I've been pulling my hair out over this one. Somewhere along the line, it seems some old port mappings have been left in my windows server 2016 docker server and it is impossible to remove them. This is the command I'm trying to run and the error:
PS C:\Users\...\Desktop> Get-NetNatStaticMapping | Remove-NetNatStaticMapping
Confirm
Are you sure you want to perform this action?
Performing operation Delete on Target H54d664a6-523c-4452-b137-d66701623488;20;0 PolicyStore Local
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
Remove-NetNatStaticMapping : The requested operation is not supported.
At line:1 char:27
+ Get-NetNatStaticMapping | Remove-NetNatStaticMapping
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_NetNatStat...b4d01327e;6...):root/StandardCi...atStaticMapping)
[Remove-NetNatStaticMapping], CimException
+ FullyQualifiedErrorId : Windows System Error 50,Remove-NetNatStaticMapping
Remove-NetNatStaticMapping : The requested operation is not supported.
At line:1 char:27
+ Get-NetNatStaticMapping | Remove-NetNatStaticMapping
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MSFT_NetNatStat...701623488;2...):root/StandardCi...atStaticMapping)
[Remove-NetNatStaticMapping], CimException
+ FullyQualifiedErrorId : Windows System Error 50,Remove-NetNatStaticMapping
The below command shows the two port mappings...
PS C:\Users\...\Desktop> Get-NetNatStaticMapping
StaticMappingID : 20
NatName : H54d664a6-523c-4452-b137-d66701623488
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 443
InternalIPAddress : 172.20.95.205
InternalPort : 443
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : False
StaticMappingID : 6
NatName : H68dfe202-0efd-480b-b78a-53ab4d01327e
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 443
InternalIPAddress : 172.31.142.210
InternalPort : 443
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : False
I automated the uninstall and reinstall of docker on windows server 2016 and have tried all the usual tricks.
Below are the commands I'm using to uninstall docker on the airgapped server:
docker rm -f $(docker ps --all --quiet)
docker system prune --all --volumes -f
Stop-Service docker -Verbose
Stop-Service hns -Verbose
Get-ContainerNetwork | Remove-ContainerNetwork
Get-NetNat | Remove-NetNat -Confirm:$false
Get-VMSwitch -name nat | Remove-VMSwitch -Confirm:$false
Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force
Remove-WindowsFeature -Name Containers -Verbose
Remove-WindowsFeature -Name Hyper-V -Verbose
Remove-Item C:\ProgramData\Microsoft\Windows\HNS\hns.data -Force
Even still I'm unable to remove the port mappings, and later when trying to run another docker image with port 443 forwarded to the container, I'm given the error:
failed to create endpoint
container_name on network nat: HNS failed with error : The object already exists.
I'm starting to think my only option is to restore the server to a point in time earlier this week.
Any help is greatly appreciated!
In order to get past the issue...delete the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}
After deleting the key, the I would get empty results from the commands:
Get-NetNat
Get-NetNatStaticMapping
For reference the answer came from a discussion on a blog post here:
https://www.thomasmaurer.ch/2016/05/set-up-a-hyper-v-virtual-switch-using-a-nat-network/
In this comment:
i was able to solve the “Invalid Operation”-Error. Actually, the Mircosoft Consultant that i share my office with, was able to track this down ;-) To remove the NetNat, that i couldn´t remove with the powershell-command, i had to delete the following registry-key:
HKLM\System\CurrentControlSet\Control\NSI{eb004a20-…..7759bc}\6\….
The key was the same on two different machines, so this might be always the same GUID. After deletion, the NetNat was gone and i was finally able to create a new one. This then worked as expected.
Best regards,
Sebastian