Docker Community Forums

Share and learn in the Docker community.

An attempt was made to access a socket in a way forbidden by its access permissions


(Harsh Singh) #1

Expected behavior

Docker pull works

Actual behavior

Docker pull does not work

Information

Windows 10 firewall is off

Log:
[18:11:08.955][Proxy ][Info ] 2016/04/16 18:11:08 Dial 10.0.75.2:2375
[18:11:08.966][Proxy ][Info ] 2016/04/16 18:11:08 Dial IP 10.0.75.2:2375
[18:11:09.009][Proxy ][Info ] 2016/04/16 18:11:09 proxy << GET /v1.23/info
[18:11:09.062][Proxy ][Info ] 2016/04/16 18:11:09 proxy >> POST /v1.23/images/create?fromImage=ubuntu&tag=latest
[18:11:09.072][Proxy ][Info ] 2016/04/16 18:11:09 Dial 10.0.75.2:2375
[18:11:09.080][Proxy ][Info ] 2016/04/16 18:11:09 Dial IP 10.0.75.2:2375
[18:11:09.267][Proxy ][Info ] 2016/04/16 18:11:09 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:09.278][Proxy ][Info ] 2016/04/16 18:11:09 Waiting for the port/IP to become available
[18:11:14.268][Proxy ][Info ] 2016/04/16 18:11:14 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:14.276][Proxy ][Info ] 2016/04/16 18:11:14 Waiting for the port/IP to become available
[18:11:19.269][Proxy ][Info ] 2016/04/16 18:11:19 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:19.277][Proxy ][Info ] 2016/04/16 18:11:19 Waiting for the port/IP to become available
[18:11:24.128][Proxy ][Info ] 2016/04/16 18:11:24 proxy << POST /v1.23/images/create?fromImage=ubuntu&tag=latest
[18:11:24.269][Proxy ][Info ] 2016/04/16 18:11:24 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:24.277][Proxy ][Info ] 2016/04/16 18:11:24 Waiting for the port/IP to become available
[18:11:29.270][Proxy ][Info ] 2016/04/16 18:11:29 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:29.278][Proxy ][Info ] 2016/04/16 18:11:29 Waiting for the port/IP to become available
[18:11:34.271][Proxy ][Info ] 2016/04/16 18:11:34 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:34.278][Proxy ][Info ] 2016/04/16 18:11:34 Waiting for the port/IP to become available
[18:11:39.272][Proxy ][Info ] 2016/04/16 18:11:39 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:39.280][Proxy ][Info ] 2016/04/16 18:11:39 Waiting for the port/IP to become available
[18:11:44.272][Proxy ][Info ] 2016/04/16 18:11:44 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:44.280][Proxy ][Info ] 2016/04/16 18:11:44 Waiting for the port/IP to become available
[18:11:49.272][Proxy ][Info ] 2016/04/16 18:11:49 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:49.280][Proxy ][Info ] 2016/04/16 18:11:49 Waiting for the port/IP to become available
[18:11:54.272][Proxy ][Info ] 2016/04/16 18:11:54 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:54.280][Proxy ][Info ] 2016/04/16 18:11:54 Waiting for the port/IP to become available
[18:11:59.273][Proxy ][Info ] 2016/04/16 18:11:59 listen udp 10.0.75.1:53: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
[18:11:59.280][Proxy ][Info ] 2016/04/16 18:11:59 Waiting for the port/IP to become available


(Vincent De Smet) #2

is any process using this port 53 udp?

netstat -aon | findstr :53

(Harsh Singh) #3

C:\Windows\System32\svchost.exe is using that port

I do have skype and globalprotect vpn which may be messing with things, but
I’m not sure.

Peace

Harsh Singh


(Vincent De Smet) #4

svchost is just the host process for Windows Services, you can find which services are running under that process id with the following command:

tasklist /SVC | findstr <process-id>

I have a lot more tips on trouble shooting and how the beta client works in my blog post: http://docker-saigon.github.io/post/Docker-Beta/

Once you have a good idea which service is using the port, you will need to decide if you can kill it as the docker proxy needs to use that port (see in the article)


(Harsh Singh) #5

Here is what I found: Sorry I didn’t reply sooner, the notify email skipped my inbox.

svchost.exe 584 Appinfo, Browser, CertPropSvc, DoSvc,
gpsvc, IKEEXT, iphlpsvc, LanmanServer,
lfsvc, ProfSvc, Schedule, SENS, SessionEnv,
SharedAccess, ShellHWDetection, Themes,
UserManager, Winmgmt, wuauserv


(Harsh Singh) #6

Following your post, This looks interesting:

Get-VMIntegrationService -VMName MobyLinuxVM -Name “Key-Value Pair Exchange” | fl

IsClustered : False
Enabled : True
OperationalStatus : {Ok, ProtocolMismatch}
PrimaryOperationalStatus : Ok
PrimaryStatusDescription : OK
SecondaryOperationalStatus : ProtocolMismatch
SecondaryStatusDescription : The protocol version of the component installed in the virtual machine does not match the version expected by the hosting system
StatusDescription : {OK, The protocol version of the component installed in the virtual machine does not match the version expected by the hosting system}
Name : Key-Value Pair Exchange
Id : Microsoft:844BB857-BAA4-4162-80A6-BA5B7898FCE1\2A34B1C2-FD73-4043-8A5B-DD2159BC743F
VMId : 844bb857-baa4-4162-80a6-ba5b7898fce1
VMName : MobyLinuxVM
VMSnapshotId : 00000000-0000-0000-0000-000000000000
VMSnapshotName :
CimSession : CimSession: .
ComputerName : DESKTOP-F5F8B1C
IsDeleted : False
VMCheckpointId : 00000000-0000-0000-0000-000000000000
VMCheckpointName :


(Harsh Singh) #7

PS C:\Users\harsingh.babun\cygwin\home\harsingh> New-NetFirewallRule -Name “DockerTcp” -DisplayName “DockerTcp” `

-Program “C:\Program Files\Docker\Docker\resources\com.docker.proxy.exe” -Protocol TCP `
-Profile Any -EdgeTraversalPolicy DeferToUser -Enabled True
New-NetFirewallRule : Cannot create a file when that file already exists.
At line:1 char:1

  • New-NetFirewallRule -Name “DockerTcp” -DisplayName “DockerTcp” `
  •   + CategoryInfo          : ResourceExists: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetF
     irewallRule], CimException
      + FullyQualifiedErrorId : Windows System Error 183,New-NetFirewallRule
    
    

PS C:\Users\harsingh.babun\cygwin\home\harsingh>
PS C:\Users\harsingh.babun\cygwin\home\harsingh> New-NetFirewallRule -Name “DockerUdp” -DisplayName “DockerUdp” `

-Program “C:\Program Files\Docker\Docker\resources\com.docker.proxy.exe” -Protocol UDP `
-Profile Any -EdgeTraversalPolicy DeferToUser -Enabled True
New-NetFirewallRule : Cannot create a file when that file already exists.
At line:1 char:1

  • New-NetFirewallRule -Name “DockerUdp” -DisplayName “DockerUdp” `
  •   + CategoryInfo          : ResourceExists: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetF
     irewallRule], CimException
      + FullyQualifiedErrorId : Windows System Error 183,New-NetFirewallRule
    
    

PS C:\Users\harsingh.babun\cygwin\home\harsingh> Get-VMComPort -VMName MobyLinuxVM | fl | Out-String

Path : \.\pipe\MobyLinuxVM-com1
DebuggerMode : On
Name : COM 1
Id : Microsoft:844BB857-BAA4-4162-80A6-BA5B7898FCE1\8E3A359F-559A-4B6A-98A9-1690A6100ED7\0
VMId : 844bb857-baa4-4162-80a6-ba5b7898fce1
VMName : MobyLinuxVM
VMSnapshotId : 00000000-0000-0000-0000-000000000000
VMSnapshotName :
CimSession : CimSession: .
ComputerName : DESKTOP-F5F8B1C
IsDeleted : False
VMCheckpointId : 00000000-0000-0000-0000-000000000000
VMCheckpointName :

Path :
DebuggerMode : Off
Name : COM 2
Id : Microsoft:844BB857-BAA4-4162-80A6-BA5B7898FCE1\8E3A359F-559A-4B6A-98A9-1690A6100ED7\1
VMId : 844bb857-baa4-4162-80a6-ba5b7898fce1
VMName : MobyLinuxVM
VMSnapshotId : 00000000-0000-0000-0000-000000000000
VMSnapshotName :
CimSession : CimSession: .
ComputerName : DESKTOP-F5F8B1C
IsDeleted : False
VMCheckpointId : 00000000-0000-0000-0000-000000000000
VMCheckpointName :


(Mochawich) #9

In case you have Acrylic DNS Proxy make sure it is not running