Customizing and Securing the Remote Service

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP

This topic shows you how to set a custom ListenURL, how to determine which services listen on which URLs, and how to set up a Web Deploy remote service to use an SSL binding.

Setting the ListenURL

By default, the ListenURL for the remote service is https://+:80/MsDeployAgentService. Before you specify a custom ListenURL, check to see that the URL and port that you want to use are available.

Warning

If you specify a URL that has already been registered (assigned) to another Windows service, that registration will be deleted without warning. The specified URL will be re-registered for use by the Web Deploy remote service.

Viewing URL reservations

To determine which service is listening on a particular URL, you can view the URL reservations by running one of the following commands at an administrative command prompt.

  • At a Windows Server® 2008 administrative command prompt, type netsh http show urlacl.

  • At a Windows Server 2003 administrative command prompt, type httpcfg query urlacl. The Httpcfg.exe file is part of the Windows Support Tools. For more information, see Configuring the HTTP Kernel-Mode Driver (Http.sys).

If you do not see a URL reservation for Web Deploy (the default will show as https://+:80/MSDEPLOYAGENTSERVICE/ for the user NT AUTHORITY\NETWORK SERVICE), or if you see more than one reservation for MSDEPLOYAGENTSERVICE, remove the extra reservations and reinstall the Web Deployment Tool.

   

Specifying a custom port and URL

To specify a custom URL that the Web Deployment Agent Service listens on, uninstall Web Deploy if it is already installed, and then reinstall it by using the Windows Installer Msiexec.exe command.

The following example shows how to use the Msiexec.exe command. Replace <msi_filename> with the name of the x86 or x64 installer file that you downloaded. Replace <msilogfilename> with the name of a file in which you want to record information about the installation.

msiexec /i <msi_filename> /l<msilogfilename>/passive ADDLOCAL=ALL LISTENURL=https://+:8080/MsDeployAgentService2/

Warning

  • Be sure to uninstall Web Deploy first if it has already been installed.

  • Do not change the name of the .msi file.

  • Be sure to include the colon after the plus sign and before the port number (for example, https://+:8080.)

  • Be sure that the port number that you specify is not already being used.

  • If the installation still does not complete successfully, examine the log file for errors that may have occurred.

  • To confirm the change, follow the directions in the Viewing URL reservations section earlier in this topic. 

       

    Viewing registered URLs for sites and applications

    To see the registered URLs for the sites and applications of different application pools, type the following command at an administrative command prompt.

    netsh.exe http show servicestate view=request

    Important

    If you see a different service listening on the port you chose for Web Deploy, you may have a conflict that is preventing Web Deploy from listening on that port. If so, choose a different port for Web Deploy.

       

    Viewing only the registered URLs

    The output of the previous command is quite verbose. If you want to see only the registered URLs and their ports, use the findstr command to limit the output, as in the following example.

    netsh http show servicestate | findstr /i http

       

    Changing the ListenURL after installation

    If you want to change the ListenURL after you have already installed Web Deploy, the simplest solution is to reinstall the Web Deployment Tool and specify a new ListenURL during the reinstallation. Reinstallation is relatively quick (typically less than 30 seconds), and your system configuration will not be affected as long as your other installation choices do not change.

    Setting up the Remote Service to use SSL

    For enhanced security, you can specify an HTTPS certificate that will be used when you connect to the Web Deploy remote service. To do this, install Web Deploy with a custom port and ListenURL, set your SSL certificate to the custom port, and start the remote service. The following examples show these steps.

    To set an Web Deploy remote service SSL binding on Windows Server 2003

    1. Install Web Deploy and specify a custom port. Replace <msi_filename> with the name of the x86 or x64 installer file that you downloaded.

      msiexec /i <msi_filename> /passive ADDLOCAL=ALL LISTENURL=https://+:443/MsDeployAgentService/

    2. Set the SSL binding.

      • Use the following syntax on Windows Server 2003.

        httpcfg set ssl -i 0.0.0.0:443 -h 55F3E60622CE26F28C2AFE4C39F09F38F1204323 -g {00000000-0000-0000-0000-000000000000}

      • Use the following syntax on Windows Server 2008.

        netsh.exe http add sslcert ipport=0.0.0.0:443 appid={00000000-0000-0000-0000-000000000000} certhash=55F3E60622CE26F28C2AFE4C39F09F38F1204323

    3. Start the Web Deploy remote service.

      net start msdepsvc

    See Also

    Web Deploy Remote Service

    Installing the Remote Service

    Managing the Remote Service

    Using the Remote Service