WinNAT service port conflicts¶

WinNAT service port conflicts occur when the Windows Network Address Translation (WinNAT) service retains a hold on specific ports, preventing applications like Docker Desktop from binding to them during startup.^[docker-desktop-k8s-startup-fail.md]

Symptoms¶

When this conflict occurs, the affected application—most commonly Kubernetes within Docker Desktop—will fail to start.^[docker-desktop-k8s-startup-fail.md] The system logs will report a socket bind error with the message: An attempt was made to access a socket in a way forbidden by its access permissions.^[docker-desktop-k8s-startup-fail.md]

For example, Docker Desktop may fail to bind to TCP port 6443 on the loopback address (127.0.0.1).^[docker-desktop-k8s-startup-fail.md]

Resolution¶

To resolve the conflict and release the occupied ports, the WinNAT service must be restarted.^[docker-desktop-k8s-startup-fail.md]

This can be accomplished using the following command in a terminal running with administrator privileges:

net stop winnat

After stopping the service, you may typically restart it (and the dependent applications) to verify normal operation.

[[Port Binding]]
[[Docker Desktop]]
[[WinNAT]]

Sources¶

docker-desktop-k8s-startup-fail.md

WinNAT service port conflicts¶

Symptoms¶

Resolution¶

Related Concepts¶

Sources¶