IT, Cloud, Windows Etc

To content | To menu | To search

Tag - Windows 2016

Entries feed - Comments feed

Friday 3 June 2016

Docker Error in Windows 2016 TP5

You want to test Docker a little deeper and you decide to install it on Windows 2016 TP5 Core. This installation process is simple

/// Ps>Install-WindowsFeature containers Ps>Install-packageprovider ContainerImage –force PS>install-containerimage –name WindowServerCore ///

Finally you install the script in https://aka.ms/tp5/Update-Container-Host to install Docker components

/// PS>invoke-webrequest https://aka.ms/tp5/Update-Container-Host -outfile update-containerhost.ps1 PS>.\update-containerhost.ps1 ///

But something wrong happen.

Docker doesn’t run and you get this error message : dockererror.png

Don’t thinks about any error related to your network.

The answer is a little more simple
First you did not use an elevated prompt to install the container
So stop the docker service
Open an elevated powershell prompt Start-Process PowerShell –Verb RunAs
And re-run the update-containerhost.ps1 script Then go to the c:\programmdata\docker You should notice that there is no tag.txt file This file is necessary to run Docker, so create an empty one (notepad tag.txt) Docker should run now.

Sunday 6 March 2016

Nat in Windows 2016 Hyper-v

Windows Server 2016 TP 4 include a NAT mode for VmSwitch. Even if this feature is built for container, you can use it for all VM. The NAT engine is part of the Windows core routing engine. Nat VmSwitch will have the save limit.

The process is very simple, create a vmSwtich in NAT mode and Create NAT Policy in windows

$Subnet = "192.168.100.0/23"

New-VmSwitch –name SwNat -SwitchType NAT -NatSubnetAddress $Subnet
New-NetNat -Name NatPolicy -InternalIPInterfaceAddressPrefix $Subnet

The NatSubnetAdress and InternalIPInterfaceAddressPrefix must be the Same.

For now, it’s seem that you can only have one Nat Policy with an internal Ip interface. You will have an error If you already have a Nat Policy. It is the case if you test the container on the same host.

If so you can remove the nat policy if you don’t want to use

Get-netnat | remove-netnat 

Or you can simply use it. In this case, the subnet is 172.16.0.0/12

If you want more detail about NetNat you can use

PS>get-command –module NetNat

get-command.png

Get-netnat give you more detail about the netnat object
get-netnat.png

Get-NetNatExternalAddress will give you all external address used in the Nat instance.

Now you can setup a VM and plug it on the Nat Switch You will need to use an IP address in the subnet 192.168.100.0/23. The default gateway is 192.168.100.1.

Check that you can access to internet. Now you can map a service to your VM, a destination NAT.

Add-NetNatStaticMapping -NatName NatPolicy  -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.100.25 -InternalPort 80 -ExternalPort 80

This will create destination map from everywhere to the VM with 192.168.100.25 IP using standard http port.

Nat feature is a good solution for a containers host or a lab environment. With all this limitation you should use a more robust tool. You can choose Sophos UTM in VM or a windows 2012 R2/2016 with RAS or any other firewall/network virtual appliance.