We were getting the following error trying to deploy a new WCF service because the domain account which runs the service was not a local admin on the server on which it was installed:


Service cannot be started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8000/ourservice/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details).


The easy fix would have been to add the user as a local admin, but that's not the most security way to resolve the issue.

On a Windows Server 2008 and later box one could run the following command which should resolve the issue:


netsh http add urlacl url=http://+:PORTNUM/ user=DOMAIN\USERNAME


Since this particular application server didn't run 2008/2008R2 we had to use the httpcfg.exe program from the SUPPORT folder on the Windows Server 2003 installation media. This program requires one to specify a SID for the user who will run the service. A quick PowerShell command helps gather this information:


([wmi]"win32_userAccount.Domain='NETBIOSDOMAIN',name='USERNAME'").sid


This command will return the Security Identifier for your service account user. which should be in the form:


S-1-5-21-111231111-999991543-123445314-99999


Then run:


httpcfg set urlacl -u http://+:8000/yourservice/ -a D:(A;;GX;;;SVC_ACCT_SID)


Replace the SVC_ACCT_SID with the SID that the PowerShell command returned.

That should be all you need. Your WCF service should now start without errors.

Good luck,
Flux.