Can not create containers within Portainer running on Windows Server 2022

[Nick-Portainer]

Bug description
When running Portainer within Windows Server 2022 using a Docker standalone environment, the creation of containers fail with the error Failure: invalid CapAdd: unknown capability: "CAP_AUDIT_WRITE"

Deployment of containers via the Docker CLI is successful and also show up in Portainer as running.

Expected behavior
Deployment of Docker containers via Portainer running on Windows Server 2022 successfully deploy.

Steps to reproduce the issue:

1. Install Portainer on Windows Server 2022
2. Attempt to create a container

Technical details:

• Portainer version: 2.18.4
• Docker version (managed by Portainer): 24.0.4
• Platform (windows/linux): Windows
• Command used to start Portainer (docker run -p 9443:9443 portainer/portainer): docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce:latest
• Browser: Edge
• Have you reviewed our technical documentation and knowledge base? Yes

[cZe116]

any news as to when this is getting fixed, as of right now im running into a almost same problem as you describe it, i deactivate all container capabilities and want to run a container from within portainer, and i still receive:

"Invalid CapDrop: unknown capability: CAP_AUDIT_CONTROL"

[canob]

Exactly the same is happening to me. Works perfectly with Windows Server 2019, but with Windows Server 2022 is not working, with the same error message:
Failure
invalid CapAdd: unknown capability: "CAP_AUDIT_WRITE"

[beckerben]

I found somewhat of a work around, if you go into the portainer -> host setup from the menu, then set the "Disable container capabilities for non-administrators" toggle on, then create a standard user account and grant access to the docker environment, when that user goes to create an image, the entire section for the items on the "Capabilities" tab is not there and therefore not in the docker commands run behind the scenes and it allows you to create containers from the portainer GUI....ideally there would be an easier way to simply ignore sending these altogether from the create container screen but doesn't appear so. I found that even trying to toggle all of the container capabilities off must still be sending them in the container create command as you will see it start to complain about the ones that are set untoggled :)

[canob]

I found another workaround (or maybe a temporary fix), that is to use a lower docker version.
I downgraded docker binary on Windows from 24.0.4 to 20.10.14, and is working perfectly fine.
Maybe and upper version (an upper 20.x or 23.x) work too, but I didn't tested.
Portainer version: 2.18.4
Docker version (managed by Portainer): 20.10.14
Platform (windows/linux): Windows Server 2019 and Windows Server 2022 (on both is working with docker 20.10.14)

[bjork-dev]

Got the same error message as canob:
"Failure invalid CapAdd: unknown capability: "CAP_AUDIT_WRITE" on Windows Server 2022 with Docker EE 23.0.7 & Portainer 2.19.

Downgrading to Docker EE 20.10.9 solved the issue.

[shirt-dev]

Getting the same error as well

[Nick-Portainer]

Hi everyone, as of Portainer Server 2.20.3 STS this is now resolved. Please let me know how you get on