How to Fix “netsh http add urlacl Error 87: The parameter is incorrect” in Windows Server 2008


16 views

When working with URL reservations in Windows Server 2008, the netsh http add urlacl command sometimes throws Error 87 ("The parameter is incorrect"). This typically occurs when there's:

  • An invalid URL format
  • Permission issues
  • Problems with the user account specification

The failing command:

netsh http add urlacl url=http://+:99898/ user=ben

This should normally create a URL reservation for port 99898, assigning access rights to user 'ben'. However, the error suggests there's a parameter parsing issue.

1. Verify URL Format Requirements

Windows is particular about URL formats for reservations:

// Correct format examples:
netsh http add urlacl url=http://+:80/ user=DOMAIN\username
netsh http add urlacl url=https://*:443/ user=username

The + wildcard means "all hostnames", while * means "all unassigned hostnames". The port must be numeric.

2. User Account Specification

For local accounts, always specify the machine name:

// Correct:
netsh http add urlacl url=http://+:99898/ user=YOURMACHINE\ben

Or for built-in accounts:

netsh http add urlacl url=http://+:99898/ user="NT AUTHORITY\LOCAL SERVICE"

3. Port Number Validation

Ensure the port is:

  • Between 1-65535
  • Not already in use
  • Not requiring admin privileges (ports below 1024)

Try these diagnostic commands:

netsh http show urlacl
netstat -ano | find "99898"
whoami /all

Here's a complete, working reservation command for reference:

netsh http add urlacl url=http://+:99898/ user="BUILTIN\Users"

This grants URL access to all standard users on the machine.

If still encountering issues, consider using PowerShell:

New-NetFirewallRule -DisplayName "Allow Port 99898" -Direction Inbound -LocalPort 99898 -Protocol TCP -Action Allow

When working with HTTP URL reservations in Windows Server 2008, you might encounter Error 87 when executing commands like:

netsh http add urlacl url=http://+:99898/ user=ben

The error message indicates a parameter validation failure, but doesn't specify which parameter caused the issue. Let's break down the potential culprits.

Here are the most frequent reasons for Error 87 in this context:

  • User Account Format: Local accounts require the computer name prefix (e.g., ".\ben" or "localhost\ben")
  • Port Number Validation: Some Windows Server versions have stricter port validation
  • URL Syntax Requirements: While the trailing slash helps, other URL components matter too

For local user accounts, always specify the computer context:

netsh http add urlacl url=http://+:99898/ user=localhost\ben

Or alternatively:

netsh http add urlacl url=http://+:99898/ user=.\ben

If the issue persists, try these additional checks:

:: Verify the user exists
net user ben

:: Check existing URL reservations
netsh http show urlacl

:: Test with a different port (some ports require admin)
netsh http add urlacl url=http://+:8080/ user=.\ben

If you still face issues, consider these methods:

1. Using PowerShell (requires admin):

New-NetFirewallRule -DisplayName "Allow Port 99898" -Direction Inbound -LocalPort 99898 -Protocol TCP -Action Allow

2. Creating the reservation through IIS Manager if available:

  • Open IIS Manager
  • Navigate to "HTTP Response Headers"
  • Use "Set Common Headers" option

After successful reservation creation, verify with:

netsh http show urlacl | findstr "99898"

This should display your newly created reservation with the correct user binding.