Windows-Containers icon indicating copy to clipboard operation
Windows-Containers copied to clipboard
verified publisher icon microsoft

(HTTP code 500) server error - hcsshim::ActivateLayer failed in Win32: The process cannot access the file because it is being used by another process. (0x20)

Open xlazom00 opened this issue 2 months ago • 2 comments

Describe the bug I want to run windows docker container(--isolation=process) and first time it run just fine but when I rerun it it will report this error (HTTP code 500) server error - hcsshim::ActivateLayer failed in Win32: The process cannot access the file because it is being used by another process. (0x20) All fine with --isolation=hyperv

To Reproduce

  1. docker run -it --isolation=process --name hello-world hello-world:latest
  2. docker start -i hello-world
  3. container don't start

Expected behavior container will start

Configuration:

docker version

Client:
 Version:           28.5.1
 API version:       1.51
 Go version:        go1.24.8
 Git commit:        e180ab8
 Built:             Wed Oct  8 12:19:16 2025
 OS/Arch:           windows/amd64
 Context:           desktop-windows

Server: Docker Desktop 4.50.0 (209931)
 Engine:
  Version:          28.5.1
  API version:      1.51 (minimum version 1.24)
  Go version:       go1.24.8
  Git commit:       f8215cc
  Built:            Wed Oct  8 12:16:52 2025
  OS/Arch:          windows/amd64
  Experimental:     false

docker info

Client:
 Version:    28.5.1
 Context:    desktop-windows
 Debug Mode: false
 Plugins:
  ai: Docker AI Agent - Ask Gordon (Docker Inc.)
    Version:  v1.9.11
    Path:     C:\Program Files\Docker\cli-plugins\docker-ai.exe
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.29.1-desktop.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-buildx.exe
  compose: Docker Compose (Docker Inc.)
    Version:  v2.40.3-desktop.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-compose.exe
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.45
    Path:     C:\Program Files\Docker\cli-plugins\docker-debug.exe
  desktop: Docker Desktop commands (Docker Inc.)
    Version:  v0.2.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-desktop.exe
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.31
    Path:     C:\Program Files\Docker\cli-plugins\docker-extension.exe
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.4.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-init.exe
  mcp: Docker MCP Plugin (Docker Inc.)
    Version:  v0.25.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-mcp.exe
  model: Docker Model Runner (Docker Inc.)
    Version:  v0.1.46
    Path:     C:\Program Files\Docker\cli-plugins\docker-model.exe
  offload: Docker Offload (Docker Inc.)
    Version:  v0.5.10
    Path:     C:\Program Files\Docker\cli-plugins\docker-offload.exe
  sandbox: Docker Sandbox (Docker Inc.)
    Version:  v0.5.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-sandbox.exe
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-sbom.exe
  scout: Docker Scout (Docker Inc.)
    Version:  v1.18.3
    Path:     C:\Program Files\Docker\cli-plugins\docker-scout.exe

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 1
 Server Version: 28.5.1
 Storage Driver: windowsfilter
  Windows:
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 26200 (26100.1.amd64fre.ge_release.240331-1435)
 Operating System: Microsoft Windows Version 24H2 (OS Build 26200.5622)
 OSType: windows
 Architecture: x86_64
 CPUs: 32
 Total Memory: 55.65GiB
 Name: DESKTOP-04AV7JL
 ID: 56ff010a-fc8e-4dad-a922-3921a3981575
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Labels:
  com.docker.desktop.address=npipe://\\.\pipe\docker_cli
 Experimental: false
 Insecure Registries:
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Additional context OS: windows 11 25H2 Clean install of windows + docker desktop AMD drivers Adrenalin 25.10.2 from 2025-10-29 (whql-amd-software-adrenalin-edition-25.10.2-win10-win11-oct-rdna3.exe) Asus Z13 with AMD 395+ MAX + Radeon 8060

I did spend like one week to find out what is source of this problem. As I can't reporoduce this with clean install in virtual machine. When I install windows 11 (us eng iso) + drivers + updates + docker desktop on my Asus Z13 I started to have this error. So I did install windows(us eng iso) on Asus Z13 but I disabled windows update with blackisting windows update in hosts 0.0.0.0 *.download.windowsupdate.com 0.0.0.0 *.microsoft.com 0.0.0.0 *.update.microsoft.com 0.0.0.0 *.windowsupdate.com 0.0.0.0 *.windowsupdate.microsoft.com 0.0.0.0 download.microsoft.com 0.0.0.0 download.windowsupdate.com 0.0.0.0 ntservicepack.microsoft.com 0.0.0.0 test.stats.update.microsoft.com 0.0.0.0 windowsupdate.microsoft.com 0.0.0.0 wustat.windows.com 0.0.0.0 tlu.dl.delivery.mp.microsoft.com 0.0.0.0 cp801.prod.do.dsp.mp.microsoft.com 0.0.0.0 settings-win.data.microsoft.com 0.0.0.0 geo.prod.do.dsp.mp.microsoft.com 0.0.0.0 fe3cr.delivery.mp.microsoft.com 0.0.0.0 kv801.prod.do.dsp.mp.microsoft.com 0.0.0.0 msedge.b.tlu.dl.delivery.mp.microsoft.com

And I was finnaly able to run docker image without problem. So I installed driver by driver on this clean Windows and I found that when I install AMD drivers I will start to get this error. And it really is. When I disable AMD gfx in Device manager all works fine :)

And I also found that when I install McAfee and when I enable real time virus detection all works fine when I disable real time virus detection "hcsshim::ActivateLayer failed in Win32..."

Tested on AMD 395+ MAX + Radeon 8060(RDNA3.5) error intel 9700K CPU + RX 5500 XT(RDNA1) no problem intel CPU + intel GPU no problem AMD 9950x + iGPU(RDNA2) no problem intel 9700K + AMD Radeon RX 9060(RDNA4) error

time="2025-11-06T22:28:41.383924200+01:00" level=info msg="sending event" container=95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 event=create module=libcontainerd
time="2025-11-06T22:28:41.422088400+01:00" level=info msg="sending event" container=95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 event=start event-info="{95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 14160 0 0001-01-01 00:00:00 +0000 UTC <nil>}" module=libcontainerd
time="2025-11-06T22:28:41.441121000+01:00" level=info msg="sending event" container=95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 event=exit event-info="{95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 14160 0 2025-11-06 22:28:41.441121 +0100 CET m=+228.522013501 <nil>}" module=libcontainerd
time="2025-11-06T22:28:41.810994200+01:00" level=error msg="error unmounting container" container=95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 error="hcsshim::UnprepareLayer failed in Win32: Do not detach the filter from the volume at this time. (0x801f0010)"
time="2025-11-06T22:28:41.820062900+01:00" level=error msg="Error setting up exec command in container 95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046: container 95a5174cba3696f2ea327704ad81ae68c82be4cd8ae4253b2d9f04534ccbe046 is not running"

Bug report on docker https://github.com/docker/for-win/issues/14977

xlazom00 avatar Nov 06 '25 19:11 xlazom00

Thank you for creating an Issue. Please note that GitHub is not an official channel for Microsoft support requests. To create an official support request, please open a ticket here. Microsoft and the GitHub Community strive to provide a best effort in answering questions and supporting Issues on GitHub.

github-actions[bot] avatar Nov 06 '25 19:11 github-actions[bot]

From ProcessMonitor Image Image

xlazom00 avatar Nov 06 '25 22:11 xlazom00

Hi @xlazom00,

Thanks for reporting this, and for the detailed analysis. Regarding this comment from your initial post:

And I was finnaly able to run docker image without problem. So I installed driver by driver on this clean Windows and I found that > when I install AMD drivers I will start to get this error. And it really is. When I disable AMD gfx in Device manager all works fine :)

And I also found that when I install McAfee and when I enable real time virus detection all works fine when I disable real time virus detection "hcsshim::ActivateLayer failed in Win32..."

Am I understanding correctly that installing either the AMD gfx driver OR McAfee exposes this problem?

Can you also tell me what container image you're using to create your "hello world" container image? I'd just like to see if we can repro.

Thanks again, Erick

fjs4 avatar Dec 02 '25 18:12 fjs4

Hi @fjs4 to reprodcuce this issue you wil need AMD gfx with RDNA3.5 or RDNA4 architecture.

I did run docker with this

  1. docker run -it --isolation=process --name hello-world hello-world:latest
  2. docker start -i hello-world
    container don't start

so it is some windows docker hello-world container I think.

But When I instal McAfee after restart all works without any

hcsshim::ActivateLayer failed in Win32: The process cannot access the file because it is being used by another process. (0x20)

issue. But when I disable McAfee realtime scanning it is all back. And when I enable it all works fine.

xlazom00 avatar Dec 02 '25 18:12 xlazom00