How to Configure Windows Server 2016 Containers

Windows Server 2016 introduced native container support, bringing the isolation and portability benefits of containers to the Windows ecosystem for the first time. Containers allow you to package an application and its dependencies into a single unit that runs consistently across development, testing, and production environments. Windows Server 2016 supports two container types: Windows Server Containers, which share the host OS kernel for maximum density, and Hyper-V Containers, which run each container inside a lightweight virtual machine for stronger isolation. This tutorial walks through enabling the container feature, pulling a base image, creating and managing containers, and configuring container networking on Windows Server 2016.

Prerequisites

You need a physical or virtual machine running Windows Server 2016 with at least 4 GB of RAM and 20 GB of free disk space. The server must have internet access to pull container images from the Microsoft Container Registry. Ensure the machine is fully updated and that you have an elevated PowerShell session. If you are running inside a VM, nested virtualization must be enabled on the Hyper-V host if you intend to use Hyper-V Containers.

Step 1: Enable the Containers Feature

Before you can run containers, the Containers feature must be installed on the host. Use the Install-WindowsFeature cmdlet in an elevated PowerShell session.

Install-WindowsFeature -Name Containers -Restart

After the server restarts, verify the feature is installed.

Get-WindowsFeature -Name Containers

Step 2: Install the Container Management Tools

Windows Server 2016 containers are managed through Docker. Install the Docker provider and the Docker package from the PowerShell Gallery. This installs the Docker Engine (dockerd) and the Docker client (docker).

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 17.06

After installation, restart the server to complete the Docker Engine setup.

Restart-Computer -Force

Step 3: Start and Verify the Docker Service

After the restart, start the Docker service and configure it to start automatically.

Start-Service Docker
Set-Service Docker -StartupType Automatic
docker version

The output of docker version should show both client and server information. If the server section shows an error, the Docker daemon may not be running. Check the event log or run dockerd directly in a terminal for diagnostic output.

Step 4: Pull the Windows Server Core Base Image

Microsoft provides official base images for Windows containers. Pull the Windows Server Core image that matches your host OS version to avoid compatibility issues.

docker pull mcr.microsoft.com/windows/servercore:ltsc2016

Pulling the image may take several minutes depending on your connection speed because the image is several gigabytes in size. Verify the image is available locally.

docker images

Step 5: Run Your First Container

Start an interactive container session using the Windows Server Core image. The –rm flag removes the container automatically when you exit the session.

docker run -it --rm mcr.microsoft.com/windows/servercore:ltsc2016 cmd.exe

Inside the container you have a standard command prompt. Run a command to verify the container is isolated from the host, then type exit to return to the host.

hostname
ipconfig
exit

Step 6: Run a Detached Container

In production scenarios you run containers in detached mode using the -d flag. The following example starts a container that runs a simple loop, names it mycontainer, and runs it in the background.

docker run -d --name mycontainer mcr.microsoft.com/windows/servercore:ltsc2016 ping -t localhost

List running containers and check container details.

docker ps
docker inspect mycontainer

Step 7: Create a Custom Container Image

Create a Dockerfile to build a custom image. The following example creates an image with IIS installed.

# Create a directory for the Dockerfile
New-Item -ItemType Directory -Path C:ContainerImagesIIS
Set-Content -Path C:ContainerImagesIISDockerfile -Value @"
FROM mcr.microsoft.com/windows/servercore:ltsc2016
RUN dism /online /enable-feature /featurename:IIS-WebServer /all
EXPOSE 80
CMD ["ping", "-t", "localhost"]
"@

# Build the image
docker build -t myiis:latest C:ContainerImagesIIS

Step 8: Run the Custom IIS Container with Port Mapping

Start the custom IIS container and map port 80 on the host to port 80 in the container.

docker run -d --name iiscontainer -p 80:80 myiis:latest

Test that IIS is responding by accessing the host’s IP address in a browser or using Invoke-WebRequest from PowerShell.

Invoke-WebRequest http://localhost -UseBasicParsing

Step 9: Manage Container Lifecycle

The following commands cover the most common container lifecycle operations: stopping, starting, removing containers, and cleaning up unused images.

# Stop a running container
docker stop iiscontainer

# Start a stopped container
docker start iiscontainer

# Remove a stopped container
docker rm iiscontainer

# Remove an image
docker rmi myiis:latest

# Remove all stopped containers
docker container prune -f

# Remove unused images
docker image prune -f

Step 10: Enable Hyper-V Isolation

For workloads requiring stronger isolation, run containers with Hyper-V isolation. This requires the Hyper-V role and nested virtualization if running inside a VM.

Install-WindowsFeature -Name Hyper-V -Restart

# Run a container with Hyper-V isolation
docker run -it --isolation=hyperv mcr.microsoft.com/windows/servercore:ltsc2016 cmd.exe

Windows Server 2016 containers provide a powerful way to package and deploy applications with full OS-level isolation. By following this guide you have enabled the container feature, installed Docker, pulled a base image, created a custom IIS container image, and learned the essential lifecycle management commands. As you build more complex applications, consider using Docker Compose for multi-container deployments and Windows container networking features to connect containers securely. Keeping base images up to date with monthly Microsoft patches is essential for maintaining a secure container environment.