Service cannot be started. System.ServiceModel.AddressAccessDeniedException

We were getting the following error trying to deploy a new WCF service because the domain account which runs the service was not a local admin on the server on which it was installed:


Service cannot be started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8000/ourservice/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details).

The easy fix would have been to add the user as a local admin, but that's not the most security way to resolve the issue.

On a Windows Server 2008 and later box one could run the following command which should resolve the issue:


netsh http add urlacl url=http://+:PORTNUM/ user=DOMAIN\USERNAME

Since this particular application server didn't run 2008/2008R2 we had to use the httpcfg.exe program from the SUPPORT folder on the Windows Server 2003 installation media. This program requires one to specify a SID for the user who will run the service. A quick PowerShell command helps gather this information:


([wmi]"win32_userAccount.Domain='NETBIOSDOMAIN',name='USERNAME'").sid

This command will return the Security Identifier for your service account user. which should be in the form:


S-1-5-21-111231111-999991543-123445314-99999

Then run:


httpcfg set urlacl -u http://+:8000/yourservice/ -a D:(A;;GX;;;SVC_ACCT_SID)

Replace the SVC_ACCT_SID with the SID that the PowerShell command returned.

That should be all you need. Your WCF service should now start without errors.

Good luck,
Flux.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.