Running Linux Containers on Windows Server 2019. Out of the box, Docker on Windows only run Windows container. To use Linux containers on Windows Server, you need to use the Docker Enterprise Edition Preview which includes a full LinuxKit system for running Docker Linux containers. Uninstall your current Docker CE. The preferred choice for millions of developers that are building containerized apps. Docker Desktop is an application for MacOS and Windows machines for the building and sharing of containerized applications. Access Docker Desktop and follow the guided onboarding to build your first containerized application in minutes. Product family for all Windows base OS container images. Windows Firewall is blocking my attempt to allows Docker for Windows to share C: on windows 10 machine. Works fine when Windows Firewall off. When its on I get. A firewall is blocking file Sharing between Windows and the containers. See documentation for more info. The documentation says. You do not need to open port 445 on any other network. Windows Server 2019 is an evolution to the container functionality you get with Docker. Windows Server 2016 is still perfectly fine for production, but 2019 brings Windows containers much closer to feature parity with Linux containers, and smooths over some things which are tricky in 2016.-->
This article outlines Microsoft's support policy concerning Windows containers and Docker for on-premises deployments.
Original product version: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 10 - all editions
Original KB number: 4489234
When customers experience issues with or have questions about Windows containers and related Docker functionality, Microsoft is their first point of contact. For similar information about Microsoft's support policy for containers in Azure, see Support policy for containers and related services on Azure.
Supported configurations for container hosts
Microsoft defines the supported host configurations in the following terms:
Host operating system: Windows Server or Windows 10.
Hypervisor: Windows 10 must run Hyper-V to support containers; Windows Server, as shown in the table, has more flexibility.
Docker engine: Docker is a third-party application for managing containers. Docker Enterprise runs on Windows Server; Docker Desktop for Windows runs in Windows 10. For more information about Docker, see Docker on Windows.
Container type: Microsoft supports Windows Server containers, Hyper-V containers, and Linux containers. However, not all host configurations can support all of the container types. For general information about Windows containers and container types, see Containers on Windows.
The Linux Containers on Windows (LCOW) feature is under active development. For more information, see Linux Containers on Windows. You can track ongoing progress in the Moby project on GitHub.
Host component support
Customers that deploy Windows Server containers on supported Windows Server versions running on physical hardware or virtual machine on Hyper-V will receive full support for issues that are related to the operating system and/or container engine.
Supported configurations for Windows Server container hosts
Microsoft supports Windows containers on the following versions and releases of Windows Server:
- Windows Server 2019 (1809) Standard or Datacenter editions
- Windows Server 2016 (1803) Standard or Datacenter editions
- Windows Server 2016 (1709) Standard or Datacenter editions
- Windows Server 2016 (1607) Standard, Datacenter, or Nano Server editions
- Windows IoT core (only available to Windows Insider members)
You cannot host containers on Windows Server, Nano Server edition, on any Windows Server release later than 1607.
Microsoft supports Windows containers on both LTSC and Semi-annual Channel (SAC) releases. For information about the support lifecycles for Windows versions and releases, see Windows Server Semi-Annual Channel overview.
To deploy containers in Windows Server, you must install Docker Enterprise (see Install Docker Engine - Enterprise on Windows Servers). Docker provides full support for Docker Enterprise at Docker support.
On these versions of Windows, the types of containers that Microsoft supports depends on whether your host is a physical computer or a virtual machine, and whether Windows is running with Hyper-V enabled.
Supported container types on a physical container host
|Hypervisor||Supported container types|
|None||Windows Server containers|
Supported container types on a virtual machine container host
|VM host hypervisor||Guest OS||Guest hypervisor||Supported container types|
|Hyper-V||Windows Server (full or core)||None||Windows Server containers|
|Hyper-V||Windows Server (full or core)||Hyper-V (must be running in nested virtualization mode)||Windows Server containers Hyper-V containers|
|VMWare ESX||Windows Server (full or core)||None (Hyper-V not supported on VMWare ESX)||Windows Server containers|
Supported configurations for Windows 10 container hosts
Microsoft supports containers on Windows 10 Professional or Enterprise with Anniversary Update (version 1607) or later, with the following requirements:
Hyper-V must be enabled
Docker Desktop for Windows must be installed (see Install Docker Desktop for Windows). Docker Desktop for Windows is the Community Edition (Docker CE) and is ideal for developers and small teams looking to get started with Docker and experimenting with container-based apps.
Microsoft does not provide support for Docker Desktop for Windows. Support is only provided through the Docker Community Forums. For more information, see 'What if I have problems or questions?' in the Docker for Windows FAQ at Docker FAQ.
You can use Hyper-V containers or Linux containers on Windows 10. You cannot use Windows Server containers.
Microsoft does not support containers on virtual machines that are hosted on a Windows 10 computer. To use containers on a virtual machine, use Windows Server as the virtual machine host.
Requirements for container hosts
For information about requirements for container hosts, see:
For information about requirements and compatibility issues for virtualization, see Windows Server Catalog: Server Virtualization Validation Program.
To run Hyper-V containers, the container host must meet the requirements for running Hyper-V itself. To summarize, Hyper-V requires:
64-bit processor, with the following capabilities:
Second-level address translation (SLAT): The Windows hypervisor functionality requires SLAT (the Hyper-V management tools do not.
Hardware-assisted virtualization: This is available in processors that include a virtualization option - specifically processors with Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) technology.
Hardware-enforced Data Execution Prevention (DEP) must be available and enabled. For Intel systems, this is the XD bit (execute disable bit). For AMD systems, this is the NX bit (no execute bit).
VM Monitor Mode extensions.
At least 4 GB of RAM. More memory is better. You'll need enough memory for the host and all virtual machines that you want to run at the same time.
Virtualization support turned on in the BIOS or UEFI.
For more information, see System requirements for Hyper-V on Windows Server.
Supported container orchestrators
The Azure Service Fabric is not available to orchestrate on-premises containers. Windows does support Docker swarm, Kubernetes, and Red Hat orchestrators.
Docker swarm: Docker swarm is a feature of the Docker engine. Docker swarm is fully supported by Docker. For more information about using Docker swarm with Windows containers, see Getting started with swarm mode.
Kubernetes: Kubernetes for on-premises Windows Server deployments is still in preview (Beta). Microsoft will not provide any support until the official announcement of general availability. Until then, use the following resources:
For the latest information about functionality with Windows Server 2016 and Windows Server 2019, see Kubernetes on Windows.
To track development and participate in community preview efforts, follow the Kubernetes #SIG-Windows community.
Red Hat OpenShift (Windows Server 2019 only): Red Hat OpenShift on Windows Server 2019 is still in private preview. Microsoft will not provide support until the announcement of general availability.
Supported container images
Microsoft offers four container base images for Windows:
- Windows Server core: If your application needs the full .NET framework, this is the best image to use.
- Nano Server: For applications that only require .NET Core, Nano Server will provide a much slimmer image.
- Windows: You may find your application depends on a component or .dll that is missing in Server Core or Nano Server images, such as GDI libraries. This image carries the full dependency set of Windows.
- Windows IoT core: This image is purpose-built for IoT applications. You should use this container image when targeting an IoT Core host.
The IoT Core base image is only available to members of the Windows Insider program.
As outlined in Supported container hosts, not all host operating systems support both Windows Server containers and Hyper-V containers. Similarly, not all of the base images support both container types. The following table outlines which container types you can create using each base image on each of the host operating systems.
Container base OS images that are supported on Windows container hosts
|Container host OS||Windows Server core||Nano Server||Windows||Windows IoT core|
|Windows Server 2016 or 2019 Standard or Datacenter||Windows Server containers|
|Windows Server containers|
|Windows Server containers|
|Windows Server 2016 Nano Server||Not supported||Windows Server containers|
|Hyper-V containers||Not supported|
|Windows 10 Professional or Enterprise||Hyper-V containers||Hyper-V containers||Hyper-V containers||Not supported|
|Windows IoT core||Not supported||Not supported||Not supported||Windows Server containers|
If you plan to work with container hosts that run different versions and releases of Windows, you will also need to consider the versions and releases of the container images. Some container features are not backward-compatible, so some newer base OS images may not run on container hosts with older OS versions. For more detailed information about compatibility issues between base OS image versions and host OS versions, see Windows Container Version Compatibility.
Support for container workloads
Microsoft fully supports its container base OS images, as described in this section. For support of Microsoft applications in containers, see GitHub, the Microsoft forums, or the Microsoft repository on DockerHub for the custom container image in question.
When running third-party applications in Windows containers, refer to the application vendor for support. In particular, confirm with the application vendor that they support running the application in a Windows container.
Supported networking configurations
Microsoft fully supports Windows container networking functionality. This functionality includes the Host Networking Service (HNS) and Host Compute Service (HCS). HNS and HCS work together to create containers (HCS) and attach endpoints to a network (HNS). Additionally, it includes the following container network drivers (for full descriptions of these drivers, see Windows Container Network Drivers):
Network Address Translation (NAT): This is the default driver for container networks. NAT networks support port forwarding and mapping from container hosts to container endpoints. Microsoft supports multiple NAT networks on Windows 10 container hosts that have Windows 10, version 1703 (also known as the Creators Update) installed.
Transparent: When configured with a user-specified subnet, transparent networks support static IP addresses from the physical network or dynamic IP addresses assigned by an external DHCP server. When using a transparent network for containers on a virtual container host, you must configure MAC address spoofing.
Overlay: Microsoft supports overlay networks for use with Docker swarm or Kubernetes orchestration. To use overlay networks, your configuration must meet the following requirements:
Your container hosts run Windows Server 2019, Windows Server 2016, or Windows 10 Creators Update.
Your deployment meets the requirements listed in Using overlay networks.
When using Kubernetes, you are using Flannel or OVN control panes.
Kubernetes for on-premises Windows Server deployments is still in preview (Beta). For information about Kubernetes support, see Supported container orchestrators.
L2Bridge: Microsoft supports L2Bridge networks to assign containers to the same IP subnet as the container host. To use L2Bridge networks, your configuration must meet the following requirements:
Your container hosts run Windows Server 2019, Windows Server 2016, or Windows 10 Creators Update.
IP addresses must be assigned statically from the same prefix as the container host.
You configure MAC address spoofing.
L2Tunnel: Microsoft primarily supports L2Tunnel networks for use in a Microsoft Cloud Stack. Otherwise, requirements for L2Tunnel networks resemble the requirements for L2Bridge networks.
Advanced network options - supported and unsupported
Microsoft supports switch-embedded teaming for container host networks used by Docker. Microsoft does not support any other NIC teaming configuration for container networking. For more information, see Advanced Network Options in Windows.
Microsoft does not support the following features for container networking:
IPSec encryption for container communication
HTTP proxy configuration for containers. You can track a preliminary PR for this feature at Changes to support registry modification in containers.
Attaching endpoints to running Hyper-V containers (hot-add)
Microsoft does not support the following commands and options for Docker:
Supported service accounts for containers
Microsoft supports Active Directory group Managed Service Accounts (gMSAs) for containers.
Containers cannot be domain-joined. By using Group Managed Service Accounts (gMSAs), Windows containers themselves and the services they host can be configured to use a specific gMSA as their domain identity. Any service running as Local System or Network Service will use the Windows container's identity just like they use the domain-joined host's identity. For information about using gMSAs, see:
Supported endpoint security options for containers and container hosts
Microsoft supports Windows Defender to protect container hosts. However, it does not support Windows Defender to run within containers.
Docker provides information about third-party providers and their endpoint protection products at Endpoint security for Windows containers. When using a third-party product, verify that the provider supports the product for containers. Be aware of any issues and limitations related to running the product within a container. Additionally, for recommendations about how to configure anti-virus protection to work with containers, see Anti-virus optimization for Windows Containers.
Windows Server 2019 is the next long-term support release of Windows Server, and it's available now! It comes with some very useful improvements to running Docker Windows containers - which Docker Captain Stefan Scherer has already summarized in his blog post What's new for Docker on Windows Server 2019.
UPDATE: the second edition of my book Docker on Windows is out now. It focuses entirely on Windows Server 2019
You need Windows Server to run 'pure' Docker containers, where the container process runs directly on the host OS. You can use the same Docker images, the same Dockerfiles and the same
docker commands on Windows 10, but there's an additional virtualization overhead, so it's good to use a Windows Server VM for test environments.
On Windows 10 Docker Desktop is the easiest way to get started
If you want to check out the newest version of Windows Server and get running Docker containers, here's what you need to do.
Get Windows Server 2019
You can download the ISO to install Windows Server 2019 now, from your Visual Studio subscription if you have one, or a 180-day evaluation version if you don't. VMs with Windows Server 2019 already deployed will be available on Azure shortly.
The installation procedure for 2019 is the same as previous Windows Server versions - boot a VM from the ISO and the setup starts. I prefer the core installation with no GUI:
I installed Server 2019 onto a Hyper-V VM running on my Windows 10 machine, with the VM disks stored on an external SSD drive. The setup finished in a few minutes, and it runs very quickly - even with just 4GB RAM allocated.
You can also upgrade from previous Windows Server versions to 2019 using the ISO.
Connect to the Server
When you RDP into a Windows Server Core machine you just see a command prompt. The first time you connect you'll need to set the password for the default
Administrator account. Then I like to set PowerShell as the default command shell, so whenever you RDP you get into a PowerShell session:
Configure Windows Features
To run containers you need to enable the
Containers feature, and for a non-production VM I also disable Windows Defender to stop it burning CPU cycles. You'll need to reboot after these steps:
Configure Windows Updates
You'll want to make sure you have the latest updates, but then I disable automatic updates so I only get future updates when I want them. There's no GUI in Windows Server Core, so run
sconfig and then select:
5, to set Windows Updates to manual
7, to enable Remote Desktop Access to the server
6, to download and install all updates
Then you're ready to install Docker.
Install Docker on Window Server 2019
Windows Server licensing includes the licence cost for Docker Enterprise, so you can run the enterprise edition with production support for containers from Microsoft and Docker.
The latest Docker Enterprise engine is version 19.03
18.03, which you can explicitly install with PowerShell:
This sets up Docker as a Windows Service, which you need to start:
Pull the Windows Base Images
Any Docker containers you run on Windows Server 2019 will be based on Windows Server Core or Nano Server. You'll need both those images, and be aware that the base images are now hosted on Microsoft's container registry, MCR:
These images are tiny compared to the Windows Server 2016 versions. Windows Server Core has shrunk from over 10GB to a 1.5GB download, and Nano Server has shrunk from over 1GB to a 90MB download!
[Optional] Pull the .NET Core Images
The .NET Core team released versions of their SDK and runtime images as soon as Windows Server 2019 launched. You can pull those now and start running your .NET Core apps in 2019 (there are also .NET Framework SDK and ASP.NET images available - hopefully SQL Server will get some attention soon..)
The upstream Docker images are still listed on Docker Hub, so that's where you go for discovery - but they get served from Microsoft's own image registry, MCR.
Try it Out!
I've pushed an updated version of my .NET Core
whoami image, so you can try out ASP.NET Core 3.0 running in Windows Server Core 2019 containers:
One of the enhancements for Docker in Windows Server 2019 is that loopback addresses now work, so you can visit this container using
localhost on the server, and using the same published port from an external machine:
And in Swarm Mode..
I'll post a longer explanation of what you can do with Docker in Windows Server 2019 that you couldn't do in Windows Server 2016, but here's just one other thing: Windows Server 2019 now supports ingress networking for Docker swarm mode. That means you can run multiple containers on one server, all listening on the same port, and Docker will load-balance incoming requests between the containers.
I have lots more detail on this in my Pluralsight course Managing Load Balancing and Scale in Docker Swarm Mode Clusters
Switch your server to a single-node swarm:
Docker Server Windows 2019
Now deploy the
whoami app as a swarm service, with multiple replicas and a published port:
Now when you browse to the VM from outside, Docker will load-balance requests across the five containers which are hosting the service:
Windows Server 2019 is an evolution to the container functionality you get with Docker. Windows Server 2016 is still perfectly fine for production, but 2019 brings Windows containers much closer to feature parity with Linux containers, and smooths over some things which are tricky in 2016.
Docker Server Windows 10
And the next big thing is Windows support in Kubernetes, which
is expected to GA before the end of the year :) went GA this year. Windows containers are now supported in mixed Linux-Windows Kubernetes clusters - find out more from my post Getting Started with Kubernetes on Windows.