Cannot Ping The Outside World

Hi all,

I have been experimenting with containers on a Windows Server machine and have noticed I cannot seem to ping anything outside the container such as, I notice that the DNS resolution does work though. Below are a few combinations and attempts at getting a successful ping, if anyone could review and suggest a reason/fix for the behaviour it would be much appreciated

System Info

Windows Server Machine:

CompositionEditionID      : ServerStandard
CurrentBuild              : 14393
CurrentMajorVersionNumber : 10
CurrentMinorVersionNumber : 0
CurrentVersion            : 6.3
EditionID                 : ServerStandard
InstallationType          : Server
ProductName               : Windows Server 2016 Standard
ReleaseId                 : 1607
SoftwareType              : System
UBR                       : 2551

Installed Docker:

> docker --version

Docker version 18.06.1-ce, build e68fc7a


First I tried to just ping with a busybox container which all packets failed with. Note that the DNS was resolved correctly.

> cat /etc/resolv.conf

# This configuration is written to the config.iso
domain localdomain

> docker run -it --rm busybox ping -w1

PING ( 56 data bytes

--- ping statistics ---

2 packets transmitted, 0 packets received, 100% packet loss

I then attempted to set DNS to Google’s DNS settings (which I assumed wouldn’t help but give ago anyway) and got the same results:

> cat /etc/resolv.conf


> docker run -it --dns= --rm busybox ping -w1

PING ( 56 data bytes

--- ping statistics ---

2 packets transmitted, 0 packets received, 100% packet loss

As a test to verify it wasn’t a bug with BusyBox I attempted pinging from an Alpine image too:

> docker run -it alpine ping -w1
PING ( 56 data bytes

--- ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss


I face a similar problem with reaching the world outside the container. I have managed to install and start an ASP.NET web-Application in a Windows Hyper-V container. My problem however is that this Application authenticates against SQL server DB . As I can connect outside the container, neither authentication nor ongoing DB Communications works. How can go about to make it possible to connect outside of the container. All help is very much appreciated!

Try to disable any antivirus/firewall on your system.

Thanks! :slight_smile:
I see I was too sleepy when I wrote my post… I can not connect outside of the container and that is why my authentication etc fail. So my initial problem is actually that I can not even reach my host. Reading up on this, I have found that e.g. Linux containers can be started with “–network host” and as far as I understand, that will give the container some kind of connection to the host network stack. This option does not seem to be available for Hyper V containers, so I wonder if anyone knows if there is a way to access the outside world’s network from within a Hyper V container.

We ran into this problem a little while ago, and we discovered that an extra virtual network adapter had been created that had no Internet connectivity, and Docker had decided that that’s the adapter it was going to use.

Run this (in powershell) from the machine that you’re hosting on: Get-NetAdapter

  • for us the offending adapter had a status of “unknown”

After you find the adapter you’ll want to run: Disable-NetAdapter [however you’re identifying it]
Then: Restart-Service Docker

Caveat: we’ve seen the adapter turn back on even after being disabled. Your choices are to either write some startup script to deal with it, or just rebuild the machine from scratch.

  • We couldn’t find a way to remove the adapter using just powershell in headless-windows, so we opted to just blow the machine away and rebuild it. Was light-weight enough that it didn’t matter too much? You should be able to remove it in the device manager if you’re running the GUI version of 2016, but if you’re on a later edition than that your options are kinda limited/annoying (honestly, I’m really hoping that we missed something, because it seems like a gross oversight for Microsoft to not include something like that)

I’ll have a closer look at this! :+1: