Can the web deploy agent run on a port other than 80 on IIS6?

iis configuration webserver webdeploy

22,624

Solution 1

There's a couple of ways to do this:

Option 1: Uninstall and re-install Specifying a different port:

msiexec /I WebDeploy_x86_en-US.msi /passive ADDLOCAL=ALL LISTENURL=http://+:8172/MsDeployAgentService

The command line installs the MsDeployAgentService and configures it to listen on port 8172 just like on IIS7.

Option 2: Re-configure Existing Service to listen on port 8172:

Stop the msdepsvc (net stop msdepsvc)

Edit the following registry value:

HKLM\SYSTEM\CurrentControlSet\Services\MsDepSvc\Parameters\ListenUrl

It'll look something like:

http://+:80/MsDeployAgentService

Change to:

http://+:8172/MsDeployAgentService

Query HTTP listeners:

httpcfg query urlacl

Your should see the following entry listed in the results:

URL : http://+:80/MsDeployAgentService/
ACL : D:(A;;GX;;;NS)

Modify listener:
```
httpcfg delete urlacl /u http://+:80/MsDeployAgentService/
```
This should respond with: HttpDeleteServiceConfiguration completed with 0.
```
httpcfg set urlacl /u http://+:8172/MsDeployAgentService/ /a D:(A;;GX;;;NS)
```
This should respond with: HttpSetServiceConfiguration completed with 0.

The ACL specified in the /a switch should match the ACL reported by the httpcfg query urlacl command
Restart the msdepsvc (net start msdepsvc).
You can confirm that the service is listening on port 8172 by doing:
```
netstat -an
```
You should see the following:
```
TCP    0.0.0.0:8172           0.0.0.0:0              LISTENING
```

Warning:

I would try this on a non-production machine first to ensure this works as you expect.

Solution 2

These are the changes I had to do for Windows 7, following Kev's recipe:

Step 3: netsh http show urlacl

Step 4: netsh http delete urlacl url=http://+:80/MSDEPLOYAGENTSERVICE/

netsh http add urlacl url=http://+:8172/MSDEPLOYAGENTSERVICE/ sddl=D:(A;;GX;;;NS)

Solution 3

For what it's worth, I glued together Kev's solid advice into a batch script for one stop shopping on changing port numbers.

:: Name:     MsDepSvc.Port.cmd
:: Purpose:  Modifies the TCP/IP port that the Web Deployment Agent Service
::           (MsDepSvc) listens on.  Tested on Win7 Enterprise 32-bit.
:: Author:   [email protected]
:: Revision: January 2013

@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
SETLOCAL ENABLEDELAYEDEXPANSION

:: variables
SET me=%~n0
SET url=
SET port=
IF NOT "%~1"=="" (
  SET /A port=%~1
)

ECHO %me%: Web Deployment Agent Service (MsDepSvc) port change script

:: default argument values
IF "%port%"=="" (
  SET /A port=8172
  ECHO %me%: INFO - using default port value of 8172
)

SC.EXE query msdepsvc >NUL 2>NUL
IF NOT "%ERRORLEVEL%"=="0" (
  ECHO %me%: ERROR - MsDepSvc not installed
  ECHO %me%: exiting
  EXIT /B 1
)

ECHO %me%: stopping MsDepSvc
NET STOP msdepsvc >NUL 2>NUL

:: check if the default port is set
REG.EXE QUERY HKLM\SYSTEM\CurrentControlSet\Services\MsDepSvc\Parameters /v ListenUrl >NUL
IF NOT "%ERRORLEVEL%"=="0" (
  ECHO %me%: ERROR - MsDepSvc ListenUrl registry key not found
  REG.EXE QUERY HKLM\SYSTEM\CurrentControlSet\Services\MsDepSvc\Parameters
  ECHO %me%: exiting
  EXIT /B 2
)

FOR /F "tokens=3" %%I IN ('REG.EXE QUERY HKLM\SYSTEM\CurrentControlSet\Services\MsDepSvc\Parameters /v ListenUrl ^| FINDSTR ListenUrl') DO (
  SET url=%%I
)
ECHO %me%: INFO - MsDepSvc current reservation is "%url%"

NETSH.EXE http show urlacl "%url%" >NUL
IF NOT "%ERRORLEVEL%"=="0" (
  ECHO %me%: ERROR - reservation for "%url%" not found
  EXIT /B 4
)

:: save the existing urlacl properties for User, Listen, Delegate, and SDDL
FOR /F "tokens=1,* delims=: " %%A IN ('NETSH.exe http show urlacl %url%  ^| FINDSTR "User Listen Delegate SDDL"') DO (
  SET URLACL.%%A=%%B
)

IF NOT DEFINED URLACL.User     ECHO %me%: Failed to read the exising URLACL setting for User     &&GOTO :ERROR
IF NOT DEFINED URLACL.Listen   ECHO %me%: Failed to read the exising URLACL setting for Listen   &&GOTO :ERROR
IF NOT DEFINED URLACL.Delegate ECHO %me%: Failed to read the exising URLACL setting for Delegate &&GOTO :ERROR
IF NOT DEFINED URLACL.SDDL     ECHO %me%: Failed to read the exising URLACL setting for SDDL     &&GOTO :ERROR

ECHO %me%: updating MsDepSvc to listen on port %port%
REG.EXE ADD HKLM\SYSTEM\CurrentControlSet\Services\MsDepSvc\Parameters /v ListenUrl /t REG_SZ /f /d "http://+:%port%/MSDEPLOYAGENTSERVICE/"

ECHO %me%: deleting the existing reservation for MsDepSvc
NETSH.EXE http delete urlacl "%url%" || GOTO :ERROR

ECHO %me%: adding the port %port% reservation for MsDepSvc
NETSH.EXE http add urlacl url=http://+:%port%/MsDeployAgentService/ user="%URLACL.User%" listen="%URLACL.Listen%" delegate="%URLACL.Delegate%" SDDL="%URLACL.SDDL%"  || GOTO :ERROR

ECHO %me%: starting MsDepSvc
NET START msdepsvc >NUL 2>NUL

ECHO %me%: process info for MsDepSvc
QUERY.EXE PROCESS MSDEPSVC.EXE
ECHO.
ECHO %me%: port bindings for MsDepSvc
NETSTAT.EXE -a -n -o | FINDSTR /R "TCP.*:%port%.*LISTENING Proto"
ECHO.
ECHO %me%: finished

:END
ENDLOCAL
ECHO ON
@EXIT /B 0

:ERROR
ECHO %me%: ERROR - exiting with errorlevel %ERRORLEVEL%
ECHO ON
@EXIT/B %ERRORLEVEL%

22,624

Author by

Troy Hunt

Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Online security, technology and “The Cloud”. Creator of Have I Been Pwned.

Updated on November 09, 2020

Comments

Troy Hunt over 3 years

I've got a bit of a challenge with a Windows 2003 machine where I need to run the web deploy agent on a port which isn't 80. By default, MsDepSvc will expose an endpoint at http://[server]/MsDeployAgentService which obviously implicitly listens on port 80.

The problem I have is that the machine is also running Visual SVN Server which is using port 80 and as a result, the web deployment agent service refuses to start. (At least this is the only logical conclusion I can draw.) I have a small SVN management app on the same machine which I'd like to publish over web deploy hence the conundrum.

Is it possible to run the agent on another port? Obviously if this was IIS7 we'd be on 8172 and everything would be fine but unfortunately that's not the case here. Any suggestions?
Doug almost 13 years

Epic fu there Kev - if this was ebay i'd be "AAAA++++"ing you fo showa
Shawn Holmes over 12 years

I just found this answer while searching for the same issue, but affecting a Windows 7 box, and the process worked for me, with the slight change of using the 'netsh' command instead. Ref: msdn.microsoft.com/en-us/library/ms733768.aspx
Matt over 12 years

I was getting the following errors and changing the port worked for me. "Retrying the sync because a socket error (10054) occurred. Retrying operation 'Serialization' on object sitemanifest (sourcePath)." Server side the event log contained, "System.Net.HttpListenerException: An operation was attempted on a nonexistent network connection." Thanks for the fix.
Martin_W about 12 years

Just a follow-up on Kev's answer: httpcfg is distributed as part of "Windows Server 2003 Service Pack 2 32-bit Support Tools (microsoft.com/download/en/…)".
Luke Puplett over 11 years

Option 1 failed for me: I was unable to reinstall because 8172 is already used by WMSvc (Web Management). I can't understand it - MsDepSvc needs WMSvc to work and yet both use the same port which doesn't make sense on paper, and in practice, for me, proves not to work! How does it work for anyone??
Kev over 11 years

@LukePuplett - not being flippant...but did you try option 2? Also what OS were you trying this on. I know that this answer does work specifically on Windows 2003, but I never tried it on Win7/2008/2008R2
Luke Puplett over 11 years

@Kev: Do you know, I think I figured out that there's Web Deploy and MS Deploy and that only one is needed. The second one is inside the Web Management feature. I think... it's so confusing.
Kev about 11 years

Just bumped into this. Nice adaptation +1 :)
Riaan about 11 years

this worked for me starting the service, but the Management icons are still missing in IIS. Any idea?
niico over 10 years

Thanks - I get an error though: "Url reservation add failed, Error: 183" "Cannot create a file when that file already exists"
Steve Jansen over 10 years

Hi @niico, what port number are you trying to use, are you sure it's an unused port, and what output do you see before the error message?
niico over 10 years

I'll step back if I may. I just want to stop it using port 80 - because that's open on the hardware firewall - and use another port that is closed (most are) so it's not open to the world, only to VPN users. I don't mind which port. Thoughts?
niico over 10 years

(the line before that error was: adding the port 1872 reservation for MsDepSvc) - this is a clean install of Web Deploy 3.5 on Windows Server 2012
Steve Jansen over 10 years

Something must be different for Windows Server 2012; unfortunately, I do not have access to a 2012 box. Can you paste the output of NETSH.exe http show urlacl %url% says, where %url% is the value output by the log line INFO - MsDepSvc current reservation is "%url%"?
Heki over 9 years

It's worth mentioning that the script will fail on non-english Windows. In danish (my os language), global replace URLACL.User with URLACL.Bruger, URLACL.Listen with URLACL.Lyt, URLACL.Delegate with URLACL.Deleger. Leave URLACL.SDDL as this is the same in both languages.
Sukhdevsinh Zala about 7 years

I am using Windows Server 2016, I can't find "httpcfg.exe".