How to Fix “netsh http add urlacl Error 87: The parameter is incorrect” in Windows Server 2008


1 views

When working with URL reservations in Windows Server 2008, the netsh http add urlacl command sometimes throws Error 87 ("The parameter is incorrect"). This typically occurs when there's:

  • An invalid URL format
  • Permission issues
  • Problems with the user account specification

The failing command:

netsh http add urlacl url=http://+:99898/ user=ben

This should normally create a URL reservation for port 99898, assigning access rights to user 'ben'. However, the error suggests there's a parameter parsing issue.

1. Verify URL Format Requirements

Windows is particular about URL formats for reservations:

// Correct format examples:
netsh http add urlacl url=http://+:80/ user=DOMAIN\username
netsh http add urlacl url=https://*:443/ user=username

The + wildcard means "all hostnames", while * means "all unassigned hostnames". The port must be numeric.

2. User Account Specification

For local accounts, always specify the machine name:

// Correct:
netsh http add urlacl url=http://+:99898/ user=YOURMACHINE\ben

Or for built-in accounts:

netsh http add urlacl url=http://+:99898/ user="NT AUTHORITY\LOCAL SERVICE"

3. Port Number Validation

Ensure the port is:

  • Between 1-65535
  • Not already in use
  • Not requiring admin privileges (ports below 1024)

Try these diagnostic commands:

netsh http show urlacl
netstat -ano | find "99898"
whoami /all

Here's a complete, working reservation command for reference:

netsh http add urlacl url=http://+:99898/ user="BUILTIN\Users"

This grants URL access to all standard users on the machine.

If still encountering issues, consider using PowerShell:

New-NetFirewallRule -DisplayName "Allow Port 99898" -Direction Inbound -LocalPort 99898 -Protocol TCP -Action Allow

When working with HTTP URL reservations in Windows Server 2008, you might encounter Error 87 when executing commands like:

netsh http add urlacl url=http://+:99898/ user=ben

The error message indicates a parameter validation failure, but doesn't specify which parameter caused the issue. Let's break down the potential culprits.

Here are the most frequent reasons for Error 87 in this context:

  • User Account Format: Local accounts require the computer name prefix (e.g., ".\ben" or "localhost\ben")
  • Port Number Validation: Some Windows Server versions have stricter port validation
  • URL Syntax Requirements: While the trailing slash helps, other URL components matter too

For local user accounts, always specify the computer context:

netsh http add urlacl url=http://+:99898/ user=localhost\ben

Or alternatively:

netsh http add urlacl url=http://+:99898/ user=.\ben

If the issue persists, try these additional checks:

:: Verify the user exists
net user ben

:: Check existing URL reservations
netsh http show urlacl

:: Test with a different port (some ports require admin)
netsh http add urlacl url=http://+:8080/ user=.\ben

If you still face issues, consider these methods:

1. Using PowerShell (requires admin):

New-NetFirewallRule -DisplayName "Allow Port 99898" -Direction Inbound -LocalPort 99898 -Protocol TCP -Action Allow

2. Creating the reservation through IIS Manager if available:

  • Open IIS Manager
  • Navigate to "HTTP Response Headers"
  • Use "Set Common Headers" option

After successful reservation creation, verify with:

netsh http show urlacl | findstr "99898"

This should display your newly created reservation with the correct user binding.