ServiceHost.Open() is throwing this error:
HTTP could not register URL http://+:8001/. Your process does not have
access rights to this namespace (see
http://go.microsoft.com/fwlink/?LinkId=70353 for details).
So I used netsh to add the url. But event though it is added, i'm still getting the error. This is the command I use:
netsh http add urlacl url=http://+:8001/ user=djerryy
djerryy is my computername. When I run netsh http show urlacl i see it was added.
What am I doing wrong?
Thanks in advance.
It looks like you are missing the name of the user account who is running the service. Here's a couple of options:
Local user account:
netsh http add urlacl url=http://+:8001/ user=ComputerName\Username
Domain user account:
netsh http add urlacl url=http://+:8001/ user=DomainName\Username
Built-in NetworkService account:
netsh http add urlacl url=http://+:8001/ user="NT AUTHORITY\NETWORK SERVICE"
I must stress:
netsh http add urlacl url=http://+:8001/ user="NT AUTHORITY\NETWORK SERVICE"
will work only on a system with the English locale!
A better way is to remove that one space and make it:
netsh http add urlacl url=http://+:8001/ user="NT AUTHORITY\NETWORKSERVICE"
Now the command will work on any locale. I spent a good 0,5h battling this today... all because of a single char. ;)
To add even more to this answer: You MUST specify a port number! Spend quite a while trying to authorize a service to bind to a normal HTTP address, it only started working when I explicitly specified:
netsh http add urlacl
url=http://some.example.com:80/extension/
user="NT AUTHORITY\NETWORKSERVICE"
Related
I'm trying to register wcf net tcp port sharing, for a process to listen on this port (currently the client machine can't even ping this port eventhough the process is up so I read this command is needed):
netsh http add urlacl user=domain\svcUser url=net.tcp://+:8092/Service1
getting Url reservation failed, Error 87. The parameter is incorrect.
Also tried changing the user, the port, removing the Service1, adding a trailing /. Is there anything else that should be done?
Remark: The following command does succeed (but does not help): netsh http add urlacl user=domain\svcUser url=http://+:8092/Service1
This post shows the usage of netsh in this case
This post deals with error 87 but did not solve in my case
You mean the command succeed but it didn't work. This is not normal.
Maybe you can try this:
netsh http add urlacl url=http://+:8092 user=domain\svcUser
On Friday I successfully bound my certificate to port 443 using netsh.
Today I need to change the port, so I tried to 'unbind' it with netsh:
netsh delete sslcert ipport=0.0.0.0:443
The result is an error message
The following command was not found: delete sslcert
ipport=0.0.0.0:443.
Confusingly the command is exactly as specified in the Microsoft documentation for netsh.
How do I remove a port binding so that I can rebind the certificate to another port?
Try this one
netsh http delete sslcert ipport=0.0.0.0:443
You were missing the http parameter.
When hosting a WCF service in a windows service, we can use netsh http add urlacl url=https://+:1234/xService user=DOMAIN\USER
Then to add SSL we could do:
netsh http add sslcert ipport=0.0.0.0:1234 certhash="xxxxx" appid="{xxxxx}".
In the example code here https://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx they seem to use a http address.
Does this make any difference? If you run netsh http add sslcert on a port reserved with a http:// address will it still be secured by the certificate, or does it have to be a https address?
It needs to use https and your service should also serve https://...
I'm selfhosting a NancyFx service with Owin (on intranet from a Windows 8 machine) and it works fine. Trying to switch to HTTPS but have run into problems.
I have:
Created self-signed root CA
Created exchange-cert using above CA (CN=mycomputer)
Exported public key of CA and installed on client-machine
Used netsh to add urlacl to https://+:5001
Used netsh to add sslcert with thumb-hash etc.
The service-host looks to start allright on my address, https://mycomputer:5001, but when I try to access this address I first get the warning about unsecure connection (which I shouldn't if I have installed the public key CA-cert right?) and when continuing anyway I get a "service not available"-respons.
Any hints to what could be wrong?
Do I have to config Nancy/Owin to use the certificate somehow or is it enough to have it attached to the endpoint with netsh?
I've got it working. I've found it useful to have a number of checks in the process.
CHECK1 - Cert import ok:
- After you install the cert on the machine run certutil -store MY
- You shoudle see the cert details there (sha/user created/name etc)
- If not STOP. You probably imported into the user store (or the cert is invalid). You MUST start with empty mmc and import certificates for the MACHINE.
CHECK2 - url is added to urlacl list in netsh
- After you add the uri to acl run netsh http show urlacl
- If your uri / port is not listed STOP. The url isn't added correctly.
CHECK3 - ssl is bound to urlacl
- After running the add sslcert command run netsh http show sslcert
- If your port/sha combination is not listed then check the sha has no spaces / appid is unique / app id + braces surrounded by quotes (if executing from PS)
Hope it helps. I created the above after 6 hours of head banging. It now works!
I'm trying to set up some ports from a WIX installer. For WinXP we use httpcfg in a custom action and this works fine. For Win7, we're trying:
netsh http add urlacl url=http://127.0.0.1/8346/ user="NT AUTHORITY\Authenticated Users" sddl="D:(A;;GX;;;AU)"
The WIX installer correctly executes this statement and sets up the ports - FOR THE ADMINISTRATOR who runs the .msi. Users with lesser priviliges cannot access these ports. I need to set it up for all users on the machine, but I've tried about everything I can think of with no luck.
Something I find odd is that the Admin user can see the assigned ports using netstat -a, but they do not appear at all using netsh http show urlacl...is that an indicator of something wrong?
If 8346 is your port number you syntax is incorrect it should be.
netsh http add urlacl url=http://127.0.0.1:8346/ user="NT AUTHORITY\Authenticated Users"
You can add condition to the setup file to prompt for UAC when installation starts. this will ensure all the installer is started by admin and thus will add exception in firewall even when user does not have admin rights.