Encounter TF224004 when start build service

Today, I configured my TFS to use HTTPS protocol. After configured one build agent to to use HTTPS, I got  TF224004 when trying to start the build service.

Detailed Message: TF224004: The Visual Studio Team Foundation Build service failed to start because NT AUTHORITY\NETWORK SERVICE does not have the required access permissions for address https://161792m2:9191/Build/v2.0/AgentService.asmx. Exception Message: HTTP could not register URL https://+:9191/Build/v2.0/AgentService.asmx/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). (type AddressAccessDeniedException)

“Network Service” is the service account of the build service. After reading Steven Cheng’s reply at http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic49734.aspx, I figured out I was hitting the same issue.

Solution to this problem

1. On the build agent machine, open command window.
2. Run netsh http show urlacl. In the result, I noticed url https://161792m2:9191/Build/v2.0/AgentService.asmx was assigned a user other than “Network Service”.
   
3. Run netsh http delete urlacl url=https://161792m2:9191/Build/v2.0/AgentService.asmx
4. Run netsh http add urlacl url=https://+9191/Build/v2.0/AgentService.asmx user="NT AUTHORITY\NETWORK SERVICE"
5. Run netsh http show urlacl again to verify the urlacl has been set correctly.
   

After adding the URLACL for “Network Service” account, the build service could be started up successfully.