The dance between docker and vmware?

Daniel Redfern

Author: Daniel Redfern
Blog Created: Oct 29, 2018
Last Updated: Oct 29, 2019

alt text

# Initial issue with the docker daemon running

You one day you attempt to run some action on Docker, but even the simplest commands, such as container ls, it would throw a error duing connect ... open //./pipe/docker_engine error response. For example

docker container ls

error during connect: Get http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.40/containers/json: open //./pipe/docker_engine: The system cannot find the file specified. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.

# You could blame Hyper-V, not dockers.

Nothing was altered with docker, but there was a dependency. More specifically, the dependency is the enablement of Virtualization component on your physical image.

There is a dependency for Hyper-V to be enabled for Docker though this became in issue as I was running VMWare. During the configuration, VMware disabled the Virtualization component within your bios to avoid conflicting services. So, you cannot have Docker for windows working the same time as Virtualbox because of the Hyper-V dependency

One alternative is to uninstall docker for windows, then install the Toolbox installed on Windows, which is an alternative to Docker for windows. This is an older deprecating version of the docker service though is still operational for environments that do not meet the minimal requirements for Docker on windows. This works because the Toolbox for windows leverages virtualbox rather than Hyper-v. This will allow you to run virtualbox as a service but keep the Virtualization turned off on the physical device, thus allowing you to function VMware also

Uninstall Docker for Windows and use Docker Toolbox instead, which uses virtualbox rather than hyper-v.

# Catch 22 with Toolbox for windows

I did position myself into a catch-22 issue when the following error would be presented

0 [main] bash 3288 C:\Program Files\Git\bin\..\usr\bin\bash.exe: *** fatal error in forked process - MapViewOfFileEx '(null)'(0x58), Win32 error 5. Terminating. 0 [main] bash 3852 fork: child 3288 - died waiting for dll loading, errno 11 bash: fork: retry: No child processes 1099658 [main] bash 10032 C:\Program Files\Git\bin\..\usr\bin\bash.exe: *** fatal error in forked process - MapViewOfFileEx '(null)'(0x58), Win32 error 5. Terminating. 1236548 [main] bash 3852 fork: child 10032 - died waiting for dll loading, errno 11

This was in relation with the known issue, Windows 10 - bash.exe: fatal error in forked process - MapViewOfFileEx, Win32 error 5. The root cause for this because Clance would block the installation of Toolbox for windows due to a known stack pivoting exploit could be hijacked. I wasn't aware on how the stack pointers could be exploited, but Neil's computer blog provided a clear oversight.

So you are left with either or. The following steps below outline what is required to run either Docker or VMWare, thus avoiding the errors shown above

# How to install Docker, not VMWare

https://docs.docker.com/docker-for-windows/install/

# How to install VMWare, not Docker

A YouTube video helped me disable the Device Guard but here are the following steps:

  1. Go to 'Local Computer Policy - Computer Configuration - Administrative Templates - System - Device Guard - Turn on Virtualization'

  2. Double click that then select 'Disabled'

  3. Go to Control Panel - Uninstall a Program - Turn Windows features on or off - (uncheck/turn off) Hyper-V.

  4. Click OK

  5. Select Do not restart.

  6. And then type the following cmds in cmd prompt.. to Delete the related EFI variables from the BCD file... Launch cmd as admin...

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
bcdedit /set hypervisorlaunchtype off

# Solution

Get VMware working first (comments above) Toolbox is the older version of the docker packages though the docker Disable the docker desktop and install the docker toolbox

Reference https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage

About Daniel Redfern

Italian Trulli

Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space. Daniel has built from scratch this blog as well as technicalconfessions.com. Follow Daniel on twitter @nervouswiggles