Service cannot be started. System.ServiceModel.AddressAccessDeniedException

We were getting the following error trying to deploy a new WCF service because the domain account which runs the service was not a local admin on the server on which it was installed:

Service cannot be started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8000/ourservice/. Your process does not have access rights to this namespace (see for details).

The easy fix would have been to add the user as a local admin, but that's not the most security way to resolve the issue.

On a Windows Server 2008 and later box one could run the following command which should resolve the issue:

netsh http add urlacl url=http://+:PORTNUM/ user=DOMAIN\USERNAME

Since this particular application server didn't run 2008/2008R2 we had to use the httpcfg.exe program from the SUPPORT folder on the Windows Server 2003 installation media. This program requires one to specify a SID for the user who will run the service. A quick PowerShell command helps gather this information:


This command will return the Security Identifier for your service account user. which should be in the form:


Then run:

httpcfg set urlacl -u http://+:8000/yourservice/ -a D:(A;;GX;;;SVC_ACCT_SID)

Replace the SVC_ACCT_SID with the SID that the PowerShell command returned.

That should be all you need. Your WCF service should now start without errors.

Good luck,