Implenenting Containers on Windows Server 2016 and running IIS

So since TP3 was released yesterday, I have been quite busy trying to implement Containers on top of a Hyper-V host. Now Microsoft has been kind as enough to give us a simple Contain Image which makes the first part pretty easy.

In order to deploy Container we need a container host. The easiest way to get startet is download a finished script from Microsoft, which we can run directly from a Hyper-V host to be able to get a container host VM

NOTE: That Containers do not require Hyper-V, but this

wget -uri -OutFile New-ContainerHost.ps1

This will generate a PowerShell Script from the URL, when we run it we need to define a couple of things, first of is name of the VM and password for the built-in administrator account and doing so the script which in essence will do a couple of things.

1: Download a finished Sysprepped Container Host image from which is in essence

2: Enables the Container feature on the host-vm  (Part of the unattend process) is in the last part of the script contains a unattend section which is being process against the container host-vm

3: Boot the VM as a Contained-host and do PowerShell direct session after the VM is booted and finish the setup.

After that you have a running container host setup, and we can connect to the VM using Hyper-V manager


Not much to see yet. Important to remember that the image will create a built-in NAT switch on the Docker host, with a predefined subnet range


Where the docker host will take the first IP in the range. Now if we run Get-ContainerHost and Get-ContainerImage we should get that the VM is a Containerhost and that we have a WindowsServerCore Image available.

Now in order to create a Container we need to run the following command

$container = New-Container -Name “MyContainer” -ContainerImageName WindowsServerCore -SwitchName “Virtual Switch”

The name of the switch needs to be identical to the one added. Can be viewed using get-vmswitch

Reason why we store it in a variable is because we need to reference it later when using PowerShell direct.

I can use the command get-container to see that it has been created. Now I have to start the container using start-container –name “MyContainer”

I can now see that the container is running and is attached to the NAT vSwitch


Great! so what now ? Smilefjes

As I mentioned earlier we needed to store the container variable in order to use it later, well this is the time. Now we need to do a PowerShell direct session to the Container. If not we can always use the $container = get-container –name to store it against.

By using the command

Enter-PSSession -ContainerId $container.ContainerId –RunAsAdministrator

We can now enter a remote session against the Container. We can also see that the container ID is shown at the start of the prompt


Also verify that is has gotten an IP-address from the NAT Network


So now what ? Let’s start by installing IIS on the container, this can be done by using the command Install-windowsfeature –name Web-Server

After that is installed and that the W3 service is running

get-service –name W3SVC


Now that we have deployed an IIS service on the Container, we need to setup a Static NAT rule to open for port 80. In my case I have a lab which resides on but the NAT switch is on

NOTE: Another option we can do is to enable the builtin-administrator account so that way we can use RDP against the Container in the future (Make sure you add the proper NAT rules)

net user administrator /active:yes

So in order to add a static forwarding rule on the containerhost vm just use the command to specify ports and IP-addreses. Add-NetNatStaticMapping -NatName “ContainerNat” -Protocol TCP -ExternalIPAddress -InternalIPAddress -InternalPort 80 -ExternalPort 80

Next I just do a nasty firewall disable edit

set-netfirewallprofile domain,public,private –Enabled false

Then by running Get-NatStaticMapping on the ContainerHost I can see the rules I created. I also added som new rules for RDP purposes.


Now my Docker host, is setup with two IP addresses (One which is and the other is (Which when I connect to that IP the NAT rules will kick in and forward me to my IIS service running on the Container)

Now I can see that I have a NAT session active


And that IIS opens on the Container


Now that I have an IIS installed Container I can shutdown the VM and create a new containerimage of it.

stop-container –name “test2”

By using the command

$newimage = New-ContainerImage -ContainerName test2 -Publisher Demo -Name newimage -Version 1.0

So this has been a first introduction to Containers running on TP3. Note that many utilities do not work formally with Containers, such as sconfig which tries to list out network interfaces, but they are not presented within a Container so some settings are not available.

Leave a Reply

Scroll to Top