Today, I configured my TFS to use HTTPS protocol. After configured one build agent to to use HTTPS, I got TF224004 when trying to start the build service.
Detailed Message: TF224004: The Visual Studio Team Foundation Build service failed to start because NT AUTHORITY\NETWORK SERVICE does not have the required access permissions for address https://161792m2:9191/Build/v2.0/AgentService.asmx. Exception Message: HTTP could not register URL https://+:9191/Build/v2.0/AgentService.asmx/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). (type AddressAccessDeniedException)
“Network Service” is the service account of the build service. After reading Steven Cheng’s reply at http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic49734.aspx, I figured out I was hitting the same issue.
Solution to this problem
- On the build agent machine, open command window.
- Run netsh http show urlacl. In the result, I noticed url https://161792m2:9191/Build/v2.0/AgentService.asmx was assigned a user other than “Network Service”.
- Run netsh http delete urlacl url=https://161792m2:9191/Build/v2.0/AgentService.asmx
- Run netsh http add urlacl url=https://+9191/Build/v2.0/AgentService.asmx user="NT AUTHORITY\NETWORK SERVICE"
- Run netsh http show urlacl again to verify the urlacl has been set correctly.
After adding the URLACL for “Network Service” account, the build service could be started up successfully.