Failed to create endpoint <name> on network nat: Unspecified error

[gregpakes]

Failed to create endpoint on network nat: Unspecified error

Expected behavior

When I run the following command

docker run -d -p 1433:1433 -e sa_password=XXXXX -e ACCEPT_EULA=Y -v C:/Dev/databases:C:/Dev/databases -e attach_dbs="[{'dbName':'newframework','dbFiles':['C:\\Dev\\databases\\newframework_primary.mdf','C:\\Dev\\databases\\newframework_primary.ldf']}]" microsoft/mssql-server-windows-developer

I would expect the container to be created.

Actual behavior

I get the following:

C:\Program Files\Docker\Docker\Resources\bin\docker.exe: Error response from daemon: failed to create endpoint objective_hawking on network nat: HNS failed with error : Unspecified error.

I have tried resetting docker for windows, but it still persists.

I believe the issue was caused by a BSOD on the first load of the same container.

Information

• Diagnostic ID: 265A8CDB-1C96-420E-AAD8-3949B340C4E3/2017-04-24_09-52-28

Debug-ContainerHost.ps1 output:

Checking for common problems
Describing Windows Version and Prerequisites
 [+] Is Windows 10 Anniversary Update or Windows Server 2016 678ms
 [+] Has KB3192366, KB3194496, or later installed if running Windows build 14393 143ms
 [+] Is not a build with blocking issues 19ms
Describing Docker is installed
 [+] A Docker service is installed - 'Docker' or 'com.Docker.Service'  77ms
 [+] Service is running 22ms
 [+] Docker.exe is in path 2.09s
Describing User has permissions to use Docker daemon
 [+] docker.exe should not return access denied 45ms
Describing Windows container settings are correct
 [+] Do not have DisableVSmbOplock set to 1 35ms
 [+] Do not have zz values set 37ms
Describing The right container base images are installed
 [+] At least one of 'microsoft/windowsservercore' or 'microsoft/nanoserver' should be installed 188ms
Describing Container network is created
 [+] At least one local container network is available 2.62s
 [+] At least one NAT, Transparent, or L2Bridge Network exists 36ms
 [-] NAT Network's vSwitch is internal 92ms
   Expected: {Internal}
   But was:  {Private}
   192:       $switchType | Should Be "Internal"      
   at <ScriptBlock>, <No file>: line 192
 [-] Specified Network Gateway IP for NAT network is assigned to Host vNIC 169ms
   Expected: {True}
   But was:  {False}
   206:       $vmNicGatewayIPExists | Should Be $true
   at <ScriptBlock>, <No file>: line 206
 [+] NAT Network's internal prefix does not overlap with external IP' 47ms
Showing output from: docker info
Containers: 1
 Running: 0
 Paused: 0
 Stopped: 1
Images: 2
Server Version: 17.03.1-ce
Storage Driver: windowsfilter
 Windows: 
Logging Driver: json-file
Plugins: 
 Volume: local
 Network: l2bridge l2tunnel nat null overlay transparent
Swarm: inactive
Default Isolation: hyperv
Kernel Version: 10.0 15063 (15063.0.amd64fre.rs2_release.170317-1834)
Operating System: Windows 10 Pro
OSType: windows
Architecture: x86_64
CPUs: 8
Total Memory: 31.82 GiB
Name: iSAMS-LAP-GREG3
ID: H5EZ:EK42:BS6Y:FC3X:TRWA:YDP5:5RCT:ZZ3U:VJ7K:GTOC:C4Y5:ZDXK
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: -1
 Goroutines: 15
 System Time: 2017-04-24T11:01:19.109807+10:00
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Experimental: true
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Showing output from: docker version
Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Tue Mar 28 00:40:02 2017
 OS/Arch:      windows/amd64

Server:
 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.24)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Tue Mar 28 00:40:02 2017
 OS/Arch:      windows/amd64
 Experimental: true

Showing output from: docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
e162f88a0bb9        nat                 nat                 local
5557dec2aec1        none                null                local

Warnings & errors from the last 24 hours

   ProviderName: Microsoft-Windows-Hyper-V-Compute

TimeCreated                     Id LevelDisplayName Message                                                                                                    
-----------                     -- ---------------- -------                                                                                                    

Logs saved to C:\WINDOWS\system32\logs_20170424-110124.csv

Steps to reproduce the behavior

[gregpakes]

I managed to solve this by:

• Uninstall Docker
• Remove Containers windows feature
• Reboot
• Enable Containers windows feature
• Install Docker

Seems like a nuclear option though!

[simonferquel]

You can also try to reset to factory defaults (in d4w settings / diagnostics) or even try Microsoft's own HNS nuke script: https://github.com/Microsoft/Virtualization-Documentation/tree/live/windows-server-container-tools/CleanupContainerHostNetworking

[gregpakes]

@simonferquel I thought I detailed this in the original post, but I didn't - apologies.

I tried both of those solutions. Neither worked.

[pennywisdom]

I have been experiencing this on Windows 2016 regularly with deployments from a CI process: https://github.com/docker/compose/issues/4521

I have tried all the recommendations listed above. In a compose deployment I regularly get a service fails with something in the HNS.

[ghost]

I was experiencing the same issue with both stable release and edge release on Windows 10 (not the Creator Update). Because it's Unspecified Error, here is nothing interesting in the log. I got the error when trying to run microsoft/ii:windowsservercore image and microsoft/sqlserver-windows:latest images. With refresh reboot, I can run iis image once and only once, but never had any luck with the sql image. I was using normal run command. Didn't try compose. After the run command and getting the error, I found the containers were created.

[gregpakes]

@celcat I think your issue is different. Pre-Creators Update, windows could only have 1 nat network. If you tried to create another it failed.

Creators update allows more than 1

[ghost]

Hi @gregpakes no, I didn't try to create another network. I only used the default nat network.

Just finished my experiment of doing everything from slate, i.e. uninstalled the docker, turnned off the Hyper-V and Container features, deleted the docker folders everywhere, and then put back everything again. Still no luck with both iis and sql server images. Got the error as long as I put -p or -P option on the run command.

[gregpakes]

@CELCAT are you able to get the creators update? I think it might help.

[ghost]

Hi @gregpakes sorry for the late reply. I'm afraid I'm not able to do it. I'm using Surface Pro 3 which may have some issue with Creator's update and most importantly our company IT admin doesn't want us to upgrade yet.

[ghost]

Hi @gregpakes I managed to install the Creators' Update and the issue seems gone. But before the update, I wiped off everything including docker, container support and hyper-v, not sure which part helped.

[UPDATE] Managed to launch the mssql-server-windows-developer container and connected to it from host via Management Studio. But as soon as I attempted to create a new database, I got BSOD! But this new issue is probably off-topic here.

[jirkapok]

script worked for me by calling with both -cleanup -ForceDeleteAllSwitches and restart. I only needed to reassign network adapters in my Hyper-V virtual machines, because of the deleted adapters.

[brunofvalli]

In my case I was trying to assign a new container using the same external ports as another container. Once I made my exposed ports different from the others everything started working.

[odaibert]

I have a similar problem here. SCENARIO: I have a Windows Server 2016 with container and try to host a Windows Server Core with an legacy COM+ application. COM+ is a RPC based service and uses the port range 49152-65535 to communicate. So I run: docker run -d -p 49152-65535:49152-65535 MyCOMPlusContainer and get the error: _Error response from daemon: failed to create endpoint musingyalow on network nat: HNS failed with error : Unspecified error. If I run the same, but only with a few ports like 49152-50152 it run, but I cannot access the component inside the container.

[andyliddle]

I have this issue with docker 17.06.2-ce.

I have tried to uninstall docker / hyper-v and containers but no luck fixing this.

Network just seems broken on my pc and i don't know how to fix, without reinstalling windows.

Any suggestions?

[brunofvalli]

What I have done was to create a new network interface:

docker network create -d transparent --gateway 192.168.1.1 --subnet=192.168.1.0/28 -o com.docker.network.windowsshim.interface="Ethernet" MyNetwork 

Above assumes network of the type 192.168.1.0 with a net mask of 255.255.255.0

Then when creating your container point to this network:

docker run -d --network MyNetwork --mac-address="00:15:5d:d9:e4:43" --restart=always --name myNameContainer myrepository/myApp:dev

It worked for me.

I assume your host computer can actually get to the network, and only your containers cannot.

[andyliddle]

I managed to get this working by installing and uninstalling a few times and making sure windows is up-to-date lol.

Though I thought I did read somewhere that the you can have more then one NAT network with the Windows 10 Creators Update.

Any seems to be working now :-)

[pennywisdom]

@andyliddle you can have multiple nat networks with Creators Update. However as far as I know this is not possible on windows server 2016 yet so a little self-defeating for a production scenario where you want this isolation. I believe overlay networks will be the way to go but last time i tested a few things out I was having trouble with the routing mesh support :(

[duranali]

In my case, removing Windows Security Update KB4074590 from my Win 2016 server resolved the issue.

[duranali]

update: Another Security release from Microsoft hit this morning and causes the same problem KB4041691. Uninstalling this update also fixes the issue on Win 2016

[docker-robott]

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale comment. Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle stale

[code-bringer]

It looks like that it is a port conflict issue(so probably you need to use some other port instead of 1433 which is default for MS SQL Server), here is a good description from @natemcmaster

[RaviKumar1611]

I have reset my docker as default factory and it worked.

[Ankit3794]

In my case docker network prune helped.

[stanlybolanos]

In my case this was a SQL Server container and the error was because the port I specified was already taken by a previous SQL installation in the host, changing the port fixed my issue

[dionad]

Port conflict was exactly what it was for me. I was running docker on Win2016 with IIS installed and running on the host. Trying to run a container with -p 80:80 was failing since port 80 in use by the host for IIS. Stopping IIS solved it.

[docker-robott]

Closed issues are locked after 30 days of inactivity. This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. /lifecycle locked