Category Archives: docker

Docker for Windows – Port Reservations

I work a lot in the airport Common Use (CUTE / CUPPS / CUSS) world. As such, one of the applications I work with a lot is ARINC’s PCP / PCPNET (now Rockwell Collins). For the past several years I’ve had this service running in my local dev environment to support my own product development built on top of ARINC’s platform (along with several other CUTE / CUPPS providers) and it has “just worked”. As recently as last night I was doing development in my home office and started my local ARINC PCPNET environment with no problems.

This afternoon I tried to fire up my ARINC PCPNET and I noticed the service took a really long time to start and I couldn’t connect to my ATB / BTP printers. Upon investigating the error logs in C:\Logs\Pcpnet\PcpNetCom.Log I noticed a new error:

Problem occurred while listening on port 50005
...
An attempt was made to access a socket in a way forbidden by its access permissions

“Well that’s new”, I thought to myself. My first instinct was that somehow some the ports that I use for PCPNET were being used by another application. So the first thing I did was check for ports in use:

netstat -aon | find "50005"

But that showed that the port was not being used.

Ok. So what did I change this morning that might have affected things. Well this morning I installed Docker for Windows. At first that didn’t seem like it could cause any problems, but doing a bit of digging around led me to the following command:

netsh int ipv4 show excludedportrange protocol=tcp

Which gave me a listing like the following:

That’s interesting. A series of port ranges have been reserved, of which my required ports (ARINC defaults to 50001 and up (typically a maximum of 6 – 10 ports for peripherals) fall right in the middle. And better yet, after each reboot, the port ranges above 49000 all seem to “shift” up or down by 20 or so.

To be fair, this is not really a docker issue. My investigation has pointed back to Hyper-V. Docker for Windows requires Hyper-V be installed before you install Docker for Windows. During my investigation I uninstalled Docker, then removed Hyper-V and the port reservations above 49000 all went away. I then re-enabled Hyper-V on my Win10 Pro machine and the 49000+ port reservations all came back, even before I reinstalled Docker.

So how do we solve this? In theory we should be able to delete a port reservation range with something like the following:

netsh int ipv4 delete excludedportrange protocol=tcp startport=50000 numberofports=50

and then add our own port reservation range with something like the following:

netsh int ipv4 add excludedportrange protocol=tcp startport=50000 numberofports=50

Unfortunately this didn’t work, returning an error indicating we couldn’t make the change.

In the end, we have two possible solutions (there may be others, but this is what I found in my limited time to debug):

  1. Change the port that ARINC PCPNET is using. This can be done in the registry by changing the “Client IP Port” entry for the devices to a value not in the reserved ranges. Restarting the PCP32 or PCPNET services should then use the new ports.
  2. Uninstall Docker and Hyper-V (via the Windows Features tool), reboot, reserve our range using the command listed above, then re-installing Hyper-V and Docker. After doing this Hyper-V is smart enough to start it’s own reserved ranges “around” our pre-reserved ranges (notice in the image below the range from 50000 – 500049 is protected:

PCPNet can now happily start with it’s preferred port range.