BITS (Background Intelligent Transfer Service) wants to set firewall settings but can't in a container

[borhae]

I wanted to evaluate a distributed, peer to peer, install scenario with windows containers. BITS by Microsoft seemed like a good choice, to distribute installation packages. When trying to configure the windows containers to enable the peer to peer install I ran into issues detailed below.

I know, that windows containers don't come with a firewall, because the host systems firewall is used. But BITS wants to change firewall settings on the system it is running (understandably) and doesn't even know that there is an external one (where a configuration wouldn't make sense anyway).

Question: How can I enable Peer 2 Peer mode for BITS inside a container?

What I tried:
Executing

Enable-BCDistributed

inside the windows docker container via powershell, As a result I get the following error:

Enable-BCDistributed : Could not access the Windows Firewall configuration.
2023-04-14 12:05:22 At line:1 char:1
2023-04-14 12:05:22 + Enable-BCDistributed
2023-04-14 12:05:22 + ~~~~~~~~~~~~~~~~~~~~
2023-04-14 12:05:22     + CategoryInfo          : NotSpecified: (MSFT_NetBranchCacheOrchestrator:r 
2023-04-14 12:05:22    oot/StandardCi...cheOrchestrator) [Enable-BCDistributed], CimException
2023-04-14 12:05:22     + FullyQualifiedErrorId : HRESULT 0x800706d9,Enable-BCDistributed

I found some instructions that indicated that I should try to check whether the firewall is running by:

Get-Service -Name "MpsSvc"

But as a result I get:

Status   Name               DisplayName
------   ----               -----------
Stopped  MpsSvc             Windows Defender Firewall

When I try to start the firewall by

Start-Service -Name "MpsSvc"

I get the following error:

Start-Service : Service 'Windows Defender Firewall (MpsSvc)' cannot be started due to the following error: Cannot start service MpsSvc on computer '.'. 
At line:1 char:1
+ Start-Service -Name "MpsSvc"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException 
    + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

[borhae]

I'm still interested in discussing this. Any ideas @npolito-msft?

[borhae]

@fady-azmy-msft is @npolito-msft an active person? This thread seems dead.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[microsoft-github-policy-service]

This issue has been open for 30 days with no updates.
@npolito-msft, please provide an update or close this issue.

[ntrappe-msft]

@borhae I'm going to triage this again.

[ntrappe-msft]

BITS requires network access which means it needs to set firewall rules. However, the Windows Firewall does not run inside a container so any calls will fail. You won't be able to use BITS to transfer files. The good news is that our product team is aware of this request and I'll update this Issue when we have something to share.

[borhae]

Thank you so much for the response, I was already assuming that this issue is completely out of scope of what windows containers are meant to be useful for. I'm still interested in any outcome of this.

[ntrappe-msft]

I'm going to close this Issue for now but I'll reopen + update it when we have news to share.