Fix Docker load/pull/build issue when Bitlocker is enabled
When running Docker in domain joined computer which has Bitlocker enabled, loading/pulling/building images don't work when group policy "Deny write access to fixed not protected by Bitlocker" is on.
According to Patrick Lang, this is because "This setting indirectly affects containers because we create a VHD for each container's scratch space and format it. Since it's a new disk and not yet encrypted, then Windows will block access to that VHD based on that policy." (https://github.com/Microsoft/Virtualization-Documentation/issues/355#issuecomment-284025671)
Because of this restriction and the fact that our security policy doesn't allow exceptions, I cannot currently properly use Docker in my development environment.
Not fixed windows 10 Enterprise 1803 (over 2 years since first reported... if only I could put off my users for as long....)
It does not work for me using 1803
Greg Perrego commented
To clarify, which version of Windows 10 (not server) has this been fixed in? Has microsoft supplied a backwards compatible fix for windows 10 1709 or 1703 or is this only fixed in windows 10 1803?
Weijuan Shi Davis commented
Hello All - wanted to let you know we now have fixed this issue in our recent Server Insider build 17074 and higher. Please do download and give it a try. Let us know if we indeed did the job!
Here is the Server Core container inside build:
Here is a blog related to this fix and other ones:
Janne Rantala commented
Exceptions which I've got when trying to pull Windows Server base images are:
$ docker pull microsoft/nanoserver Using default tag: latest latest: Pulling from microsoft/nanoserver bce2fbc256ea: Extracting [==================================================>] 252.7 MB/252.7 MB 10bf725c5388: Download complete failed to register layer: re-exec error: exit status 1: output: ProcessUtilityVMImage D:\docker\windowsfilter\416f5b183bda6515686496e4cc53d4a1f1e0ccf0a5fc70e1bbfb95a50081d86e\UtilityVM: winapi error #3489661090
More discussion about issue here https://github.com/Microsoft/Virtualization-Documentation/issues/530