WAC is causing 503 The Service is Unavailable errors on my IIS sites
WAC, by default, reserves anything that runs on port 443. This is causing 503 The Service is Unavailable errors on my IIS sites, as this reservation will prevent W3SVC from obtaining the rights to listen on port 443 when it tries to start the site.
>netsh http show urlacl
Reserved URL: https://+:443/
Can't get security descriptor, Error: 87
This issue is solved by deleting that reservation and change port on WAC
>netsh http delete urlacl https://+:443/
Please document this issue (change the default port from 443) because it is A Not So Common Root Cause for 503 Service Unavailable and it would take a long time for some of us to figure that out.
WhyDoYou NeedMyName commented
We added the Admin Center to our VM template, first found this issue when standing up a new root CA, after removing Admin Center, this HTTPS registration did not go away and I had to delete it manually via the aforementioned netsh command. Same error 87, all SSL traffic to the server redirected to the Admin Center, and then a basic 503 when it was removed.
I'm also going to submit a bug report, since WAC is out of "beta" and this issue is nearly a year old now...
Karl Wester-Ebbinghaus (@tweet_alqamar) commented
happened to me too sometimes. Reinstalling or upgrading helped. Seems to be fixed in current Insider release.
Roy Lomicka commented
If you opted for http redirection to https when installing WAC, the same applies to port 80 as well as 443. Also, I found that uninstalling WAC did not delete the URL reservations. I had to do the netsh http deletes myself after uninstalling WAC to get rid of the 503 errors. Note that if you install WAC on a system that already has IIS or other web server running on 80 and/or 443, your WAC will reserve the port you specified, and if you then uninstall WAC, you might want to delete that reservation so you can use that port for something else later.