Docker port bind fails. Why a "permission denied"?

Question

I'm trying to start a jenkinsci/blueocean container under Windows 10 Pro (latest). I'm running a script:

docker run ^
  --rm ^
  -u root ^
  -d ^
  -p 8080:8080 ^
  -p 50000:50000 ^
  -v D:/docker/jenkins/volumes/jenkins-data:/var/jenkins_home ^
  -v D:/docker/jenkins/volumes/docker.sock:/var/run/docker.sock ^
  -v D:/docker/jenkins/volumes/home:/home ^
  jenkinsci/blueocean

This fails with the following message:

docker: Error response from daemon: 
  driver failed programming external connectivity on endpoint elastic_kare: 
  Error starting userland proxy: 
    Bind for 0.0.0.0:50000: unexpected error Permission denied

If I leave out the binding of port 50000 it works fine, but I need the 50000 port to communicate with the slaves on the host.

Binding 50000 to another port doesn't help. The port is not in use, according to netstat -an. Trying to run the script as Administrator didn't help.

What could be the issue here?

update: I restarted my laptop and updated Docker Desktop to the latest version as well.

update2: after restarting laptop I restarten Docker (several times) as well. To no avail.

update3: shutting down the Windows Firewall did not solve the problem.

Answer 1

If you're running Docker on Windows then it will be using Hyper-V - I've found that Hyper-V reserves a bunch of ports - you can find out by running this:

netsh interface ipv4 show excludedportrange protocol=tcp

On my machine I could see it had reserved port 50000. To free this port up I disabled Hyper-V:

dism.exe /Online /Disable-Feature:Microsoft-Hyper-V

After the reboots, I reserved port 50000:

netsh int ipv4 add excludedportrange protocol=tcp startport=50000 numberofports=1

Then enabled Hyper-V again:

dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All

When it came back up I could run Jenkins in Docker on Windows:

docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:lts