Docker run hello-world - Get "https://registry-1.docker.io/v2/": Service Unavailable

dockerthrowaway123 · June 29, 2022, 11:20pm

This probably doesn’t apply to most of you, but we found that one of our clients had a DLP software solution (Forcepoint / Websense) that was causing this problem. The DLP software didn’t report any blocks in the portal or anything inside of the UI. This was a known problem with a new version of this DLP software and they had a workaround on their support pages (whitelisting stuff like vpnkit-bridge, a docker path, etc.).

Again, this was probably a unique scenario but thought I would post it here as we were going a little crazy diagnosing this. In no particular order, here are a few things we did with their test PC (to no avail):

Verified no outbound communication was happening to those IPs (network firewall)
Uninstall AV & EPS
Downgraded to older versions of Docker Desktop
Uninstalled recent Windows Updates

hbawani · July 15, 2022, 7:32pm

I can confirm this issue is not resolved (at least for me) and I still get the same error when trying to pull images.

Error response from daemon: Get “https://registry-1.docker.io/v2/”: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

lfthiang · July 28, 2022, 7:53am

I have resorted to reformat and reinstall my laptop.
Docker Desktop for Windows 4.10.1 works now. That means it is unlikely to be a compatibility issue with my company’s security software, network, etc.
Pray hard that it continues to work.

github.com/docker/for-win

docker pull ... Error response from daemon: Get "https://registry-1.docker.io/v2/": ...

opened 01:49AM - 26 May 22 UTC

lfthiang

## Diagnostics ID - [X] I have tried with the latest version of Docker Des…ktop - [X] I have tried disabling enabled experimental features - [X] I have uploaded Diagnostics - Diagnostics ID: 26624E28-712F-4563-B4F6-7768405E55A1/20220526011441 ### Actual behavior Unable to docker pull images (or access network). ### Expected behavior Should be able to docker pull images. ### Information - Is it reproducible? Yes - Is the problem new? No. I first had the issue in Mar with Docker Desktop for Windows 4.5.1 See https://forums.docker.com/t/docker-run-hello-world-get-https-registry-1-docker-io-v2-service-unavailable/122531 I am still having issue with the current version 4.8.2 (79419) - Did the problem appear with an update? No. I was using Docker Desktop 4.5.1 with no issue. It just appears one day. Please refer to my post on Docker forum https://forums.docker.com/t/docker-run-hello-world-get-https-registry-1-docker-io-v2-service-unavailable/122531 From what I know, there was no Windows update & I did not change any software either. - A reproducible case if this is a bug, Dockerfiles with reproduction inside is best. Please see steps to reproduce the behaviour below. - Windows Version: Windows 10 Education version 21H2 OS build 19044.1586 - Docker Desktop Version: 4.8.2 (79419) - WSL2 or Hyper-V backend? WSL2 - Are you running inside a virtualized Windows e.g. on a cloud server or a VM: No. Running native on my laptop ### Output of `& "C:\Program Files\Docker\Docker\resources\com.docker.diagnose.exe" check` Starting diagnostics [PASS] DD0027: is there available disk space on the host? [PASS] DD0028: is there available VM disk space? [PASS] DD0031: does the Docker API work? [PASS] DD0004: is the Docker engine running? [PASS] DD0011: are the LinuxKit services running? [PASS] DD0016: is the LinuxKit VM running? [PASS] DD0001: is the application running? [SKIP] DD0018: does the host support virtualization? [PASS] DD0002: does the bootloader have virtualization enabled? [PASS] DD0017: can a VM be started? [PASS] DD0024: is WSL installed? [PASS] DD0021: is the WSL 2 Windows Feature enabled? [PASS] DD0022: is the Virtual Machine Platform Windows Feature enabled? [PASS] DD0025: are WSL distros installed? [PASS] DD0026: is the WSL LxssManager service running? [PASS] DD0029: is the WSL 2 Linux filesystem corrupt? [PASS] DD0015: are the binary symlinks installed? [PASS] DD0003: is the Docker CLI working? [PASS] DD0013: is the $PATH ok? [FAIL] DD0005: is the user in the docker-users group? The specified domain either does not exist or could not be contacted. [PASS] DD0007: is the backend responding? [PASS] DD0014: are the backend processes running? [PASS] DD0008: is the native API responding? [PASS] DD0009: is the vpnkit API responding? [PASS] DD0010: is the Docker API proxy responding? [PASS] DD0006: is the Docker Desktop Service responding? [FAIL] DD0012: is the VM networking working? network checks failed: failed to ping host: exit status 1 [2022-05-26T01:41:54.285207400Z][com.docker.diagnose.exe][I] ipc.NewClient: b0531f5d-diagnose-network -> \\.\pipe\dockerDiagnosticd diagnosticsd [common/pkg/diagkit/gather/diagnose.runIsVMNetworkingOK() [ common/pkg/diagkit/gather/diagnose/network.go:34 +0xdd [common/pkg/diagkit/gather/diagnose.(*test).GetResult(0x1251960) [ common/pkg/diagkit/gather/diagnose/test.go:46 +0x43 [common/pkg/diagkit/gather/diagnose.Run.func1(0x1251960) [ common/pkg/diagkit/gather/diagnose/run.go:17 +0x5a [common/pkg/diagkit/gather/diagnose.walkOnce.func1(0x2?, 0x1251960) [ common/pkg/diagkit/gather/diagnose/run.go:140 +0x77 [common/pkg/diagkit/gather/diagnose.walkDepthFirst(0x1, 0x1251960, 0xc000079730) [ common/pkg/diagkit/gather/diagnose/run.go:146 +0x36 [common/pkg/diagkit/gather/diagnose.walkDepthFirst(0x0, 0xcb00000012?, 0xc000079730) [ common/pkg/diagkit/gather/diagnose/run.go:149 +0x73 [common/pkg/diagkit/gather/diagnose.walkOnce(0xc1a960?, 0xc00025f890) [ common/pkg/diagkit/gather/diagnose/run.go:135 +0xcc [common/pkg/diagkit/gather/diagnose.Run(0x1251f60, 0xc14300?, {0xc00025fb20, 0x1, 0x1}) [ common/pkg/diagkit/gather/diagnose/run.go:16 +0x1cb [main.checkCmd({0xc0000a63b0?, 0xc0000a63b0?, 0x4?}, {0x0, 0x0}) [ common/cmd/com.docker.diagnose/main.go:132 +0x105 [main.main() [ common/cmd/com.docker.diagnose/main.go:98 +0x27f [2022-05-26T01:41:54.285207400Z][com.docker.diagnose.exe][I] (795d3539) b0531f5d-diagnose-network C->S diagnosticsd POST /check-network-connectivity: {"ips":["172.17.64.1","192.168.16.1","192.168.199.1","192.168.52.1","192.168.10.115"]} [2022-05-26T01:41:54.838944900Z][com.docker.diagnose.exe][W] (795d3539) b0531f5d-diagnose-network C<-S 46c4b8e0-diagnosticsd POST /check-network-connectivity (553.7375ms): failed to ping host: exit status 1 [FAIL] DD0032: do Docker networks overlap with host IPs? network bridge has subnet 172.17.0.0/16 which overlaps with host IP 172.17.64.1 [SKIP] DD0030: is the image access management authorized? [PASS] DD0033: does the host have Internet access? Please investigate the following 3 issues: 1 : The test: is the user in the docker-users group? Failed with: The specified domain either does not exist or could not be contacted. The current user must be member of the docker-users group. Press the Win + R keys to open Run, type lusrmgr.msc into Run, followed by Enter to open Local Users and Groups. 2 : The test: is the VM networking working? Failed with: network checks failed: failed to ping host: exit status 1 VM seems to have a network connectivity issue. Please check your host firewall and anti-virus settings in case they are blocking the VM. 3 : The test: do Docker networks overlap with host IPs? Failed with: network bridge has subnet 172.17.0.0/16 which overlaps with host IP 172.17.64.1 If the subnet used by a Docker network overlaps with an IP used by the host, then containers won't be able to contact the overlapping IP addresses. Please try configuring the IP address range used by networks: in your docker-compose.yml. See https://docs.docker.com/compose/compose-file/compose-file-v2/#ipv4_address-ipv6_address #### Notes on the diagnostic results - Failed with: The specified domain either does not exist or could not be contacted. I am not on my corporate network when I ran the diagnostic tool. - Failed with: network bridge has subnet 172.17.0.0/16 which overlaps with host IP 172.17.64.1 I had tried changing the subnet range by adding the following lines to daemon.json via Settings > Docker Engine. This diagnostic is gone but I still have the "docker pull" problem. ``` "default-address-pools": [ {"base":"10.10.0.0/16","size":24} ] ``` ### Steps to reproduce the behavior ``` C:\>docker pull python:3-slim Error response from daemon: Get "https://registry-1.docker.io/v2/": unable to connect to 52.72.255.218:443. Do you need an HTTP proxy? C:\>docker run hello-world Unable to find image 'hello-world:latest' locally docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": unable to connect to 54.144.118.70:443. Do you need an HTTP proxy?. See 'docker run --help'. ```

No response at GitHub forum still. You may wish to upload diagnostic data and add your diagnostic data ID to the above GitHub post.

latchmandeen1991 · September 7, 2022, 1:07pm

Indeed it was Forcepoint DLP software, Disabled it and problem solved!!! Thanks @dockerthrowaway123

rbuick · February 6, 2023, 12:50pm

I’ve been chasing the same problem, amongst others, where I installed Docker Desktop on Ubuntu, got it running and then managed to break, somehow.

I ran it with ‘docker run -h localhost hello-world’

kanamaru0271 · March 15, 2023, 4:35am

I had a same problem.
In my case, I downgraded Docker to 4.4.4 and it worked.
I haven’t tried it on any other versions, so I don’t know which version it will work on.

It may be a dependency issue between Windows and Docker.
Because it was working fine before I updated Windows.