🟠 High   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

`docker pull` fails and deployment pipelines stop on image retrieval.

Environment & Reproduction

Seen behind strict egress filtering, proxy interception, or incorrect MTU paths.

docker pull mcr.microsoft.com/windows/servercore:ltsc2022

Root Cause Analysis

TLS session negotiation to registry endpoints is interrupted by firewall, proxy, or cert trust problems.

Quick Triage

Test registry reachability and DNS resolution.

Test-NetConnection mcr.microsoft.com -Port 443
Resolve-DnsName mcr.microsoft.com

Step-by-Step Diagnosis

Capture daemon logs and proxy settings.

Get-Content C:ProgramDatadockerconfigdaemon.json -ErrorAction SilentlyContinue
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Container registry connectivity diagnostics β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Allow required endpoints/ports, set proxy correctly, and refresh trusted roots.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

setx HTTP_PROXY http://proxy:8080
setx HTTPS_PROXY http://proxy:8080
Restart-Service docker
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
TLS handshake timeout remediation β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Mirror images in internal registry to avoid external pulls during runtime.

docker tag mcr.microsoft.com/windows/servercore:ltsc2022 registry.local/servercore:ltsc2022
docker push registry.local/servercore:ltsc2022

Verification & Acceptance Criteria

Image pull completes within SLA and no TLS timeout appears.

docker pull registry.local/servercore:ltsc2022

Rollback Plan

Revert proxy/env changes and restore previous daemon config.

[Environment]::SetEnvironmentVariable('HTTP_PROXY',$null,'Machine')

Prevention & Hardening

Maintain allowlist of container registry endpoints and monitor TLS errors.

Get-WinEvent -LogName Application -MaxEvents 100 | ? Message -match 'TLS|timeout'

Related: DNS NXDOMAIN for registry endpoints and HTTP 407 proxy auth failures.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft and Docker documentation for Windows registry connectivity and proxy configuration.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.