C:\> Find-Package -Provider chocolatey -name notepad*
WARNING: NuGet: The request was aborted: Could not create SSL/TLS secure channel.
PS C:\> Find-Package -Provider chocolatey -name mariadb
Find-Package : No match was found for the specified search criteria and package name 'mariadb' as registered package sources.
At line:1 char:1
+ Find-Package -Provider chocolatey -name mariadb
+ Categorylnfo : ObjectNotFound: (Microsoft.Power...ets.FindPackage:FindPac
+ FullyQualifiedErrorld : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManage
PS C:\> Get-PackageSource
Name ProviderName IsTrusted Location
chocolatey Chocolatey False http://chocolatey.org/api/v
PSGallery PowerShellGet False https://www.powershellgalle
PS C:\> Get-PackageParameters
Get-PackageParameters : The term 'Get-PackageParameters' is not recognized as the name
o program. Check the spelling of the name, or if a path was included, verify that the path
At line:1 char:1
+ Get-PackageParameters
+ Categorylnfo : ObjectNotFound: (Get-PackageParameters:String) [], Command
+ FullyQualifiedErrorld : CommandNotFoundException
PS C:\> Get-PackageProvider
Name Version DynamicOptions
Chocolatey 2.8.5.130 SkipDependencies, ContinueOnFailure,
ExcludeVersion,ForceX86, PackageSaveMode, FilterOnTag, Contains,
AllowPrereleaseVersions, Conf
msi 3.0.0.0 AdditionalArguments
msu 3.0.0.0
PowerShellGet 1.0.0.1 PackageManagementProvider, Type, Scope, AllowClobber,SkipPublisherCheck, InstallUpdate, NoPathUpdate, Filter, Tag, Includes, DscRes
Programs 3.0.0.0 IncludeWindowsInstaller, IncludeSystemComponent
I was able to download chocolatey so connecting to external endpoints doesnt seem to be a problem.
Update:
Seems like nuget is not installed in my image. Looking for solution but not able to find.
Make sure your system is able to support TLS 1.2 as that is necessary for chocolatey to run
PS> [Enum]::GetNames([Net.SecurityProtocolType]) -contains 'Tls12'
Enable TLS 1.2 for your system
PS> [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Finally install chocolatey directly from source
PS> iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'));

Windows service on docker does not start

I've created a C# WCF Windows service app in VS 2017 and added Docker Support.
The following Dockerfile was created:
FROM microsoft/dotnet-framework:4.7.1-windowsservercore-1709
ARG source
WORKDIR /app
COPY ${source:-obj/Docker/publish} .
ENTRYPOINT ["C:\\WcfService.exe"]
When I build it using docker-compose in VS I get an error:
Cannot start service from the command line or a debugger. A Windows
Service must first be installed (using installutil.exe) and then
started with the ServerExplorer, Windows Services Administrative tool
or the NET START command. The program '[2172] WcfService.exe' has
exited with code 0 (0x0).
I've opened PowerShell and typed docker ps - the container is running.
So I used New-Service command and to create "TestService".
When I use Get-Service to see all services, I can see it in the list in 'Stopped' mode.
When I use Start-Service TestService I get the following error:
Start-Service : Failed to start service 'TestService (TestService)'.
At line:1 char:1
+ Start-Service TestService
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController)
[Start-Service], ServiceCommandException
+ FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand
Tried to find info but nothing works. Any ideas?
Ok, so I took Jeroen's advice and dug deeper to see the event viewer. I used some filters on the 'Get-EventLog' command to get the relevant error line and stored it in a variable
$A = Get-EventLog -LogName System -Newest 10 -Source "Service Control Manager" | Select *
Then, I formatted it nice using something like:
$A | Format-List -Property *
and got the exception.
Apparently it has something to do with a C++ dll my app is using. It could be missing or the environment has trouble running it, but that's another issue which I believe I can solve.
Hope that helps others running into similar issues. Thanks.

Windows 2016: Docker container error

I'm using docker on Windows server 2016, I have created a container using the "microsoft/windowsservercore:latest" image.
On this image i have installed "Print-Server" role but when I try to call "Get-Printer" cmdlet I obtain an error with the spooler service.
These are the commands used to recreate the problem:
docker run -d --name testspoolererror1 microsoft/windowsservercore:latest ping -t localhost
docker exec -it testspoolererror1 powershell
Install-WindowsFeature Print-Server
Set-Service spooler -StartupType Automatic
Start-Service spooler
Get-Service spooler
Get-Printer
This is when I receive the error:
Get-Printer : The spooler service is not reachable. Ensure the spooler service is running.
At line:1 char:1
+ Get-Printer
+ ~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_Printer:ROOT/StandardCimv2/MSFT_Printer) [Get-Printer], CimException
+ FullyQualifiedErrorId : HRESULT 0x800706ba,Get-Printer
In the event viewer i found the error:
The Print Spooler service terminated unexpectedly. It has done this 2 time(s).
Can Anyone help me to solve this problem?
Because Windows containers are sharing same kernel with host machine you cannot have spooler running on both same time. So stop and disable spooler from host and you are able use spooler on one container on that server.
Here is fixed set of commands:
Stop-Service spooler
Set-Service spooler -StartupType Disabled
docker run -d --name testspoolererror1 microsoft/windowsservercore:latest ping -t localhost
docker exec -it testspoolererror1 powershell
Install-WindowsFeature Print-Server
Set-Service spooler -StartupType Automatic
Start-Service spooler
Get-Service spooler
Get-Printer
I'm sorry to hear you're having this issue and I'll be glad to do what I can to help you sort it out :)
For the sake of being thorough, I tried this myself by running the following commands:
docker run -it microsoft/windowsservercore:latest powershell
(Now running powershell from within container)
Install-WindowsFeature Print-Server
Set-Service spooler -StartupType Automatic
Start-Service spooler
Get-Service spooler
Get-Printer
I was able to run these on my system, without an error. So that's a start.
Now, from your error it looks like the spooler service didn't even start. What do you see when you run Get-Service spooler? Will you try running these commands on your system just as I have listed them above then report back with your results?
Also, to clarify, what are you trying to do when you're pinging localhost from the container? Are you trying to ping your container host?
And as a side note, if you're looking for background info on how container networking works on Windows, here's a good place to start: https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/container-networking
--Kallie B. (Program Manager, Microsoft Networking Team)
The reason that Kallie seems to have been able to get the above steps to work is probably because it is being hosted differently. I tried the above steps via Docker on a Server 2016 box, and hit the same errors. When I tried it via Docker on Windows 10, I was able to launch the spooler successfully and run the above commands, but I couldn't install any drivers successfully which would make it actually useful. Pnputil just throws odd "No Data" errors when attempting to install any .inf's.
My guess is that it works on Windows 10 because it's using hyper-v emulation instead of the native container used when hosting Server 2016 Core on Server 2016. Another thing I noticed was that the drivers are inherited from the base machine when creating a container on Server 2016, but not on Windows 10. I assume that's fairly well-understood behavior by Docker experts, but it does seem like the inherited drivers might be causing the crash. I'm not a Windows expert either, though.
Either way, it seems like something that Microsoft will have to look into and resolve.
The network that docker runs on (by default) is not that same network as the host.
Pinging localhost from inside the container is not doing what you think it's doing.
Learn how docker networks as step 1.

Resources