Error: A firewall is blocking file Sharing between Windows and the containers

[medhatelmasry]

Expected behavior

I am using Docker for windows 10 with a Linux container. I am unable to share a drive. I get a firewall error when I do so similar to case https://github.com/docker/for-win/issues/345. This was working OK until I reset my credentials and it stopped working.

Actual behavior

When I try to share any drive I get error: A firewall is blocking file Sharing between Windows and the containers. See documentation for more info.

Information

Diagnostic ID is 1ED2444F-86D2-400A-A2AC-165C6FA6599A/2016-12-24_21-28-25

Steps to reproduce the behavior

1. Right-click on the docker icon in the Windows 10 tray and select Settings
2. Click on Shared Drives tab
3. Enable C, D, and E drives then click on Apply button
4. Following error is displayed: A firewall is blocking file Sharing between Windows and the containers. See documentation for more info.

[simonferquel]

@Kounavi you should not label vEthernet (DockerNAT) as private. The problem is that as there is no recognizable network infrastructure (router, dhcp server...) recognizable by Windows, doing so has a tendency to instruct Windows to tag any un-recognized network as private... which is not good.

[dlsniper]

I too can confirm the issue is from the Network and File sharing. Once I've enabled / disabled this it worked like a charm. Hope whoever else has this problem will not spend months of cursing at their screens for this not working properly.

[aosvaldtRS]

I have windows 10 with Symantec Endpoint Protection installed. Once turn the Symantec firewall off the sharing works and if it is on I receive the error message below: ls: reading directory .: Host is down total 0 Also I tried to Disable/Enable Network and File sharing and it does not work. Any help will be greatly appreciated.

[samdark]

Worked for me as well after disabling-enabling. Weird...

[amrael]

Found a way to reproduce the problem.

1. Add VPN connection (this will also create VPN adapter).
2. Restart computer
3. Enable File Sharing in Docker settings.

To fix the problem

1. Remove VPN connection just created (this will also remove the adapter).
2. Re-install Network and File sharing.
3. Enable File Sharing in Docker settings.

Re-installing Network and File sharing will temporarily fix it even with VPN adapter but the problem reappears after reboot.

VPN connection with Docker for Windows didn't cause any problem before Windows 10 Creators update.

[friism]

What VPN software are you using? -- http://friism.com/ (650) 318-1051 Sapere aude

[amrael]

@friism It's Windows built-in as described here https://support.microsoft.com/en-us/help/20510/windows-10-connect-to-vpn I'm not sure if it's relevant but in my case it was L2TP/IPSec Pre-shared Key. Nothing special.

[juhap]

@friism I'm also using the windows built-in VPN and started having the same issue after the Creators update.

[GeorgeWieggers]

@juhap: Thank you for your workaround. It works fine for me, until next reboot. Your workaround can be automated using the following Powershell commands (run as administrator):

Disable-NetAdapterBinding -Name "vEthernet (DockerNAT)" -ComponentID ms_server Enable-NetAdapterBinding -Name "vEthernet (DockerNAT)" -ComponentID ms_server

Or use the attached powershell script. fix-docker-drive-sharing.zip

[xtophs]

@GeorgeWieggers fix worked for me. Same situation. Things broke when the Creators update rolled around.

[BalintFarkas]

@juhap This solution worked too for me. Hopefully the Docker team figures something out to make this workaround unnecessary.

[samdark]

Yes. I have to do it each time after rebooting a PC.

[niko44]

Thks to @GeorgeWieggers, it works for me without reboot

[iankoulski]

Thanks @johnrb2 for posting your solution. It is sometimes not possible to change firewall rules, but changing the subnet address of your Docker NAT adapter can help comply with them. Changing the subnet address to something I know is not blocked by our corporate network solved the problem for me.

[johnrb2]

@iankoulski glad it helped.

[niko44]

I'm agree with samdark. After reboot, you need to do it again

[superbob]

As commented here : https://github.com/docker/for-win/issues/345#issuecomment-311884132 I reproduce the issue with the last version of docker : 17.06.0-ce-win18 (12627) Disabling/Enabling file sharing doesn't change anything.

[ondrej-smola]

17.06.0-ce-win18 (12627) fixed it for me. Did automatic update and then factory reset and drive sharing is now working as expected.

Windows 10 Pro (15063.413) Creators update

[OleksandrPereverzyev]

Resetting file sharing alone didn't really help, but today I've played with Hyper-V Manager settings and it somehow solved the problem. The approximate steps are following:

• Go to Hyper-V Manager -> Virtual Switch Manager -> DockerNAT -> Connection Type: change from internal to private, apply, change back to internal, apply
• Restart MobyLinuxVM
• Restart Docker
• Set Docker network profile to 'Private' as described above
• Reset file sharing on DockerNAT connection as described above
• Go to Docker -> Settings -> Shared Drives and share C:

Docker 17.06.0-ce-win18 12627 Windows 10 Enterprise 10.0.14393 Active Directory user Default subnet and firewall rule

[jycr]

I do not know if this is due to the same problem, but none of the workarounds suggested above work for me.

Here is the systematic error that I have:

Here are the firewall rules that my company administers:

And here network settings:

[colthreepv]

@jycr does @OleksandrPereverzyev suggestion does work?

It's weird how fragmented the workaround is

[jycr]

@colthreepv : I do not have sufficient privileges to perform this action. Nevertheless, a colleague was able to make actions describe by @OleksandrPereverzyev, but without more success.

[jasonbivins]

@colthreepv @jycr

We use port 445 through Windows File and printer sharing to connect to the drives via Samba and CIFS - Make sure you're allowing File and Printer Sharing (NB-Session-In) and File and Printer Sharing (SMB-In) through your local firewall.

can you access 10.0.75.1 on port 445 via telnet ?

[jycr]

@jasonbivins : I can't acess on 10.0.75.1 on port 445 via telnet.

[arush1204]

Hi, I'm facing the same issue. Here are the workarounds I have tried:

1. Unchecked and checked File and Printer Sharing for Microsoft Networks property. Uninstalled and Installed the property.
2. Docker version 17.06.0-ce, Windows 10
3. Set-NetConnectionProfile -InterfaceAlias "vEthernet (DockerNAT)" -NetworkCategory Private

Here are the logs: [00:06:01.959][SambaShare ][Error ] Unable to mount C drive: firewall is blocking [00:06:01.959][SambaShare ][Info ] Removing share C [00:06:02.044][NamedPipeClient][Info ] Received response for Mount [00:06:02.044][NamedPipeServer][Info ] Mount done in 00:00:03.3763313.

I uploaded the diagnostic: A diagnostic was uploaded with id: 03D82A06-9616-4815-A02F-7B80AAB4FE78/2017-07-20_00-02-08

PS: This is my work computer, but from similar discussions I have read, issue could be something else.

I'd appreciate your help.Hi, I'm facing the same issue. Here are the workarounds I have tried:

1. Unchecked and checked File and Printer Sharing for Microsoft Networks property. Uninstalled and Installed the property.
2. Docker version 17.06.0-ce, Windows 10
3. Set-NetConnectionProfile -InterfaceAlias "vEthernet (DockerNAT)" -NetworkCategory Private

Here are the logs: [00:06:01.959][SambaShare ][Error ] Unable to mount C drive: firewall is blocking [00:06:01.959][SambaShare ][Info ] Removing share C [00:06:02.044][NamedPipeClient][Info ] Received response for Mount [00:06:02.044][NamedPipeServer][Info ] Mount done in 00:00:03.3763313.

I uploaded the diagnostic: A diagnostic was uploaded with id: 03D82A06-9616-4815-A02F-7B80AAB4FE78/2017-07-20_00-02-08

PS: This is my work computer, but from similar discussions I have read, issue could be something else.

I'd appreciate your help.

[dbashyal]

@OleksandrPereverzyev that fixed the issue. Avast firewall was not showing Network vEthernet (DockerNAT)(Adapter) until I followed your steps.

[mickext]

This problem can be happen If you are using Windows 10 Enterprise.

The Group Policy in System Center / Active Directory can blocking the port 445. The System Administrator needs permit this port to your user/ip.

Releasing the door in Windows Firewall Local does not make effect.

[Kounavi]

@simonferquel What can I say? :) Back then I was using Divio's app but days have come and gone by and I'm using docker compose now when I have to resort to docker which I find much better and much more flexible for my workflow and usage cases (at least for me). Also, without that workaround I couldn't use docker in any way so it was a necessary evil (but can't recall the details since it's been a long time).

[apodznoev]

I've read all this and a couple of other topics and tried everything written there. The only thing that finally worked for me was switch to Docker Edge version:

Client: Version: 17.09.0-ce-rc3 API version: 1.32 Go version: go1.8.3 Git commit: 2357fb2 Built: Thu Sep 21 02:31:16 2017 OS/Arch: windows/amd64

Server: Version: 17.09.0-ce-rc3 API version: 1.32 (minimum version 1.12) Go version: go1.8.3 Git commit: 2357fb2 Built: Thu Sep 21 02:36:52 2017 OS/Arch: linux/amd64 Experimental: true

[command0r]

Sounds weird, but the solution offered by @juhap worked for me. Seems more like a Windows 10 glitch that has nothing to do with Docker.

[rn]

cleaning/closing old issues.

[avindra]

People having this issue with Cisco's VPN software... did you come up with any workarounds?

Seems that the only way for corporate users to work from home is to give up the VPN :/

[JoshSchreuder]

I had two firewall rules in Windows Firewall

No idea where these came from, but disabling them allowed me to share the drive. Hope this helps someone.

[joegrasse]

@avindra To get docker to work with a Cisco VPN, I had to go into Docker -> Settings -> Network and change the Internal Virtual Switch settings.

For Example: Subnet Address: 192.168.65.0 Subnet Mask: 255.255.255.0

[ralberts]

The Cisco VPN policy settings blocked any local traffic - it basically sends it all through the VPN - though I switched over to OpenConnect and it allows local traffic which allowed docker to work for me. Hope this helps someone.

[radekbaranowski]

Does it have anything to do with severe restriction (and complete default removal) on using SMB v.1.0 which is regarded ATM as highly vulnerable, thus deprecated and disabled by default in newest Win10 updates? Struggled with this when lost connection to my local NAS, maybe that's just another chapter of the same story?

[efunkenbusch]

In my case, the problem appears to be that our domain policy forces the firewall to be enabled on the Private and Public profiles (disables it for the DomainAuthenticated profile). Even though I have the proper ports enabled on those profiles, it still is blocked. Turning off the Firewall service allows the drives to be mapped, so it's definitely a firewall/security policy issue.

I can reach port 445 on the Docker interface (I've remapped to 192.168.0.1 because our network uses the 10.* network).

I'm running Windows 10 1803, which of course has the issue where you cannot uninstall file and printer sharing. So that workaround is not possible.

[mariusjp]

I had two firewall rules in Windows Firewall

No idea where these came from, but disabling them allowed me to share the drive. Hope this helps someone.

You are a lifesaver! I tried EVERYTHING mentioned EVERYWHERE on the internet. And these stupid 2 rules blocked me. Thx for the find!

[duc-anh-tran]

For anyone with Cisco VPN issue, follow this guide: https://github.com/docker/for-win/issues/360#issuecomment-415535460 Finally worked out for me.

[germanamv]

Norton smart firewall was the problem for me. Worked fine after disabling it.

[DashAce10]

Disabling this setting worked for me.

[LU4E]

check if there is a forbid rules for 445. mine is forbid rules for bitcoin which forbid 445.

[GZFrankPeng]

Disabling this setting worked for me.

I found this, and re-review my the Windows Firewall Settings, and do find a rule which is blocked the 445 port, I enable it, and now it works. Thanks @DashAce10 ! I've spent a lot of time on the issue before it is settled. Beautiful! So I do suggest you to check your Firewall Rules carefully around the port 445. Wish you good luck!

[mara8008]

In my case, Nothing worked with the given suggestions. I did following steps to solve this problem as i am on VPN(I am using Check point EndPoint Security). 1)Uninstalled the docker completely from system. Clean uninstall. 2)Install the docker with Admin Privileges while i am on VPN. 3)Once the docker up and running, Share the drive and it will work as usual.

Please make sure you do clean Uninstall as mentioned in first step even from system registries.

[gabeluci]

@mara8008 A reboot should be enough when Check Point is misbehaving. I've had problems in the past with it enforcing firewall rules even when I'm not connected anymore, even after shutting down the Check Point service (because it uses a driver-based firewall). So the only way to reset those rules is to reboot.

[appsparkler]

This is what worked for me on Windows 10:

Type Turn Windows Feature On Or Off and check the checkbox for File Sharing. Restart the system.

Good Luck...

[tolgabalci]

Thank you @efunkenbusch! I tried over a dozen different things and none of them worked, but changing Docker => Settings => Network => Subnet Address to 192.168.0.0 worked! (My company also uses 10...* for internal addresses)

[docker-robott]

Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle locked