search

docker / for-win

Bug reports for Docker Desktop for Windows
https://www.docker.com/products/docker#/windows
1.86k stars 290 forks source link

docker pull microsoft/windowsserver core fails to extract: access denied #292

Closed dheater closed 7 years ago

dheater commented 7 years ago

Expected behavior

Expect image to download and extract into c:\ProgramData\Docker

Actual behavior

Fails to register layer due to Access denied error

Information

Docker for Windows version 1.13.0-rc2-beta31

Running commands below from PowerShell run as administrator.

Steps to reproduce the behavior

I've been getting the following permission denied error with Docker for windows

PS C:\WINDOWS\system32> docker pull microsoft/windowsservercore Using default tag: latest latest: Pulling from microsoft/windowsservercore 9c7f9c7d9bc2: Extracting [==================================================>] 3.738 GB/3.738 GB d33fff6043a1: Download complete failed to register layer: rename C:\ProgramData\Docker\image\windowsfilter\layerdb\tmp\write-set-925881297 C:\ProgramDat a\Docker\image\windowsfilter\layerdb\sha256\3fd27ecef6a323f5ea7f3fde1f7b87a2dbfb1afa797f88fd7d20e8dbdc856f67: Access is denied.

The destination folder says that administrator has full control. I've attempted to disable read-only recursively on the image\windowsfilter without success.

jornh commented 7 years ago

I experience something very similar on my Win 10 Enterprise both with docker pull microsoft/windowsservercore and nanoserver (and have been doing that for a couple of beta releases).

Edit: Occationally when trying to pull one layer succeeds- that's what saved me some weeks ago where I had luck with both layers. But now I'm essentially unable to get Windows containers running again 😢 after having cleared D:\ProgramData\docker and installed Docker from scratch to clean up (before I found out how to resolve the problem with NAT in MicrosoftDocs/Virtualization-Documentation#304 after my beta 32.1 update)

I have McAfee Endpoint Security - could this whole thing be related to https://github.com/Microsoft/Virtualization-Documentation/issues/355 ?

jornh commented 7 years ago

Hooray, it seems I found a (somewhat cumbersome) partial workaround:

  1. Spin up a Server 2016 in Hyper-V and install Docker on it. It works fine and has no problems doing docker pull.

  2. Inside that machine then do docker save -o NANOsave.tar.gz microsoft/nanoserver

  3. Copy the image to your Win 10 machine and in Windows container mode do a docker load -i NANOsave.tar.gz

  4. 😆 x 3 in a quiet way while you docker run -it --rm microsoft/nanoserver powershell and then toy around inside the container

So actually https://github.com/Microsoft/Virtualization-Documentation/issues/355 turned out to be the place where I found the workaround and it's confirmed this is a different issue. Probably tied to some environment'ey stuff at least on @dheater and my PCs. I suspect the issue to be due to a (SSD) disk or anti-virus race condition or something because it consistently (for me) fails at the moment with high disk and antivirus activity where Extracting is finalizing on my Lenovo W520.

@dheater does the workaround help you? In an attempt to narrow the issue further down: What's your environment regarding machine, anti-virus, disk etc. compared to mine?

dheater commented 7 years ago

Also running on a Lenovo with SSD. I disabled McAfee and the install succeeded

karlomedallo commented 7 years ago

Happened to me too. Disabled Real-Time Scanning of McAfee and worked image

JoshSchreuder commented 6 years ago

I tried in a fresh Windows 10 Enterprise N 1709 VM and installed McAfee Endpoint Protection 10.5.3.3178.

Out of the box the docker pull command worked fine.

Running 10.5.1 elsewhere and it has this issue, not 100% if it's McAfee or some other environmental issue.

artisticcheese commented 6 years ago

All versions of Mcafee DO NOT SUPPORT windows containers. Please contact your service representative at Mcafee and demand this support since competition supports it for quite sometime now. https://kc.mcafee.com/corporate/index?page=content&id=KB90041&actp=null&viewlocale=en_US&showDraft=false&platinum_status=false&locale=en_US

stgraves commented 6 years ago

@artisticcheese the McAfee article you mentioned was updated on 9/3/2018 and looks like the support statement has changed. Can you confirm if McAfee VSE 8.8 supports containers now?

artisticcheese commented 6 years ago

Yes, appears wording in changed now that it's in fact supported on host but not inside containers.

rmchndrng commented 4 years ago

Had the same issue with Windows Defender. Had to disable the Real time protection to get it to work.

docker-robott commented 4 years ago

Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle locked