search

microsoft / WSL

Issues found on WSL
https://docs.microsoft.com/windows/wsl
MIT License
17.52k stars 822 forks source link

Error code: Wsl/Service/CreateInstance/CreateVm/ConfigureNetworking/HNS/E_ACCESSDENIED #11980

Open thastad opened 2 months ago

thastad commented 2 months ago

Windows Version

Microsoft Windows [Version 10.0.26100.1591]

WSL Version

2.2.4.0

Are you using WSL 1 or WSL 2?

Kernel Version

No response

Distro Version

Ubuntu

Other Software

No response

Repro Steps

C:\Windows\System32>wsl.exe

Expected Behavior

Wsl default distro is launched.

Actual Behavior

Kan ikke konfigurere nettverk (networkingMode Nat). Hvis du vil deaktivere nettverk, angir duwsl2.networkingMode=None i C:\Users\trond.wslconfig Error code: Wsl/Service/CreateInstance/CreateVm/ConfigureNetworking/HNS/E_ACCESSDENIED

Error message is in norwegian but transelate to "can not configure network (networkingMode Nat) you can disable networking in .wslconfig"

Similar error message on every distro i try to start. WSL was working a week ago and no configuration changes since then.

The system has been updated with "Win 11 version 24H2 KB5041865" and a HP bios update since last time wsl was working

Diagnostic Logs

WslLogs-2024-08-30_22-04-13.zip

github-actions[bot] commented 2 months ago

The logs show that the VM failed to start because the HNS network couldn't be created. Adding network tag

Diagnostic information ``` Detected appx version: 2.2.4.0 Detected user visible error: Wsl/Service/CreateInstance/CreateVm/ConfigureNetworking/HNS/E_ACCESSDENIED Found evidence of HcnCreateNetwork failure: HcnCreateNetwork {"Success":false,"Error":"Ingen tilgang. ","ErrorCode":2147942405}. HResult: 0x80070005 ```
maxboone commented 2 months ago

+1, on arm64 with Version 24H2 (Build 26100.1591)

PS C:\Users\micro> wsl --version
WSL version: 2.2.4.0
Kernel version: 5.15.153.1-2
WSLg version: 1.0.61
MSRDC version: 1.2.5326
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26091.1-240325-1447.ge-release
Windows version: 10.0.26100.1591

Update: I also don't see the NetAdapter for WSL, any way to create that manually once before continuing?

PS C:\Users\micro> Get-NetAdapter -Name "vEthernet (WSL)"
Get-NetAdapter : No MSFT_NetAdapter objects found with property 'Name' equal to 'vEthernet (WSL)'.  Verify the value
of the property and retry.
At line:1 char:1
+ Get-NetAdapter -Name "vEthernet (WSL)"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (vEthernet (WSL):String) [Get-NetAdapter], CimJobException
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Get-NetAdapter
maxboone commented 2 months ago

For now, locally, I'm working around this by setting the following in my .wslconfig.

Maybe it helps someone:

[wsl2]
networkingMode=mirrored

Update If you're using docker, this will break your setup due to the way that traffic is looped back to WSL. See: https://gist.github.com/shigenobuokamoto/b565d468541fc8be7d7d76a0434496a0

martin-labsky commented 2 months ago

Same issue here with the exact same versions as above, and yes networkingMode=mirrored did fix it for me, thanks for the hint.

maxboone commented 2 months ago

@martin-labsky FYI, for me switching back to nat mode worked again after working on mirrored. Might be worth the attempt, as mirrored mode is still somewhat in beta.

thastad commented 2 months ago

@maxboone Switching to mirrored and back to nat did the trick for me to. Thank you

CatalinFetoiu commented 2 months ago

@thastad , thanks for reporting the issue. can you please collecting networking logs using instructions at https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues ?

The script will create a zip with name starting with "WslNetworkingLogs"

thastad commented 2 months ago

@CatalinFetoiu logs attached As you can see from the comments the issue is no longer present after creating .wslconfig with networkingMode=mirrored run wsl and then switch back to networkingMode=nat

WslNetworkingLogs-2024-09-06_22-42-51.zip

github-actions[bot] commented 2 months ago
Diagnostic information ``` .wslconfig found Detected appx version: 2.2.4.0 optional-components.txt not found ```
dingwen07 commented 2 months ago

The issue seems to be related to Host Network Service, I found the problem happens occasionally and can be resolved temporarily (until next reboot) by go to Service (either using task manager or MMC), locate service HNS and Restart it, then WSL will launch.

HenryGessau commented 2 months ago

Thanks @dingwen07! Restarting the Host Network Service (HNS) resolves the problem (temporarily) for me too.

The error code for this issue ends with HNS/E_ACCESSDENIED. I wonder if some recent Windows security patches have tightened access policies that affect WSL networking.

simonknittel commented 2 months ago

Switching between networkingModes did not help for me. However, restarting the Host Network Service (thanks @dingwen07) did it for me.

Starting WSL the first time after the restarting the service logs these messages:

wsl: Failed to create virtual network with address range: '172.23.112.0/20', created new network with range: '172.20.128.0/20', Zugriff verweigert
wsl: Failed to create network endpoint with address: '172.23.122.165', assigned new address: '172.20.139.89'

Not sure if that's normal or not.

Mk-rbv commented 1 month ago

I ran into this issue after updating from Windows 11 23H2 to Windows 11 24H2. Disabling "Virtual Machine Platform" in Windows features and then re-enabling it ended up fixing this issue for me.

Interestingly enough a new virtual network adapter appeared called "vEthernet (WSL (Hyper-V Firewall))" after I did this.

Landmine-1252 commented 1 month ago

I ran into this issue after updating from Windows 11 23H2 to Windows 11 24H2. Disabling "Virtual Machine Platform" in Windows features and then re-enabling it ended up fixing this issue for me.

Interestingly enough a new virtual network adapter appeared called "vEthernet (WSL (Hyper-V Firewall))" after I did this.

Thank you @Mk-rbv

I had to disable both Virtual Machine Platform and Windows Hypervisor Platform, reboot, then enable again and reboot. WSL is working again.

image

chetgurevitch commented 1 month ago

Another case here after updating from 23H2 to 24H2, restarting the Host Network Service did not work for me. After disabling Virtual Machine Platform, rebooting, re-enabling it, and rebooting again WSL negotiated a new address in the reserved 172.16.0.0/12 block and things are back to working. wsl: Failed to create network endpoint with address: '172.XX.XXX.XX', assigned new address: '172.XX.XXX.XXX' Windows Hypervisor Platform doesn't need to be enabled for WSL.

akibanator commented 1 month ago

Any chance the issue is related to Hyper-V? If I disable the option, the issue disappears. Screenshot 2024-10-05 212324 And renable Hyper-V the issue appears again

Sam-you-el commented 1 month ago

Any chance the issue is related to Hyper-V? If I disable the option, the issue disappears. Screenshot 2024-10-05 212324 And renable Hyper-V the issue appears again

Hey, i had been facing the issue with Ubuntu ever since a week *ever since i accidentally upgraded to H24h2) and your suggestion helped me with it, just:

  1. disabling "Hyper-V" and
  2. enabling "Virtual Machine Platform" + "Windows Hypervisor Platform" fixed it for me.

Been dreaded for a week, you helped me! Thanks a ton!

chetgurevitch commented 1 month ago

I only had these Hyper-V features enabled for shrinking WSL VHDs when I ran into the issue, so it might specifically be the Services one. It'd be good for someone who's run into it since updating to 24H2 to grab their logs before resolving it. image

colejohnson66 commented 1 month ago

Restarting "Host Network Service" fixed it for me.

mahtaran commented 1 month ago

I only had these Hyper-V features enabled for shrinking WSL VHDs when I ran into the issue, so it might specifically be the Services one. It'd be good for someone who's run into it since updating to 24H2 to grab their logs before resolving it. image

I've been running into it since a cumulative update this morning (KB5044284). Not sure if it's entirely what you meant, but might still prove useful.

WslNetworkingLogs-2024-10-09_08-05-33.zip

CatalinFetoiu commented 1 month ago

thanks all for reporting the issue and sending logs

We are aware of the problem and we are working on a fix. We will update this thread when the fix will be available

yorek commented 1 month ago

Restarting "Host Network Service" fixed it for me.

Same here

psynyde commented 1 month ago

As a note from a Nix Wsl user. if anyone facing the same issue and want internet to work with it:

frostieDE commented 1 month ago

I also tried all the above workarounds, none of them worked :-(

However what worked for me (for some reason): I just installed another distro (in my case Ubuntu 24.04 LTS). The installation seems to fix the issue for me.

Hope it helps any of you guys, too :-)

jozefizso commented 1 month ago

After upgrade to Windows 24H2 I have this issue with wsl.

wsl --version
WSL version: 2.3.24.0
Kernel version: 5.15.153.1-2
WSLg version: 1.0.65
MSRDC version: 1.2.5620
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26100.2033
wsl: Access is denied.
Error code: CreateInstance/CreateVm/ConfigureNetworking/HNS/E_ACCESSDENIED
wsl: Failed to configure network (networkingMode Nat), falling back to no networking.
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.4 LTS"
inqrphl commented 1 month ago

24H2 update broke my setup as well, before that I was using the mirrored mode without problems, including ipv6 and host dns.

Shutting down wsl and restarting Host Network Service works. If the network does not come up first time doing it, I try until it works.

In optional windows features, I have Hyper-V, fully on -> Hyper-V Management Tools, fully on -> Hyper-V Platform, fully on Windows Machine Platform, fully on Windows Hypervisor Platform, fully on Windows Subsystem for Linux, fully on

PS C:\Users\sorus> wsl --version
WSL version: 2.3.24.0
Kernel version: 5.15.153.1-2
WSLg version: 1.0.65
MSRDC version: 1.2.5620
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26100.2033

PS C:\Users\sorus> wsl --shutdown

Restarting Host Network Service on Services.msc, first time

PS C:\Users\sorus> wsl
wsl: Access is denied.
Error code: CreateInstance/CreateVm/ConfigureNetworking/HNS/E_ACCESSDENIED
wsl: Failed to configure network (networkingMode Nat), falling back to no networking.
Welcome to Ubuntu 24.04 LTS (GNU/Linux 5.15.153.1-microsoft-standard-WSL2 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sun Oct 13 00:42:53 CEST 2024

  System load: 0.24                Memory usage: 4%   Processes:       100
  Usage of /:  4.5% of 1006.85GB   Swap usage:   0%   Users logged in: 0

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

Expanded Security Maintenance for Applications is not enabled.

171 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

3 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm

This message is shown once a day. To disable it please create the
/home/user/.hushlogin file.

user@host:/mnt/c/Users/sorus$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.255.255.254/32 brd 10.255.255.254 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
user@host:/mnt/c/Users/sorus$ exit
logout
PS C:\Users\sorus> wsl --shutdown

Restarting Host Network Service on Services.msc, second time

PS C:\Users\sorus> wsl
wsl: Failed to create network endpoint with address: '172.27.2.65', assigned new address: '172.24.28.102'
user@host:/mnt/c/Users/sorus$ cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

user@host:/mnt/c/Users/sorus$ cat /etc/wsl.conf
[boot]
systemd=true

[wsl2]
networkingMode=mirrored
dnsTunneling=true
autoProxy=true
guiApplications=true
user@host:/mnt/c/Users/sorus$
Ktoto59 commented 1 month ago

It helped to create a .wslconfig in the root folder of a windows user with such content:

[wsl2]
networkingMode=mirrored

wsl --version

WSL version: 2.3.24.0
Kernel version: 5.15.153.1-2
WSLg version: 1.0.65
MSRDC version: 1.2.5620
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26120.1843
lukasamd commented 1 month ago

I had the same issue and mirrored networkingMode was fine, but only temporary - after some network issues, it stopped working at all

I've decided to try restarting Host Network Service and after that everything works fine (without mirrored)

benhillis commented 1 month ago

There are two workarounds for this:

  1. Switch to mirrored networking or virtio proxy networking

Add one of the following to %userprofile%\.wslconfig

[wsl2]
networkingMode=mirroed
#or
networkingMode=virtioProxy
  1. Uninstall KB5041865 while the fix to Windows is rolled out.