Unable to run Docker containers on a different drive than system drive

Expected behavior

Docker containers run on D drive under D:\dockerme

Actual behavior

C:\Program Files\Docker\docker.exe: failed to register layer: re-exec error: exit status 1: output: Failed to OpenForBac
kup failed in Win32: open \?\D:\dockerme\windowsfilter\0e2c6a3e8580ec6a9f1bcc8529603f2c1a15d775be9c124c17ca6caedca5fe17
\Files: Access is denied. (0x1f) \?\D:\dockerme\windowsfilter\0e2c6a3e8580ec6a9f1bcc8529603f2c1a15d775be9c124c17ca6caed
ca5fe17\Files.

Information

Index TimeWritten Message


5515 3/9/2018 4:14:48 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Attempting next endpoint for pull after error: failed to register layer: re-exec error: exit status 1: output: Failed to OpenForBackup failed in Win32: open \?\D:\dockerme\windowsfilter\c8949a98d2330c6b4c9b4e199c0b53d61ab632bb0fcb134b7c48e8f6dc509a42\Files: Access is denied. (0x1f) \?\D:\dockerme\windowsfilter\c8949a98d2330c6b4c9b4e199c0b53d61ab632bb0fcb134b7c48e8f6dc509a42\Files’
5526 3/9/2018 4:18:49 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:‘Windows default isolation mode: process’
5527 3/9/2018 4:18:49 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:’[graphdriver] using prior storage driver: windowsfilter’
5528 3/9/2018 4:18:49 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Graph migration to content-addressability took 0.00 seconds’
5529 3/9/2018 4:18:49 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Loading containers: start.'
5530 3/9/2018 4:18:49 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Restoring existing overlay networks from HNS into docker’
5531 3/9/2018 4:18:51 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'error locating sandbox id 0d55685081b3cc399862741f0b15e326e426218af7950453eec00447b3ff04f8: sandbox 0d55685081b3cc399862741f0b15e326e426218af7950453eec00447b3ff04f8 not found’
5532 3/9/2018 4:18:51 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Failed to start container 6f2084e2f9988f08e4273d01aa385f5f238f4f06958685325bc57fe59386b720: failed to create endpoint pa-gateway on network nat: HNS failed with error : Unspecified error’
5536 3/9/2018 4:19:16 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Loading containers: done.'
5537 3/9/2018 4:19:17 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Daemon has completed initialization’
5538 3/9/2018 4:19:17 PM The description for Event ID ‘11’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:‘Docker daemon’, 'version=17.06.2-ee-6 commit=e75fdb8 graphdriver=windowsfilter’
5539 3/9/2018 4:19:17 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'API listen on //./pipe/docker_engine’
5547 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:‘Windows default isolation mode: process’
5548 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:’[graphdriver] using prior storage driver: windowsfilter’
5549 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Graph migration to content-addressability took 0.00 seconds’
5550 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Loading containers: start.'
5551 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Restoring existing overlay networks from HNS into docker’
5552 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Loading containers: done.'
5553 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Daemon has completed initialization’
5554 3/9/2018 4:27:10 PM The description for Event ID ‘11’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:‘Docker daemon’, 'version=17.06.2-ee-6 commit=e75fdb8 graphdriver=windowsfilter’
5555 3/9/2018 4:27:10 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'API listen on //./pipe/docker_engine’
5556 3/9/2018 4:27:28 PM The description for Event ID ‘1’ in Source ‘docker’ cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:‘Attempting next endpoint for pull after error: failed to register layer: re-exec error: exit status 1: output: Failed to OpenForBackup failed in Win32: open \?\D:\dockerme\windowsfilter\0e2c6a3e8580ec6a9f1bcc8529603f2c1a15d775be9c124c17ca6caedca5fe17\Files: Access is denied. (0x1f) \?\D:\dockerme\windowsfilter\0e2c6a3e8580ec6a9f1bcc8529603f2c1a15d775be9c124c17ca6caedca5fe17\Files’

Steps to reproduce the behavior

Install Docker EE for Windows 2016 ( Standard)

Add daemon.json to C:\ProgramData\docker\config
add setting:
{
“data-root”:“D:\dockerme”
}

restart docker service

run docker container run hello-world:nanoserver

receive error:
C:\Program Files\Docker\docker.exe: failed to register layer: re-exec error: exit status 1: output: Failed to OpenForBac
kup failed in Win32: open \?\D:\dockerme\windowsfilter\fb49a84def119babe3e2b4c2d8718bc8281d2ff82c8ce9c0c8875b362d0c9e56
\Files: Access is denied. (0x1f) \?\D:\dockerme\windowsfilter\fb49a84def119babe3e2b4c2d8718bc8281d2ff82c8ce9c0c8875b362
d0c9e56\Files.

I’m guessing no one has run into this issue before?

Up to top to see if anyone else has seen this

You are supposed to escape \, so it shall be "data-root" : "d:\\images\\"

I actually didn’t have an issue with previous setup either, but tried yours anyway. Still getting same error as in the original post . Also checked to make sure administrator is the owner for my folder on d drive and all seems to be setup accurately.

Docker sees the d drive and creates all logical folders except it fails when creating the containers. I’m not sure why the exact same security allows Docker to create temp folders and files under the same directory, but cannot populate the containers.

I have the same problem. Similarly, my installation creates directories on drive D: but fails when trying to create the image and it never puts anything into windowsfilter.
In addition to fiddling with the daemon.json file, dockerd command line parameters and folder permissions I have tried another suggested fix which is to create a directory junction (mklink /J in a cmd shell) pointing to the required location on drive D. This solution failed too. For some reason Docker does not use the link.
Am I expecting too much from Docker ee on Windows Server 2016?

I am having the same issue. Everything I have read to-date and tried over the past 2 weeks have failed; this included (but not limited to): 1) Un-installing McAfee; 2) Defining a link, 3) Running the Debug-ContainerHost PowerShell script and resolving all identified issues; 4) Different versions of Docker; 5) Running Docker service under a variety of accounts (LocalSystem, AD service account defined as a local Admin, etc.). Working with Microsoft now since they provide support for Docker EE on Windows Server 2016. This has been an extremely frustrating issue.

Let us know what it end up being after case is resolved. I run it this way (data-root on different drive) on both local machine and in production with no issues.

This thread has been stale for almost 2 weeks now. Has anyone here found a solution to this?

My company uses VM Ware based VMs for running server workloads. It’s running on a Windows 2016 Server with a C Drive for OS and an E Drive for Applications and Data. I have been assured by our Infrastructure and Networking team that there is no difference between the drives.

I’m using version 17.06.2-ee-13 for both the client and the server.

Here is the error:

C:\Program Files\Docker\docker.exe: failed to register layer: re-exec error: exit status 1: output: Failed to open Relative failed in Win32: open \?\E:\docker\windowsfilter\033d602798d8c66ec80cba68dbd6c942dc2d2a17da6dc85b1c8f525d6bd9ce7c\Files: Access is denied. (0x1f) Files.

Thanks to one of my colleagues, we have a solution.
Update: Removed unnecessary steps that are not required.
These are the steps you will need:
1- Open Local Security Policy
2- Find Audit Removable Storage
3- Enable Configure the following events > check both success and failure
4- Close Local Security Policy
5- Re-open Local Security Policy and uncheck those settings you just applied in step 3 and hit Apply.
6- Restart your server.

All works like a charm now.

Removed as no longer required


After trial and error a few times, figured out that the only thing you need to do from all these settings I posted above, in most scenarios, is to
1- Open Local Security Policy
2- Find Audit Removable Storage
3- Enable Configure the following events > check both success and failure
4- Close Local Security Policy
5- Re-open Local Security Policy and uncheck those settings you just applied in step 3 and hit Apply.
6- Restart your server.

Enjoy


2 Likes

@aliduran - Thank you!!! I will be honest I didn’t think this was going to work, but it did. Your last post is 100% correct. All you have to do are the 6 Local Security Policy steps.

I want to make sure people know you DO NOT have to do anything in Device Manager.

This was very important for us to solve. Thanks again!

1 Like

No problem, glad it worked out for you as well


@aliduran, Thank you very much!! Your solution works.

@wussoweveri, Thank you for confirmation that it worked! Can’t imagine what this step has to do with this error, but it works!

Hi @aliduran
I ran into an issue where I am trying to install Docker 18.09.5 on VM Windows 2016 1607 OS Build 14393.2273 64 bit
I managed to install Docker however unable to move the data folders to D:Drive
The Docker Engine Service will not start or immediately goes to stopped state when I do the following

stop-service docker
dockerd --unregister-service
dockerd --register-service --data-root D:\ProgramData\docker
start-service docker

When I go to regedit and edit the docker image path with below then only docker engine service seems to be running

I have tried your suggested steps on Local Policy and did restart the server and Its not working
Please advise