calls to INetworkListManager GetConnectivity in mcr.microsoft.com/windows:20H2 fail with a chain of problems

[MenaceSan]

• [x ] I have tried with the latest version of Docker Desktop
• [ x] I have tried disabling enabled experimental features
• [ ] I have uploaded Diagnostics
• Diagnostics ID:

Actual behavior

calls to INetworkListManager GetConnectivity in mcr.microsoft.com/windows:20H2 fail INetworkListManager Network calls are not working in Docker: mcr.microsoft.com/windows:20H2 https://hub.docker.com/_/microsoft-windows

INetworkListManager GetConnectivity returns 0x80070422 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

netprofm service is not running by default in this image. setting its status to Automatic Set-Service 'netprofm' -StartupType Automatic now fails differently. 0x8007042c = ERROR_SERVICE_DEPENDENCY_FAIL = The dependency service or group failed to start.

Expected behavior

INetworkListManager GetConnectivity should return a value > 3 to indicate ipv4 or ipv6 is available.

Information

• Windows Version: 10 pro. 20H2, build 19042.804
• Docker Desktop Version: 3.2.1
• WSL2 or Hyper-V backend? WSL2
• Are you running inside a virtualized Windows e.g. on a cloud server or a VM: a locally hosted VM

Steps to reproduce the behavior

1. start instance of mcr.microsoft.com/windows:20H2
2. run test app (TestNetStatus source below) to call INetworkListManager GetConnectivity

optionally i can call: (in a powershell connection to the VM)

Set-Service 'wmiApSrv' -StartupType Automatic Set-Service 'nlasvc' -StartupType Automatic Set-Service 'netprofm' -StartupType Automatic Start-Service 'netprofm' Start-Service 'wmiApSrv' Start-Service 'nlasvc'

rem re-run TestNetStatus and we now get 3 (NLM_CONNECTIVITY_IPV4_NOTRAFFIC). (Still no connectivity)

Tests:

wget google.com REM this will fail since it uses ie ?

rem prevent possible IE popup from blocking us.

$keyPath = 'Registry::HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main' if (!(Test-Path $keyPath)) { New-Item $keyPath -Force | Out-Null } Set-ItemProperty -Path $keyPath -Name "DisableFirstRunCustomize" -Value 1

rem OK but does not fix status problem

wget google.com rem wget now works but its possibly unrelated to INetworkListManager failure.

Test a different docker image: docker run --rm mcr.microsoft.com/dotnet/framework/samples:dotnetapp rem stops immediately with no messages.

docker pull mcr.microsoft.com/powershell/test-deps rem fails with: Error response from daemon: manifest for mcr.microsoft.com/powershell/test-deps:latest not found: manifest unknown: manifest tagged by "latest" is not found

TestNetStatus Sources:

// TestNetStatus.cpp : This file contains the 'main' function. Program execution begins and ends there. // This tests the network connectivity the same way that UDC does. // This currently fails in Docker using image mcr.microsoft.com/windows:20H2

include // HRESULT

include // std::cout

include // std::to_string

include

include

include // CComPtr

include // INetworkListManager

include

HANDLE g_hLogFile = NULL;

void LogLine(std::string s) { ::OutputDebugStringA(s.c_str()); ::OutputDebugStringA("\n");

std::cout << s << "\n";

if (g_hLogFile != NULL)
{
    DWORD dwWritten = 0;
    ::WriteFile(g_hLogFile, s.c_str(), (DWORD)s.length(), &dwWritten, nullptr);
    ::WriteFile(g_hLogFile, "\n", 1, &dwWritten, nullptr);
}

}

template< typename T > std::string to_hexstr(T i) { std::stringstream stream; stream << "0x" << std::setfill('0') << std::setw(sizeof(T) * 2) << std::hex << i; return stream.str(); }

int main() { g_hLogFile = ::CreateFileA("c:\temp\TestNetStatus.log", GENERIC_WRITE, FILE_SHARE_READ, nullptr, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_SEQUENTIAL_SCAN, NULL ) ; if (g_hLogFile != NULL) { ::SetFilePointer(g_hLogFile, 0, nullptr, SEEK_END); }

LogLine("TestNetStatus v1.2");

HRESULT hRes = ::CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hRes))
{
    LogLine( "FAIL CoInitializeEx " + to_hexstr(hRes) );
    return -1;
}

if 1

// The impersonation level must be at least RPC_C_IMP_LEVEL_IMPERSONATE.
hRes = ::CoInitializeSecurity(NULL, -1, NULL, NULL,
    RPC_C_AUTHN_LEVEL_CONNECT,
    RPC_C_IMP_LEVEL_IMPERSONATE,
    NULL, EOAC_NONE, 0);
if (FAILED(hRes))
{
    LogLine("FAIL CoInitializeSecurity " + to_hexstr(hRes));
    // return -2;   // Try anyhow?
}

endif

std::system("pause");

CComPtr<INetworkListManager> pNLM;
hRes = ::CoCreateInstance(CLSID_NetworkListManager, NULL,
    CLSCTX_ALL, __uuidof(INetworkListManager), (LPVOID*)&pNLM);
if (FAILED(hRes))
{
    LogLine("FAIL CoCreateInstance " + to_hexstr(hRes) );
    return -3;
}

NLM_CONNECTIVITY con = NLM_CONNECTIVITY_DISCONNECTED;
hRes = pNLM->GetConnectivity(&con);
if (FAILED(hRes))
{
    // fails with 0x8007042c in Docker = ERROR_SERVICE_DEPENDENCY_FAIL
    LogLine("FAIL GetConnectivity " + to_hexstr(hRes));
    return -4;
}

if ((con & NLM_CONNECTIVITY_IPV4_INTERNET) || (con & NLM_CONNECTIVITY_IPV6_INTERNET) || (con & NLM_CONNECTIVITY_IPV4_LOCALNETWORK) || (con & NLM_CONNECTIVITY_IPV6_LOCALNETWORK))
{
    LogLine("Network OK = " + to_hexstr(con));
    return 1;
}
else
{
    // NLM_CONNECTIVITY_IPV4_NOTRAFFIC NLM_CONNECTIVITY_IPV6_NOTRAFFIC
    LogLine("Network Offline = " + to_hexstr(con));
    return 0;
}

}

[stephen-turner]

I think you need to speak to the authors of that container.

[docker-robott]

Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle locked