Unable to connect to private container IP

Docker Desktop for Windows
#1

Docker version 17.06.2-ce, build cec0b72

Something has gone wrong with networking for my Docker Windows containers. I have a microsoft/mssql-windows-server container which exposes port 1433:1433. The container is assigned private network address 172.29.179.162 from the Docker “nat” network and ipconfig /all inside the container is:
Ethernet adapter Ethernet 2:

IPv4 Address. . . . . . . . . . . : 172.29.179.162(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 172.29.176.1
DNS Servers . . . . . . . . . . . : 172.29.176.1
192.168.0.16
192.168.0.18

From the host, I’m unable to ping the container at 172.29.179.162 (or connect SSMS to 172.29.179.162:1433). This was all working at the start but isn’t working any longer.

I tried resetting container networking using Microsoft’s WindowsContainerNetworking-LoggingAndCleanupAide.ps1 -Cleanup -ForceDeleteAllSwitches as recommended elsewhere, but that made no difference.

The Microsoft Debug-ContainerHost.ps1 script complains that it cannot find a Hyper-V switch called “nat”, and there is indeed no switch of that name, only DockerNAT (10.0.75.1/255.255.255.0) and Layered_Ethernet, which doesn’t appear at all in Control Panel | Network and Internet | Network Connections, not sure if that is expected or not. At times I’ve also seen a HNS adapter in Network Connections, but that is gone after the last cleanup and force delete switches.

Describing Container network is created
Get-VMSwitch : Hyper-V was unable to find a virtual switch with name “nat”.
At E:\docker\tools\Debug-ContainerHost.ps1:165 char:22

  • … $switchType = (Get-VMSwitch -SwitchName $natVMSwitchName).Switch .
  •                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[+] At least one local container network is available 3.67s
[+] At least one NAT, Transparent, or L2Bridge Network exists 39ms
[-] NAT Network’s vSwitch is internal 102ms
Expected: {Internal}
But was: {}
211: $switchType | Should Be "Internal"
at , E:\docker\tools\Debug-ContainerHost.ps1: line 211
[+] A Windows NAT is configured if a Docker NAT network exists 508ms
[-] Specified Network Gateway IP for NAT network is assigned to Host vNIC 56
Expected: {True}
But was: {False}
235: $vmNicGatewayIPExists | Should Be $true
at , E:\docker\tools\Debug-ContainerHost.ps1: line 235
[+] NAT Network’s internal prefix does not overlap with external IP’ 39ms

I’ve tried uninstalling Docker for Windows and removing the Hyper-V roles then re-installing everything again, no difference.

I found a few articles that said to add a Windows route from 172.0.0.0/255.0.0.0 to 10.0.75.2 which also didn’t help. (Not sure why it is 10.0.75.2 when the DockerNAT adapter is on 10.0.75.1, but a route to that IP makes no difference either).

This has been driving me nuts now for the best part of a day. Any suggestions greatly appreciated!

#2

UPDATE: It turns out that uninstalling Docker didn’t cleanup everything from C:\ProgramData\Docker. After the Docker uninstall completed, I manually removed C:\ProgramData\Docker (after a reboot because it said some files were in use, although procexp didn’t show any processes with handles to C:\ProgramData\Docker). I also removed the Hyper-V role again, then manually removed all of its vSwitches using a cut-down version of the Microsoft cleanup aide script, plus Device Manager (to remove the network adapters) and regedit (to remove some left over Hyper-V vSwitch entries). A reboot later and there was no sign of either Hyper-V or Docker, so I re-installed both.

This time, when I switched Docker from Linux to Windows containers, it created both a DockerNAT and HNS Internal NIC vEthernet switches, with the latter bound to 172.x.x.x network.

image
image.png945×594 24.9 KB

After creating a new container, I was able to ping it’s 172.x.x.x address from the host. Now to figure out how to give that container access to the Internet for installing Chocolatey packages to it!