Docker SQL bind: An attempt was made to access a socket in a way forbidden by its access permissions

Question

Error-message when creating container in Docker for SQL-server (with Admin-rights):

"… Error response from daemon: driver failed programming external connectivity on endpoint SQL19b (cc372bb961fb8178c2461d26bf16c4232a62e01c5f48b8fcec273370506cc095): Error starting userland proxy: listen tcp 0.0.0.0:1433: bind: An attempt was made to access a socket in a way forbidden by its access permissions."

excerpts from Log-file:

    [21:39:17.692][ApiProxy          ][Info   ] time="2019-08-01T21:39:17+02:00" msg="proxy >> HEAD /_ping\n"
[21:39:17.696][ApiProxy          ][Info   ] time="2019-08-01T21:39:17+02:00" msg="proxy << HEAD /_ping (3.9929ms)\n"
[21:39:17.699][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[21:39:17.742][ApiProxy          ][Info   ] time="2019-08-01T21:39:17+02:00" msg="proxy >> DELETE /v1.40/containers/22810276e261\n"
[21:39:17.758][ApiProxy          ][Info   ] time="2019-08-01T21:39:17+02:00" msg="proxy << DELETE /v1.40/containers/22810276e261 (16.129ms)\n"
[21:39:17.759][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[21:39:27.866][ApiProxy          ][Info   ] time="2019-08-01T21:39:27+02:00" msg="proxy >> HEAD /_ping\n"
[21:39:27.869][ApiProxy          ][Info   ] time="2019-08-01T21:39:27+02:00" msg="proxy << HEAD /_ping (1.6595ms)\n"
[21:39:27.870][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[21:39:27.894][ApiProxy          ][Info   ] time="2019-08-01T21:39:27+02:00" msg="proxy >> POST /v1.40/containers/create?name=SQLLinuxLocalPersist\n"
[21:39:27.908][APIRequestLogger  ][Info   ] [db460e2b-7d77-4756-be19-665715a9a182] POST http://unix/usage
[21:39:27.909][APIRequestLogger  ][Info   ] [db460e2b-7d77-4756-be19-665715a9a182] POST http://unix/usage -> 200 OK took 0ms
[21:39:27.909][ApiProxy          ][Info   ] time="2019-08-01T21:39:27+02:00" msg="Rewrote mount C:\\Docker\\SQL:/sql (volumeDriver=) to /host_mnt/c/Docker/SQL:/sql"
[21:39:28.049][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="proxy << POST /v1.40/containers/create?name=SQLLinuxLocalPersist (154.5485ms)\n"
[21:39:28.050][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="proxy >> POST /v1.40/containers/89d13c9d2d2bae095cf66e94b5bb60907a50cb199eb2bdcef9845d493435be07/wait?condition=next-exit\n"
[21:39:28.052][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[21:39:28.080][APIRequestLogger  ][Info   ] [a9a496c9-767a-4bd2-917c-f3f1391609dc] POST http://unix/usage
[21:39:28.082][APIRequestLogger  ][Info   ] [a9a496c9-767a-4bd2-917c-f3f1391609dc] POST http://unix/usage -> 200 OK took 0ms
[21:39:28.060][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="proxy >> POST /v1.40/containers/89d13c9d2d2bae095cf66e94b5bb60907a50cb199eb2bdcef9845d493435be07/start\n"
[21:39:28.088][APIRequestLogger  ][Info   ] [89bf69bf-5084-4d4b-a887-c7acb99bf131] POST http://unix/usage
[21:39:28.088][APIRequestLogger  ][Info   ] [6ca0e28f-bba3-4f66-afc5-43f6d486c8a2] POST http://unix/usage
[21:39:28.089][APIRequestLogger  ][Info   ] [89bf69bf-5084-4d4b-a887-c7acb99bf131] POST http://unix/usage -> 200 OK took 0ms
[21:39:28.089][APIRequestLogger  ][Info   ] [6ca0e28f-bba3-4f66-afc5-43f6d486c8a2] POST http://unix/usage -> 200 OK took 0ms
[21:39:28.067][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="mount point type:bind"
[21:39:28.068][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="mount point:/host_mnt/c/Docker/SQL"
[21:39:28.205][Moby              ][Info   ] [ 2254.975742] docker0: port 1(veth69918f7) entered blocking state
[21:39:28.250][Moby              ][Info   ] [ 2255.087127] docker0: port 1(veth69918f7) entered disabled state
[21:39:28.295][Moby              ][Info   ] [ 2255.132041] device veth69918f7 entered promiscuous mode
[21:39:28.354][Moby              ][Info   ] [ 2255.176944] IPv6: ADDRCONF(NETDEV_UP): veth69918f7: link is not ready
[21:39:28.439][GoBackendProcess  ][Info   ] Adding tcp forward from 0.0.0.0:1433 to 172.17.0.2:1433
[21:39:28.560][Moby              ][Info   ] [ 2255.385920] docker0: port 1(veth69918f7) entered disabled state
[21:39:28.616][Moby              ][Info   ] [ 2255.442735] device veth69918f7 left promiscuous mode
[21:39:28.667][Moby              ][Info   ] [ 2255.497549] docker0: port 1(veth69918f7) entered disabled state
[21:39:28.826][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="proxy << POST /v1.40/containers/89d13c9d2d2bae095cf66e94b5bb60907a50cb199eb2bdcef9845d493435be07/start (767.0192ms)\n"
[21:39:28.829][GoBackendProcess  ][Info   ] error CloseWrite to: The pipe is being closed.
[21:39:28.834][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="Cancel connection..."
[21:39:28.836][ApiProxy          ][Info   ] time="2019-08-01T21:39:28+02:00" msg="proxy << POST /v1.40/containers/89d13c9d2d2bae095cf66e94b5bb60907a50cb199eb2bdcef9845d493435be07/wait?condition=next-exit (786.0411ms)\n"

This leads to a container created, but without the port allocated. Therefore cannot start the SQL server.

Edit1: The port 1433 doesn't seem to be used (at least it is not listed under "netstat -abn" )

Answer 1

I faced the same issue and I didn't want to change the default port of MSSQL (1433)

Here what I did to fix this problem.

Make sure that your port is not in used, Go to resource monitor to validate this. Now check if the port is reserved. Open your command prompt and enter this

netsh int ipv4 show excludedportrange protocol=tcp

The port listed here are managed by hyper-v and the only way to remove the port 1433 here is to disable hyper-v, reserve the port 1433 so hyper-v doesn't reserve it back.

Disable hyper-v

dism.exe /Online /Disable-Feature:Microsoft-Hyper-V

Reserve the port 1433

netsh int ipv4 add excludedportrange protocol=tcp startport=1433 numberofports=1

Re Enable hyper-v

dism.exe /Online /Enable-Feature:Microsoft-Hyper-V /All

Start docker and run your container

Answer 2

I was able to fix it by running:

net stop winnat
net start winnat

Source: https://github.com/docker/for-win/issues/9272#issuecomment-776225866

Answer 3

Check if your port is in one of the exclusion ranges:

netsh int ipv4 show excludedportrange protocol=tcp

If it's excluded, you most likely suffer due to a faulty windows update that changed the dynamic port start range.

Check dynamic start port range with netsh int ipv4 show dynamicport tcp and fix it with netsh int ipv4 set dynamic tcp start=49152 num=16384 and after restart, exclusion port ranges should have changed.

Source: https://github.com/docker/for-win/issues/3171#issuecomment-554587817

Answer 4

I had this issue after updating docker. I restarted the computer and everything works fine now. Try restarting.