HTTP Permissions Issues


Sorry to trouble the group: I’m disguising Azure/Windows server ignorance as an Event Store issue. Hope someone can help anyway.

Trying to serve Event Store 3.0.3 on an Azure VM deployment (Windows Server 2012 Data Center R2).

I have:

  1. Added a TCP endpoint for port 2113 through the Azure Portal

  2. Added Inbound and Outbound firewall rules for TCP port 2113

  3. Added HTTP permissions (netsh http …)

  4. Run the Event Store as administrator

The result is:

  • 503 Service Unavailable when I try to access the UI locally

  • No response when I hit the VM at port 2113 publicly

I’ve followed the 503 guidance, which seems to be explained by duplicate entries in the reservations.

  • There’s only a single entry in the listing for port 2113.

  • When I remove the single entry anyway I can then access the UI locally (but still not externally)

Thanks for any help. Happy Easter,


What exactly have you run?

What is the output of netsh http show urlacl

I’m following these instructions generally.

Here’s the snippet from that command:

Reserved URL : http://+:2113/
Listen: Yes
Delegate: No
SDDL: D:(A;;GX;;;LA)

So that’s from running:

netsh http add urlacl url=http://+:2113/ user=\joel

Should I specify the external IP explicitly?


Try removing and starting as admin (as specified there)

Here’s the entire output:

PS C:\Users\joel> netsh http show urlacl

URL Reservations:

Right. I had tried this. What happens is that I can then access the UI locally, but it remains unavailable externally. After removing the entry there remains no url reservation for port 2113 in the list. All of the issues people had online seemed to be related to duplicate url reservations … but that doesn’t seem to be the culprit here. Shrug.


What are you binding as and what are your public routes that need to
be setup? Have you setup any prefixes?

And when you say locally to which uri? obviously setting things up on
localhost will not be available remotely.

btw from the sounds of it above you are at a point that would be
working *without azure* and now need the azure specific stuff

I’ve not got much further than executing this command from the docs:

netsh http add urlacl url=http://+:2113/ user=\joel

Sorry, I’m not sure what you mean by “what are you binding as”. Should I bind to a specific external IP or URL? (I tried this anyway to no avail).

I’m not sure what public routes I would need to access the UI externally - it’s served from the root at that address.


By “locally”, I mean that I can access the UI on the VM at “http://localhost:2113”.

I have no doubt this is true. Thanks for working through it. I’ll look more closely at the recently posted Azure provisioning scripts.



ok you are in azure.
You have added the route (lets assume it works locally).

The next thing is when you start event store you need to tell it to
bind to a ip (there could be any on your machine) normally you would
want to bind to a public ip not say localhost this is using say

This however is only enough if running on say a local machine. If you
are using elastic ips/nat/etc you also need to inform that bound
address that it should also respond not only as it itself but also as
some other ip (--prefix=http://*:2113 as example).

You are right though in your first email that none of this is ES specific



I found the magic sauce.

Thanks, and it was this last piece that brought it together.