You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/manuals/desktop/troubleshoot-and-support/troubleshoot/topics.md
+33Lines changed: 33 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -379,6 +379,39 @@ Note some third-party software such as Android emulators will disable Hyper-V on
379
379
380
380
Your machine must have the following features for Docker Desktop to function correctly:
381
381
382
+
### Docker Desktop with Windows Containers fails with "The media is write protected""
383
+
384
+
#### Error message
385
+
386
+
FSCTL_EXTEND_VOLUME \\?\Volume{GUID}: The media is write protected
387
+
388
+
#### Cause
389
+
390
+
If you're encountering failures when running Docker Desktop with Windows Containers, it might be due to
391
+
a specific Windows configuration policy: FDVDenyWriteAccess.
392
+
393
+
This policy, when enabled, causes Windows to mount all fixed drives not encrypted by BitLocker-encrypted as read-only.
394
+
This also affects virtual machine volumes and as a result, Docker Desktop may not be able to start or run containers
395
+
correctly because it requires read-write access to these volumes.
396
+
397
+
FDVDenyWriteAccess is a Windows Group Policy setting that, when enabled, prevents write access to fixed data drives that are not protected
398
+
by BitLocker. This is often used in security-conscious environments but can interfere with development tools like Docker.
399
+
In the Windows registry it can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE\FDVDenyWriteAccess.
400
+
401
+
#### Solutions
402
+
403
+
Docker Desktop does not support running Windows Containers on systems where FDVDenyWriteAccess is enabled. This setting interferes with the
404
+
ability of Docker to mount volumes correctly, which is critical for container functionality.
405
+
406
+
To use Docker Desktop with Windows Containers, ensure that FDVDenyWriteAccess is disabled. You can check and change this setting in the registry or through Group Policy Editor (gpedit.msc) under:
407
+
408
+
Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Fixed Data Drives -> Deny write access to fixed drives not protected by BitLocker
409
+
410
+
Set this policy to "Not Configured" or "Disabled".
411
+
412
+
Note: Modifying Group Policy settings may require administrator privileges and should comply with your organization's IT policies. If the setting gets reset after some
413
+
time this usually means that it got overriden by the centralized configuration of your IT department. Better talk to them before making any changes.
0 commit comments