Connection refused from Windows Docker container with process isolation on Windows Server 2025 or Windows 11

[MaksVe]

Describe the bug
On Windows Server 2025 and Windows 11 in a container with process isolation TCP test fails and it's unable to access any web page or download any files.

To Reproduce
Steps to reproduce the behavior:
Run the container with process isolation:

> docker run -it --rm --isolation process mcr.microsoft.com/windows/servercore:ltsc2025 powershell

Test connection

> Test-NetConnection -Port 
WARNING: TCP connect to (13.107.4.52 : 80) failed                                                                                                                                      

ComputerName           : internetbeacon.msedge.net
RemoteAddress          : 13.107.4.52
RemotePort             : 80
InterfaceAlias         : vEthernet (Ethernet)
SourceAddress          : 172.29.72.49
PingSucceeded          : True
PingReplyDetails (RTT) : 35 ms
TcpTestSucceeded       : False

Expected behavior
Tcp test succeeds:

> Test-NetConnection -Port 80                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     ComputerName     : internetbeacon.msedge.net
RemoteAddress    : 13.107.4.52
RemotePort       : 80
InterfaceAlias   : Ethernet
SourceAddress    : 172.29.69.143
TcpTestSucceeded : True

Configuration:

• Edition: tested on both Microsoft Windows 11 Pro 10.0.26200, Microsoft Windows Server 2025 Standard 10.0.26100
• Base Image being used: mcr.microsoft.com/windows/servercore:ltsc2025
• Container engine: docker
• Container Engine version: 28.5.1

Additional context

• It's the same docker image and the same docker network, the only difference is the isolation type, and with hyperv isolation tcp test succeeds.
• Ping and TRACERT commands shows no issues
• Disabling Firewall on the host didn't help
• Also I've tried to disable NetAdapterRSC according to this issue without success
• Sniffing traffic with wireshark on the host didn't show anything except ARP and DNS packets

[github-actions]

Thank you for creating an Issue. Please note that GitHub is not an official channel for Microsoft support requests. To create an official support request, please open a ticket here. Microsoft and the GitHub Community strive to provide a best effort in answering questions and supporting Issues on GitHub.

[fjs4]

Hi MaksVe, thanks for reporting this issue.

I've tried to reproduce it without success. Like you I've tried a fully patch Windows 11 and Windows Server 2025, while running process isolated containers. (I used the same container image - up to date with 10B).

Is there anything else unique about the host or its configuration you can think of?

Thanks,
Erick

[MaksVe]

Not that I can think of. I've noticed that on Windows Server 2025/Windows 11 additional Hyper-V Virtual Ethernet Container Adapter is being created for each container running with process isolation, meanwhile on Windows Server 2019 it's not the case and every newly run container doesn't spawn any new container adapters, so I presume it uses the default vEthernet (nat) adapter. Is it an expected behavior? Can those additional adapters be misconfigured somehow upon creation?

[MaksVe]

In the end, it was an antivirus interference that was causing this issue.