Introduction
Having attempted a successful install of Team Foundation Server (TFS) with each new version, beginning with the Beta 2, the author has come to liken the installation process to waging war on a small country. In this case, the author sincerely believes the battle is worth the effort, and victory yields a suite of tools that can assist in streamlining and optimizing the development operations of any team, whether it is a small start-up development group or a large-cap software corporation.
Biased plugs for Team System's inherent value not withstanding; Microsoft's documentation through Release to Market (RTM) and even now is, to be polite, a work in progress. Should one wish to simply deploy TFS to a single-server and use it within a sterile, controlled LAN environment, then the documentation is seemingly sufficient; however, this author suspects this deployment scenario is not the case for most potential adopters. With Service Pack 1, Microsoft officially supports accessing TFS over Secure Sockets Layer (SSL,) and with some degree of geographic distribution in almost every development team, the author assumes many, if not most, will wish to leverage this capability.
The purpose of this document is not to address every potential obstacle in the war, but facilitate the battle of configuration. The author's intent in composing it is to integrate all of the resources he has found with personal experiences and suggestions, along with the wealth of knowledge he achieved through hours of painstaking debugging efforts with some of Microsoft's finest architects, engineers and support staff. In fact, this document would not be possible without the help of Chris Cooper and Brad Peters, escalation engineers with the Team Foundation Developer Support Group, Bill Essary, a TFS Architect, and James Manning, a TFS Development Team member; their dogged persistence was what kept this author from throwing in the proverbial towel long ago. The author does not intend to replace Microsoft's official documentation; the intent is to append it. For this purpose, this document provides links to all Microsoft source documentation for tandem reference in tackling this task.
Finally, as the intent of this document is to improve and expand the Team System culture, this author welcomes all readers' thoughts, experiences, questions and suggestions as well. It is the author's opinion that this open information sharing and technical community interaction will continue to propel technology forward and raise the bar for all of our peers and colleagues.
Preparing for Team Foundation Server
This section will describe the hardware, software and system configurations required/recommended to deploy TFS into a single-server environment, subsequently requiring access to the configured server via SSL with the option of Integrated or Basic Authentication. Additionally, links are provided to the TFS install guide, the TFS Administration Guide, the current authority on enabling SSL access for a TFS deployment, the official documentation for requiring SSL access and enabling Basic/Digest Authentication, and finally to great Microsoft blog resources for additional TFS information.
Hardware
Microsoft has recommended various system configurations for deploying TFS based on the number of users. The author's personal recommendation is for a server-class machine with a Xeon processor, at least 2GB of RAM and an adequate Hard Disk Drive. Obviously the better the system one can sacrifice, the better the performance one will see.
Operating System
The author strongly recommends using Windows Server 2003 R2 with all critical security patches. According to Microsoft, success is possible using the initial release of Server 2003 with SP1, but this author has found that he ends up fighting OS issues long before he gets to wrestling with TFS. After installing the OS, one may use Microsoft Update to apply all desired security/software updates. The author's eventual success resulted from a clean install of Windows Server 2003 R2 Enterprise Edition with all critical and optional updates applied for all installed software via Microsoft Update.
Software
For the installation, one needs the following installation media:
- Operating System Installation Media
- Microsoft SQL Server 2005 Installation Media
- Team Foundation Server Installation Media
For successful installation, the author used Microsoft SQL Server 2005 Enterprise Edition and the fully licensed version of TFS. The author assumes that the TFS Workgroup edition is acceptable as well; the documented restrictions regarding this version still apply.
Mandatory Downloads
One will also need to have SQL Server 2005 SP1, Microsoft SharePoint Services with SP2, Visual Studio Team Foundation Server Quiescence GDR and Team Foundation Server SP1 available during the install. The author's recommendation is to create an installation tools folder on the deployment machine and download these items prior to beginning the installation and configuration from the following locations:
- SQL Server 2005 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyID=CB6C71EA-D649-47FF-9176-E7CAC58FD4BC&displaylang=en
- Microsoft SharePoint Services with SP2: http://www.microsoft.atat.at/downloads/details.aspx?FamilyID=b922b28d-806a-427b-a4c5-ab0f1aa0f7f9&DisplayLang=en
- Visual Studio Team Foundation Server Quiescence GDR: http://www.microsoft.com/downloads/details.aspx?familyid=C18C756E-8F80-4987-B3BF-600068A9E3C4&displaylang=en
- Team Foundation Server SP1: http://www.microsoft.com/downloads/details.aspx?familyid=a9ab638c-04d2-4aee-8ae8-9f00dd454ab8&displaylang=en
Setup and Service Accounts
There are three service accounts required to complete a TFS installation in a single server environment successfully. These are:
- TFSSETUP - Used to run Team Foundation Server Setup
- This account must be an administrator on Team Foundation Server computers. The account must be a member of the same domain as the following two service accounts
- If one is installing the Team Foundation Server Workgroup Edition, the installation adds this account to the Team Foundation Licensed Users group. For this reason, one should run Setup with one's user account
- TFSSERVICE - Used as the service account by Team Foundation Server Windows services (Code Coverage Analysis Service and TFSServerScheduler), and the SharePoint Timer Service
- Used as the application pool identity by the Team Foundation Server application pool (TFS AppPool), and the Windows SharePoint Services application pools (TFWSS and TFSWSSADMIN)
- For optimal security, this service account should not be an administrator on Team Foundation Server computers and should have the option 'Account is sensitive and cannot be delegated' selected for Active Directory on the domain
- TFSREPORTS - Used as the service account by SQL Server Reporting Services data sources
- This account should not be an administrator on Team Foundation Server computer
Links
There is a massive amount of information available concerning Team System installation and configuration. The problem, in this author's opinion is that the vast majority of this information is either a) critically flawed or b) questionable speculation by end users about what 'mysteriously' worked for them at some point in their frustration. The links provided here are those published officially by Microsoft and for blogs maintained by Microsoft engineers. As mentioned before, there are some errors in the current documentation, but these documents are still a great resource for troubleshooting.
Official Microsoft Documentation
- Team Foundation Server Installation Guide: http://www.microsoft.com/downloads/details.aspx?familyid=E54BF6FF-026B-43A4-ADE4-A690388F310E&displaylang=en
- Team Foundation Server Administrator's Guide: http://www.microsoft.com/downloads/details.aspx?familyid=2AED0ECC-1552-49F1-ABE7-4905155E210A&displaylang=en
- Walkthrough: Setting Up Team Foundation Server with Secure Sockets Layer (SSL): http://msdn2.microsoft.com/en-us/library/ms242875(VS.80).aspx
- How To: Configure Team Foundation Server for HTTPS and SSL Only: http://msdn2.microsoft.com/en-us/library/aa395285(VS.80).aspx
- Walkthrough: Setting Up Team Foundation Server To Require HTTPS and Secure Sockets Layer: http://msdn2.microsoft.com/en-us/library/aa833873(VS.80).asp
Helpful Blogs
- Buck Hodges: http://blogs.msdn.com/buckh/
- James Manning: http://blogs.msdn.com/jmanning/
Installing and Configuring TFS Pre-Requisites
This section will cover the steps necessary to install and configure all TFS prerequisites. The author assumes the system administrator is addressing a system with a clean operating installation and no further configuration activity. For this reason, this document will cover enabling and configuring Internet Information Services (IIS) as well as installation and configuration of SQL Server 2005, installing SQL Server 2005 Service Pack 1, and installing Microsoft SharePoint Services 2.0 with Service Pack 2.
Internet Information Services (IIS)
- Start the Configure Your Server Wizard by doing either of the following:
- By default, Manage Your Server starts automatically when Windows starts; from Manage Your Server, click 'Add or remove a role'
- From Control Panel, open Administrative Tools, and then open Configure Your Server Wizard
- On the Welcome to the Configure Your Server Wizard page, click 'Next'
- On the Preliminary Steps page, click 'Next'
- On the Server Role page, click 'Application server (IIS, ASP.NET),' and then click 'Next'
- On the Application Server Options page, select 'Enable ASP.NET,' and then click 'Next'
Important: Do NOT select 'FrontPage Server Extensions'. This server will host Windows SharePoint Services, which is incompatible with FrontPage Server Extensions
- On the Summary of Selections page, click 'Next'
Note: Windows may prompt for insertion of the Windows Server 2003 installation media
- Click 'Finish' to complete the wizard
- Visit Microsoft Update (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) and install all items in the Critical Updates and Service Packs group
To install IIS using Add or Remove Programs utility
- From Control Panel, open Add or Remove Programs
- Click 'Add/Remove Windows Components;' the Windows Components Wizard starts
- On the Windows Components page, highlight and select 'Application Server', and then click 'Details'
- If not already checked, select 'ASP.NET,' and then click 'OK'
Important: If one selects 'Internet Information Services (IIS)' and then clicks 'Details,' do NOT select 'FrontPage 2002 Server Extensions.' This server will host Windows SharePoint Services, which is incompatible with FrontPage Server Extensions
- On the Windows Components page, click 'Next'
Note: Windows may prompt for insertion of the Windows Server 2003 installation media
- Click 'Finish' to close the wizard
- Visit Microsoft Update (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) and install all items in the Critical Updates and Service Packs group
SQL Server 2005 with Service Pack 1
Preparing SQL Server for use in a TFS deployment requires either installation of a SQL Server Hot Fix or application of SQL Server SP1. This author strongly recommends the latter, and this walkthrough will proceed as such.
Installing SQL Server 2005
- Log on to the TFS machine using the Team Foundation Server Setup account (Domain\TFSSETUP)
- Insert the CD for Microsoft SQL Server 2005 and under 'Install' on the SQL Server 2005 Start page, click 'Server components, tools, Books Online, and samples;' the Microsoft SQL Server 2005 Setup Wizard starts
- On the End User License Agreement page, review the license agreement, select 'I accept the licensing terms and conditions,' and then click 'Next'
- On the Installing Prerequisites page, click 'Install.' After the required components are installed successfully, click 'Next;' the Microsoft SQL Server Installation Wizard starts
- Click 'Next' to start the System Configuration Check
- On the System Configuration Check page, check the status of any required actions, such as required system restarts and follow the guidance on this page until all actions achieve 'Success' status. After all actions achieve 'Success' status, click 'Next' to start installation
- On the Registration Information page, complete the registration information, and then click 'Next'
- On the Components to Install page, select the following components and then click 'Advanced:'
- SQL Server Database Services
- Analysis Services
- Reporting Services
- Integration Services
- Workstation components, Books Online, and development tools
Note: Team Foundation Server does not require enabling of Notification Services
- On the Feature Selection page, expand the following nodes and specify the following options:
Note: Except as noted below, one should not change the default selections in any other feature areas
- Under 'Client Components,' the only required feature to install is 'Management Tools.' For all other items under 'Client Components', one can optionally click the icon and select 'Entire feature will be unavailable'
- Under 'Documentation, Samples, and Sample Databases,' one can optionally click the icon for 'Books Online' and select 'Entire feature will be unavailable'
- Click 'Next'
Tip: To optimize system performance, select 'Data Files' and click 'Browse' to specify a file location on a different physical hard drive; by default, SQL Server 2005 installs all files to the system drive. One can do the same for Data Files under 'Analysis Services'
- On the Instance Name page, select 'Default instance,' and then click 'Next'
Important: Team Foundation Server setup fails if one specifies a named instance
- On the Service Account page, clear the 'Customize for each service account' option
- Select 'Use the built-in System account' and from the list select 'Local system'
- In 'Start services at the end of setup,' select all services: SQL Server, SQL Server Agent, Analysis Services, Reporting Services, and SQL Browser, and then click 'Next'
Note: The service account is for Microsoft SQL Server 2005 and should not be confused with the two service accounts obtained prior to starting installation
- On the Authentication Mode page, select 'Mixed Mode', specify an SA password and then click 'Next'
Note: If one does not wish to specify an SA password, Microsoft's official documentation suggests that no known issues arise from selecting 'Windows Authentication Mode.' In this author's experience, some authentication issues may present themselves when following the Microsoft recommendation; however the author recognizes that this may be a more secure and desirable path for some organizations
- On the 'Collation Settings' page, select the appropriate collation for the applicable language, and then click 'Next'
Note: If one changes Collation designator and sort order, one must select 'Accent Sensitive'
- Team Foundation Server does not support collations that are as follows:
- Accent Insensitive
- Binary
- Binary2
- Case Sensitive
- For more information about collation settings, see Collation Settings in Setup in the SQL Server 2005 books online
- On the Report Server Installation Options page, select 'Install the default configuration,' and then click 'Next'
- On the Error and Usage Report Settings page, one can optionally select 'Automatically send Error reports for SQL Server 2005 to Microsoft or your corporate error reporting server' and 'Automatically send Feature Usage data for SQL Server 2005 to Microsoft,' and then click 'Next'
- On the Ready to Install page, review the list of components to be installed and then click 'Install'
- On the Setup Progress page, one can monitor the installation status of each component. After setup has completed, click 'Next'
Note: Installation may appear to hang for several minutes during activation of SQL Server Reporting Services
- Click 'Finish' to exit the wizard
Installing Service Pack 1
There are two methods of installing SQL Server 2005 SP1. The first is simply to execute the SQL Server 2005 SP1 executable, downloaded previously to the Install Tools folder. This method requires one to stop running SQL Server services manually during the installation. The second option is the recommended option. By navigating to the Microsoft Update site (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) and installing all items in the Critical Updates and Service Packs group, one can ensure that all necessary security updates are applied as well as apply SQL Server 2005 SP1 with no user interaction. Please note that this latter method will require a system reboot upon completion.
Testing the SQL Server 2005 Installation
To verify that the services are running:
- From the Start menu, click 'All Programs,' click 'Microsoft SQL Server 2005,' click 'Configuration Tools,' and then click 'SQL Server Configuration Manager'
- Select 'SQL Server 2005 Services' and verify that each service has a green arrow which indicates that the service is running
- Select 'SQL Server 2005 Network Configuration,' click 'Protocols for MSSQLServer,' and then verify that 'TCP/IP' is enabled
To verify a connection to the server:
- From the Start menu, click 'All Programs,' click 'Microsoft SQL Server 2005,' and then click 'SQL Server Management Studio'
- In the Connect to Server dialog box, select 'Database Engine' in Server type, type the name of the server to which to connect, and then click 'Connect'
To verify accessibility of Reporting Services:
- Open a web browser and type the following address: http://localhost/reports
- Enter acceptable user credentials if prompted
Note: If one is unable to verify/accomplish any of the steps above, immediate troubleshooting is required. It is imperative to resolve any existing issues prior to proceeding to subsequent steps.
Microsoft SharePoint Services 2.0 with Service Pack 2
- Log on to the TFS machine using the Team Foundation Server Setup account (Domain\TFSSETUP)
- Initiate the Microsoft Windows SharePoint Services installation wizard:
- Open the Install Tools folder created at the beginning of this walkthrough and double-click the self-extracting installer file 'stsv2.exe,' or
- Download Microsoft Windows SharePoint Services with Service Pack 2 (http://go.microsoft.com/fwlink/?linkid=55087) and save the file to the local hard disk, then double-click the self-extracting installer file (stsv2.exe)
- On the End-User License Agreement page, review the license agreement, select 'I accept the terms in the License Agreement' and then click 'Next'
- On the Type of Installation page, select 'Server Farm,' and then click 'Next'
Important: One MUST install Windows SharePoint Services by using the Server Farm option. This configures Windows SharePoint Services to use a remote SQL Server. Later, Team Foundation Server Setup will configure Windows SharePoint Services to use the same SQL Server instance as the rest of Team Foundation Server
- On the Summary page, click 'Install'
- When the installation is complete, a Web browser window opens and displays the Configure Administrative Virtual Server page. After confirming that the page appears, close the browser window without making any changes
Important: Do not make any changes on the page that appears. Later, Team Foundation Server Setup will configure Windows SharePoint Services to use the same instance of SQL Server as the rest of Team Foundation Server
- If the page does not appear, one should determine the cause and troubleshoot using either Troubleshooting Installation for Team Foundation Server or the Windows SharePoint Services Administrator's Guide (http://go.microsoft.com/fwlink/?LinkId=52668)
- Visit Microsoft Update (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) and install all items in the Critical Updates and Service Packs group
- Restart the computer
Install and Verify Team Foundation Server with Service Pack 1
This section will cover the actual installation of TFS, application of TFS SP1, and steps necessary to confirm initial installation success. Please keep in mind that the objective at this point is to establish a baseline success that will limit troubleshooting later on. It is imperative that one address all installation issues encountered during this phase prior to proceeding to the following sections.
Team Foundation Server
- Log on to the TFS machine using the Team Foundation Server Setup account (Domain\TFSSETUP)
- Insert the TFS Installation Media
- On the Autorun page that appears, click 'Install Team Foundation Server,' and then click 'Single-Server Installation
Note: If the Autorun page does not appear, locate and run the Autorun file (autorun.exe) in the root folder on the installation media
- The Visual Studio Team Foundation Server Setup wizard starts
- On the Welcome to Setup page, click 'Next'
- On the License Terms page, review the terms, select 'I accept the terms of the License Agreement,' and then click 'Next'
- The setup wizard scans for conditions that could cause setup to fail or cause issues later during server operation
Important: If the wizard identifies any issues, address them now.
- On the Destination Folder page, accept the default destination folder and then click 'Next'
- On the System Health Check page, examine any warnings or blocks by clicking the 'report link'
Important: One must address any remaining issues before continuing setup. Click 'Cancel' and run setup again after fixing the blocking issues
- If there are no blocks or warnings, click 'Next'
- On the Service Logon Account page, type the Windows domain user account created for the Team Foundation Server Service account (Domain\TFSSERVICE) in the 'Account Name' box, type the password in the 'Password' box and then click 'Next'
- On the Reporting Logon Account page, type Windows domain user account created for the Team Foundation Server Reporting account (Domain\TFSREPORTS) in the 'Account Name' box, type the password in the 'Password' box and the 'Next'
- On the Specify Alert Settings page, select 'Enable Team Foundation Alerts,' and type the following information:
- In the 'SMTP server' box, type the name of the server used to send e-mail notifications
- In the 'From e-mail address' box, type the name of the e-mail address from which notifications appear to come, and then click 'Next'
- On the Ready to Install page, click 'Install'
- On the Installing Components page, monitor the installation of Team Foundation Server
Note: During installation, the system may prompt for a restart. Click 'Restart Now.' Setup will continue after the computer restarts
- On the Setup Completed Successfully page, verify that the installation is complete, and then click 'Finish'
Note: After one installs Team Foundation Server, one should back up the Reporting Services Encryption key using the Reporting Services Configuration Tool. This step is not required to create team projects, but is part of best practices for managing Team Foundation Server. For more information, see "How to: Back Up the Reporting Services Encryption Key" in the Team Foundation Server Administrator's Guide
- In Internet Explorer, locate http://localhost:8080/services/v1.0/Registration.asmx, and then click 'GetRegistrationEntries'
- On the GetRegistrationEntries page, click 'Invoke' (One does not have to enter a ToolID)
Note: To use this Web method, one must log in to the TFS Environment; invocation of the method is not available from TFS Clients
- In the XML, verify that the type 'VSTF' exists, and then close the page. The following is an example of the xml one should look for:
<?xml version="1.0" encoding="utf-8" ?>
<Type>vstfs</Type>
Note: After installing Team Foundation Server, one may wish to install Team Explorer, Team Foundation Build or Team Foundation Server Proxy. These items have not proven problematic and this walkthrough does not cover these installations. The author recommends installing Team Explorer on the TFS machine if it is not possible to install a full version of Visual Studio 2005. The author also recommends installing TFS Build. These items are available by browsing the installation media.
Team Foundation Server Service Pack 1
Prior to installing TFS SP1, one must install the Visual Studio Team Foundation Server Quiescence GDR.
- Locate the file VS80-KB919156-X86.exe in the Install Tools folder, or download the file now (from the link specified at the beginning of this document) and save it to a handy location on the local disk drive, then double-click the file
- Accept all defaults to complete the installation
After completing the above steps, installation of TFS SP1 is a simple matter. The following four steps are all that is required:
- Locate the file VS80sp1-KB926738-X86.exe in the Install Tools folder, or download the file now (from the link specified at the beginning of this document) and save it to a handy location on the local disk drive, then double-click the file
- In the installation confirmation dialog box, click 'OK'
- When the end user license agreement appears, review the terms then click 'I Accept'
- The service pack will install; when the dialog box indicating the installation was successful appears, click 'OK'
Verifying the Installation
Verifying the TFS installation consists of two steps: a) verifying the TFS SharePoint portal is accessible and b) verifying access to TFS via the Visual Studio Team Explorer.
The TFS SharePoint portal should be accessible at the following location:
http://localhost/
To verify access to the TFS environment via Team Explorer, follow these steps:
- Open Visual Studio
- Select 'Tools' then 'Connect to Team Foundation Server'
- On the Connect to Team Foundation Server dialog box, click the 'Servers' button
- On the Add/Remove Team Foundation Server dialog box, click the 'Add' button
- On the Add Team Foundation Server dialog box, enter the machine name in the 'Team Foundation Server name' box, then click 'OK'
- On the Add/Remove Team Foundation Server dialog box , click the 'Close' button
- On the Connect to Team Foundation Server dialog box, verify that the server is selected in the 'Connect to Team Foundation Server' drop-down box, then click 'OK'
- Expand the Server in the Team Explorer window, and verify that all items load. If any item appears with a red 'X' on the folder, troubleshooting is required prior to proceeding with any further steps
- Close Visual Studio
To troubleshoot the web-services from the server, one can navigate to the following URLs. If the page does not load, the service is inaccessible, and the configurations in SQL Server and the various configuration files should be checked. If the web-service detail page loads, one can click on the various methods and invoke them.
- Build: http://localhost:8080/build/v1.0/integration.asmx
- Services: http://localhost:8080/services/v1.0/registration.asmx
- Warehouse: http://localhost:8080/warehouse/v1.0/warehousecontroller.asmx
- Work Item Tracking: http://localhost:8080/WorkItemTracking/v1.0/integration.asmx
Preparing for Secure Sockets Layer (SSL)
This section addresses the steps necessary for preparing one's system for enabling SSL access to the environment. First, one must install the Certificate Services to establish a local Certification Authority, then create a certificate request and issue the certificate for the Fully Qualified Domain Name used to reach the server. Finally, an INI file is required to configure the Authentication.dll assembly used as an ISAPI filter for Basic or Digest Authentication. This section will also cover exporting the necessary certificates to allow issue-free client connection to the server.
Installing Certificate Services
- Click 'Start,' click 'Control Panel' and then select 'Add or Remove Programs'
- Click 'Add/Remove Windows Components'
- In the Windows Components Wizard, click 'Certificate Services' in the Components list
- Review the text in the message box, and then click 'Yes'
- Click 'Next' to start the installation
- On the CA Type page, select 'Stand-alone root CA,' and then click 'Next'
- On the CA Identifying Information page, in 'Common name for this CA,' type the name of the computer
- In 'Validity period,' change the duration for the certificate to and acceptable period and then click 'Next'
- On the Certificate Database Settings page, click 'Next' without making any changes
- A message box appears that shows that IIS must be stopped; in the message box, click 'Yes'
- The Configuring Components page appears; if a message box appears with information about Active Server Pages (ASP), click 'Yes'
- Click 'Finish' when the installation completes
The TFS Certificate
There are two certificates that are critical to success. Creation of the first occurs when Certificate Services installation is complete; this is the Root Certification Authority certificate. The second results from requesting and issuing a certificate for the Team Foundation Server domain address. This certificate applies to all three websites in the TFS Environment. The following walkthroughs address requesting and issuing this second certificate.
Requesting a TFS Certificate
- Click 'Start,' click 'Administrative Tools' and then click 'Internet Information Services (IIS) Manager'
- Expand 'computername (Local Computer)' and then expand 'Web sites'
- Right-click 'Team Foundation Server' and then click 'Properties'
- In Team Foundation Server Properties, click the 'Directory Security' tab
- Under 'Secure Communications,' click 'Server Certificate'
- The Web Server Certificate Wizard appears; click 'Next'
- On the Server Certificate page, click 'Create a new certificate,' and then click 'Next'
- On the Delayed or Immediate Request page, click 'Next'
- On the Name and Security Settings page, click 'Next' without making any changes (this value should be 'Team Foundation Server')
- On the Organization Information page, specify values for 'Organization' and 'Organization unit.' For example, enter the name of the company as the 'Organization' and the team or group name for 'Organization unit;' click 'Next'
- On the Your Site's Common Name page, enter the Fully Qualified Domain Name for the TFS server, e.g. tfs.mydomain.com
Note: Microsoft's official instructions assume users will reach the server across a secure LAN and state one should not change this value. For situations where users access the server across the commercial internet, this is a point of failure when following the existing documentation
- On the Geographical Information page, specify the appropriate information in the 'Country/Region,' 'State/province' and 'City/locality' boxes, and then click 'Next'
- On the Certificate Request File Name page, under 'File name,' specify the location where the certificate request file should be saved and the name of the file, and then click 'Next'
Note: Make sure that the certificate request file is saved to a network share or other location that can be accessed from the CA computer
- Review the information listed on the Request File Summary page and then click 'Next'
- 'Click Finish'
- Click 'OK' to exit the Team Foundation Server Properties dialog box
Issuing the TFS Certificate
- Click 'Start,' click 'Administrative Tools' and then click 'Certification Authority'
- In the Explorer pane, right-click the computer name, select 'All Tasks' and the click 'Submit new request'
- In the Open Request File dialog box, locate the certificate request text file created in the previous procedure and then click 'Open'
- In the Explorer pane, expand the computer name and then click 'Pending Requests'
- Note the 'Request ID' value for the pending request; this is most likely '2' as the CA certificate was the first and no others have been issued at this point on a clean install
- Right-click the request, select 'All Tasks' and then click 'Issue'
- In the Explorer window, under the computer name, select 'Issued Certificates' and review the listed certificates to verify that a certificate was issued that matches the 'Request ID' value for the request (again, most likely '2', and most likely the only one)
- In Issued Certificates, right-click the issued certificate, select 'All Tasks' and then click 'Export Binary Data'
- In Columns that contain binary data, select 'Binary Certificate.'
- Under Export options, select 'Save binary data to a file' and then click 'OK'
- In Save Binary Data, save the file to a location accessible by the TFS environment
- Exit Certification Authority
The ISAPI Filter
TFS SP1 installed an assembly called AuthenticationFilter.dll to the %ProgramFiles%\Visual Studio 2005 Team Foundation Server\TF Setup folder. This step creates an initialization (.ini) file used by IIS to configure this assembly as an ISAPI filter on the Team Foundation Server website.
- Open Notepad, copy the following text, and paste it into the Notepad window:
[config]
RequireSecurePort=true
ProxyIPList=ProxyAddress
SubnetList=IP/SubnetMask
- If no proxy server is being used (the only option fully supported by this document) modify the text as follows:
[config]
RequireSecurePort=true
SubnetList=IP/SubnetMask
- Alter the 'SubnetList' entry to match the IP and Subnet Mask of the TFS System, e.g. '70.111.255.1/255.255.255.0'
Note: Microsoft Tech Support indicated that in cases where no proxy is used, the entry on this line could be any valid IP/Subnet Mask, e.g. 170.0.0.1/255.255.255.255, regardless of the Server IP/Subnet Mask pair. The author had success using the actual IP/Subnet Mask for the FQDN, and did not attempt to change this value to some other arbitrary value
Important: Microsoft's documentation has a semi-colon (;) at the end of the bottom two lines in their example initialization file text. Adding these semi-colons WILL cause the ISAPI filter to fail. This is an error in the documentation
- The final text should resemble this:
[config]
RequireSecurePort=true
SubnetList=70.111.255.1/255.255.255.0
- Save the file as AuthenticationFilter.ini to the same directory as the AuthenticationFilter.dll (%ProgramFiles%\Visual Studio 2005 Team Foundation Server\TF Setup\)
Important: According to Microsoft, changing the directory of these two items (the .dll and .ini files) will most likely cause problems when attempting future upgrades to the TFS Environment
Exporting the Root Certification Authority Certificate
In order to export the Root Certification Authority Certificate, one will first need access to the TFS Environment's certificate console. In order to view certificates for the system follow the following steps.
- Click 'Start,' click 'Run,' type mmc then click 'OK'
- Press Ctrl+M to open the Add/Remove Snap-In dialog
- On the Add/Remove Snap-In dialog, click the 'Add' button
- On the Add Standalone Snap-In dialog, click 'Certificates' then click the 'Add' button
- On the Certificates Snap-In dialog, select the 'Computer Account' option, then click 'Next'
- On the Select Computer dialog, click the 'Finish' button without making any changes
- On the Add Standalone Snap-In dialog, click 'Close'
- On the Add/Remove Snap-In dialog, click 'OK'
Using the resulting console, one is now able to export the Root Certification Authority certificate for the TFS machine. The following steps describe this procedure.
- Expand Certificates – (Local Computer)
- Click the 'Personal' node
- In the right pane, find the certificate that has the machine name in the 'Issued To' column and 'Root Certification Authority' in the 'Certificate Template' column
- Right-click the certificate, click 'All Tasks' and then click 'Export'
- On the Certificate Export Wizard welcome page, click 'Next'
- On the Export Private Key page, verify 'No, do not export the private key' is selected then click 'Next'
- On the Export File Format page, select 'Base-64 encoded X.509 (.CER)' then click 'Next'
- On the File To Export page, click the 'Browse' button
- Browse to a folder on the TFS machine and specify a filename, then click 'Save'
- On the File To Export page, click 'Next'
- On the Certificate Export Wizard completion page, click 'Finish'
Requiring Secure Sockets Layer (SSL)
This section will detail the final steps in enabling and requiring SSL access to the TFS environment. This entails further configuration of IIS, including installation of the certificates from the previous steps, configuring the SSL requirement and configuration of the ISAPI filter. In addition, the TFS_Integration and TFS_Subscription table require some edits in SQL Server, and three TFS configuration files require updates. Then, an edit of the TFS System Registry is required, and finally, the Root Certification Authority Certificate requires addition to the certificate stores on both the server and any clients requiring access to the TFS environment.
Configuring IIS
Configuring IIS to require SSL for access to the TFS environment consists of four operations. These include configuring each of the three websites in the TFS deployment by installing the TFS Domain Certificate, requiring access via a secure port, and enabling Basic Authentication as well as installing the previously configured ISAPI filter to the TFS Web Site. This document details each of these steps in the following four sections.
Configuring the Team Foundation Website
- On the TFS Machine, click 'Start,' click 'Administrative Tools' and then click 'Internet Information Services (IIS) Manager'
- Expand <computername> (local computer) and then expand Web sites
- Right-click Team Foundation Server and then click 'Properties'
- In Team Foundation Server Properties, click the 'Directory Security' tab
- Under Secure Communications, click Server 'Certificate'
- The Web Server Certificate Wizard appears; Click 'Next'
- On the Pending Certificate Request page, select 'Process the pending request and install the certificate' and then click 'Next'
- On the Process a Pending Request page, click 'Browse'
- In the Open dialog box, under 'Files of type,' select 'All files (*.*)' from the drop-down list, and then locate the directory where the binary certificate was saved in the earlier procedure. Select the binary certificate file and then click 'Open'
- On the Process a Pending Request page, click 'Next'
- On the SSL Port page, enter 8081 as the port value, and then click 'Next'
Note: The author recommends reserving port 443, the standard HTTPS port, for the default website; however, any open, valid port may be used. Keep in mind that a different port is required for all three websites, and assigning a port other than 443 to the default website will require users to enter the port to access the TFS SharePoint portal via a web browser.
- Review the information on the Certificate Summary page, and then click 'Next'
- Click 'Finish;' the wizard will close
- Under Secure Communications, click 'Edit'
- In Secure Communications, select 'Require Secure Channel (SSL)' and verify that 'Ignore Client Certificates' is selected, then click 'OK'
- On the Directory Security tab, under Authentication and access control, click 'Edit'
- In Authentication Methods, make sure that the 'Enable anonymous access' box is cleared; in Authenticated access, select 'Integrated Windows authentication' and 'Basic Authentication'
- Clear any other selections, and then click 'OK'
Note: After enabling Basic Authentication, a confirmation dialog may appear; read the text and then click 'Yes'
- Click OK to close the Team Foundation Server Properties dialog box
Note: If an Inheritance Overrides dialog box appears, click 'Select All' and then click 'OK'
Configuring the SharePoint Website
- On the TFS Machine, click 'Start,' click 'Administrative Tools' and then click 'Internet Information Services (IIS) Manager'
- Expand <computername> (local computer) and then expand Web sites
- Right-click SharePoint Central Administration and then click 'Properties'
- In SharePoint Central Administration Properties, click the 'Directory Security' tab
- Under Secure Communications, click Server 'Certificate'
- The Web Server Certificate Wizard appears; Click 'Next'
- On the Server Certificate page, select 'Assign an Existing Certificate' and then click 'Next'
- On the Available Certificates page, select the certificate whose friendly nameis 'Team Foundation Server' then click 'Next'
Note: One may have to scroll to view the Friendly Name column in the list
- On the SSL Port page, enter 1443 as the port value, and then click 'Next'
Note: The author recommends reserving port 443, the standard HTTPS port, for the default website; however, any open, valid port may be used. Keep in mind that a different port is required for all three websites, and assigning a port other than 443 to the default website will require users to enter the port to access the TFS SharePoint portal via a web browser.
- Review the information on the Certificate Summary page, and then click 'Next'
- Click 'Finish;' the wizard will close
- Under Secure Communications, click 'Edit'
- In Secure Communications, select 'Require Secure Channel (SSL)' and verify that 'Ignore Client Certificates' is selected, then click 'OK'
- On the Directory Security tab, under Authentication and access control, click 'Edit'
- In Authentication Methods, make sure that the 'Enable anonymous access' box is cleared; in Authenticated access, select 'Integrated Windows authentication' and 'Basic Authentication'
- Clear any other selections, and then click 'OK'
Note: After enabling Basic Authentication, a confirmation dialog may appear; read the text and then click 'Yes'
- Click OK to close the SharePoint Central Administration Properties dialog box
Note: If an Inheritance Overrides dialog box appears, click 'Select All' and then click 'OK'
Configuring the Default Website
- On the TFS Machine, click 'Start,' click 'Administrative Tools' and then click 'Internet Information Services (IIS) Manager'
- Expand <computername> (local computer) and then expand Web sites
- Right-click Default Web Site and then click 'Properties'
- In Default Web Site Properties, click the 'Directory Security' tab
- Under Secure Communications, click Server 'Certificate'
- The Web Server Certificate Wizard appears; Click 'Next'
- On the Server Certificate page, select 'Assign an Existing Certificate' and then click 'Next'
- On the Available Certificates page, select the certificate whose friendly nameis 'Team Foundation Server' then click 'Next'
Note: One may have to scroll to view the Friendly Name column in the list
- On the SSL Port page, enter 443 as the port value, and then click 'Next'
Note: The author recommends using port 443, the standard HTTPS port, for the default website; however, any open, valid port may be used. Keep in mind that a different port is required for all three websites, and assigning a port other than 443 to the default website will require users to enter the port to access the TFS SharePoint portal via a web browser.
- Review the information on the Certificate Summary page, and then click 'Next'
- Click 'Finish;' the wizard will close
- Under Secure Communications, click 'Edit'
- In Secure Communications, select 'Require Secure Channel (SSL)' and verify that 'Ignore Client Certificates' is selected, then click 'OK'
- On the Directory Security tab, under Authentication and access control, click 'Edit'
- In Authentication Methods, make sure that the 'Enable anonymous access' box is cleared; in Authenticated access, select 'Integrated Windows authentication' and 'Basic Authentication'
- Clear any other selections, and then click 'OK'
Note: After enabling Basic Authentication, a confirmation dialog may appear; read the text and then click 'Yes'
- Click 'OK' to close the Default Web Site Properties dialog box
Note: If an Inheritance Overrides dialog box appears, click 'Select All' and then click 'OK'
Configuring the ISAPI Filter
- On the Team Foundation Machine, open a Command Prompt (click 'Start,' click 'Run' type cmd then click 'OK'
- Type or copy and paste the following command (the command is all one line:)
reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\TFS ISAPI Filter" /v EventMessageFile /t REG_SZ /d %windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll /f
- Hit the 'Enter' key
- When the command completes, type or copy and paste this command (the command is all one line:)
reg.exe add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\TFS ISAPI Filter" /v TypesSupported /t REG_DWORD /d 7 /f
- Hit the 'Enter' Key
- When the command completes, type and press the 'Enter' key to close the command window
- Click 'Start,' click 'Administrative Tools' and then click 'Internet Information Services (IIS) Manager'
- Expand <computername> (local computer), expand Web Sites, right-click Team Foundation Server, and then click 'Properties'
- In Team Foundation Server Properties, click the ISAPI Filters tab
- Under ISAPI Filters, click 'Add'
- In Add/Edit Filter Properties, type TFAuthenticationFilter as the filter name
- Click the 'Browse' Button
- Navigate to the folder %ProgramFiles%\Visual Studio 2005 Team Foundation Server\TF Setup and double-click the file, 'AuthenticationFilter.dll'
- Click 'OK' to exit the Add/Edit Filter Properties dialog
- Click 'OK' to exit the Team Foundation Server Properties dialog
Configuring SQL Server
The TFSIntegration database requires editing entries on two tables, the tbl_service_interface table and the tbl_subscription table, for TFS to work properly over SSL. These edits include changing the protocol to HTTPS (entries are HTTP by default) and changing the URL to reflect the FQDN of the TFS Environment (entries are via the machine name by default.) The steps for making the necessary changes are as follows:
- On the TFS Machine, click 'Start,' click 'All Programs,' click 'Microsoft SQL Server 2005' and then click 'SQL Server Management Studio'
- On the Connect to Server dialog, select 'Database Engine for the Server; select the appropriate server name, provide a user and password if required and then click 'Connect'
- In the Object Explorer, expand Databases, expand TfsIntegration and expand tables
- In tables, right-click tbl_service_interface and then click 'Open Table'
- In the table, find the following items under 'Name' and update the 'Url' values accordingly:
Important: For the purposes of this document, tfs.mydomain.com represents the FQDN of the TFS Machine, port 8081 is the SSL port for Team Foundation Server, 1443 is the SSL port for SharePoint Central Administration and 443 is the SSL port for the Default Web Site. As 443 is the default port for the HTTPS protocol, the port is not specified in related URLs. If one chose an alternate port, any URL that begins with https://tfs.mydomain.com/~ requires specification of the SSL port
e.g. if 2443 was the SSL port specified for the default website, the URL would be https://tfs.mydomain.com:2443/
Name
| Url
|
ReportsService
| https://tfs.mydomain.com/ReportServer/ReportService.asmx
|
BaseReportsUrl
| https://tfs.mydomain.com/Reports
|
WSSAdminService
| https://tfs.mydomain.com:1443/_vti_adm/admin.asmx
|
BaseServerUrl
| https://tfs.mydomain.com
|
BaseSiteUrl
| https://tfs.mydomain.com/sites
|
- In tables, right-click tbl_subscriptions and then click 'Open Table'
- In the table, find the following items under 'event_type' and update the 'address' values accordingly:
Note: All of the items in this table relate to the Team Foundation Server website and should reflect the port assigned in IIS for SSL communication. For the purposes of this document, tfs.mydomain.com represents the FQDN of the TFS Machine and port 8081 is the SSL port for Team Foundation Server. These items will have 'id' 1 to 4 and will appear in the order shown below. Take notice the names of two individual event_types are 'DataChangedEvent,' but the URLs are different. For this table one only needs to change each of the root URLs (in bold) to reflect the Team Foundation Server website URL and port.
event_type
| address
|
BuildCompletionEvent
| https://tfs.longcloudtech.com:8081/WorkItemTracking/v1.0/Integration.asmx
|
DataChangedEvent
| https://tfs.longcloudtech.com:8081/WorkItemTracking/V1.0/SyncEventsListener.asmx
|
ProjectCreatedEvent
| https://tfs.longcloudtech.com:8081/Warehouse/v1.0/warehousecontroller.asmx
|
DataChangedEvent
| https://tfs.longcloudtech.com:8081/VersionControl/V1.0/Integration.asmx
|
- On the File menu, click 'Save All'
- Close SQL Server Management Studio
Configuring Application Configuration Files
Four configuration files require edits for TFS to work properly over SSL. The first is the 'web.config' file located in the %ProgramFiles%\Visual Studio 2005 Team Foundation Server\Web Services directory, the second is the 'CoverAn.exe.config' file located in the %ProgramFiles%\Visual Studio 2005 Team Foundation Server\CoverAn directory, and the third is the 'TFSServerScheduler.exe.config' file located in the %ProgramFiles%\Visual Studio 2005 Team Foundation Server\TFSServerScheduler directory. The fourth file is the 'web.config' located in the %ProgramFiles%\Visual Studio 2005 Team Foundation Server\Web Services\Services directory and sets the values for sending TFS Alerts to subscribers. The following four sections address these modifications.
TFS Web Services Configuration File
- On the TFS Machine, open a browser and open the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\Web Services directory
- Right-click the 'web.config' file and then click 'Edit;' if necessary, select an editor with which to modify the file
- In the 'web.config' file, search for the TFSUrlPublic element
- Uncomment the element and configure the appropriate values for the TFS deployment:
Example: If the TFS FQDN was tfs.mydomain.com and the deployment used port 8081 for HTTP proxy, one would configure the key as follows:
<add key="TFSURLPublic" value="https://tfs.mydomain.com:8081"/>
- In the 'web.config' file, search for the TFSNameUrl element
- Edit the value for the element by changing 'http' to 'https' and changing the port number to match the SSL port assigned to the Team Foundation Server web site in IIS
Example: If the TFS FQDN was tfs.mydomain.com and the deployment used port 8081 for HTTPS for the Team Foundation Server Web site, one would configure the key as follows:
<add key="TFSNameUrl" value="https://tfs.mydomain.com:8081"/>
- Save the file and close the file editor
CoverAn Configuration File
- On the TFS Machine, open a browser and open the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\CoverAn directory
- Right-click the 'CoverAn.exe.config' file and then click 'Edit;' if necessary, select an editor with which to modify the file
- In the 'CoverAn.exe.config' file, search for the TFSNameUrl element
- Edit the value for the element by changing 'http' to 'https' and changing the port number to match the SSL port assigned to the Team Foundation Server web site in IIS
Example: If the TFS FQDN was tfs.mydomain.com and the deployment used port 8081 for HTTPS for the Team Foundation Server Web site, one would configure the key as follows:
<add key="TFSNameUrl" value="https://tfs.mydomain.com:8081"/>
- Save the file and close the file editor
TFSServerScheduler Configuration File
- On the TFS Machine, open a browser and open the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\TFSServerScheduler directory
- Right-click the 'TFSServerScheduler.exe.config' file and then click 'Edit;' if necessary, select an editor with which to modify the file
- In the 'TFSServerScheduler.exe.config' file, search for the BisDomainUrl element
- Edit the key and the value for the element by changing the key to 'TFSNameUrl,' 'http' to 'https' and changing the port number to match the SSL port assigned to the Team Foundation Server web site in IIS
Example: If the TFS FQDN was tfs.mydomain.com and the deployment used port 8081 for HTTPS for the Team Foundation Server Web site, one would configure the key as follows:
Note: If the search cannot find the BisDomainUrl element, search for the TFSNameUrl element instead. It is possible that some RTM and SP1 deployments will already have the correct key – according to Microsoft. The author installed from RTM media and the key name remained BisDomainUrl
<add key="BisDomainUrl" value="http://MyServer:8080"/>
Becomes…
<add key="TFSNameUrl" value="https://tfs.mydomain.com:8081"/>
- Save the file and close the file editor
Configuring for TFS Alerts
- On the TFS Machine, open a browser and open the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\Web Services\Services directory
- Right-click the 'web.config' file and then click 'Edit;' if necessary, select an editor with which to modify the file
- Make sure the following elements are present and correct in the appSettings element of the web.config file
<appSettings>
<add key="ConnectionString" value="Application Name=TeamFoundation;Persist Security Info=False;Initial Catalog=TfsIntegration;Data Source=TFSServerName;Integrated Security=SSPI"/>
<add key="DetailedExceptions" value="false" />
<add key="emailNotificationFromAddress" value="TFSAlert_From@mydomain.com" />
<add key="smtpServer" value="mail.mydomain.com" />
</appSettings>
Important: The value one specifies for the emailNotificationFromAddress element MUST be a valid email address at the SMTP server specified in the smtpServer element. The author added the address TFSAlert_noreply@mydomain.com to the TFSService account, but any valid email address may be used. In addition, the author noticed that the appSettings element was faulty despite specifying the correct values during the TFS application installation. The easiest test for alerts is to subscribe to the alert for check-ins and perform a check-in operation.
Editing the TFS System Registry
The TFS System Registry requires an update for SQL Reporting Services to work properly. The following steps are necessary to complete the edit:
- On the TFS Machine, click 'Start,' click 'Run,' type regedit and then click 'OK;' Registry Editor opens
- In Registry Editor, expand HKEY_LOCAL_MACHINE, expand Software, expand Microsoft, expand Visual Studio, expand 8.0, expand Team Foundation and then click 'ReportServer'
- Right-click Key and then click 'Modify'
- In the Edit String dialog box, in Value data, change the value to reflect the 'https' address of the TFS Machine, and then click 'OK'
Example: if the name FQDN of the TFS Machine was tfs.mydomain.com, one would change the value of the data from http://tfs.mydomain.com to https://tfs.mydomain.com
- Close Registry Editor
Installing Certificates to the Server Root CA Store
Unbelievably, manual installation of the machine Certification Authority certificate is required on the TFS machine. One can accomplish this installation in the following manner:
- Click 'Start,' click 'Run,' type mmc and click 'OK'
- Press Ctrl+M
- On the Add/Remove Snap-in page, click the 'Add' button
- On the Add Standalone Snap-in page, select 'Certificates;' click the 'Add' button
- On the Certificates Snap-in page, select the 'Computer Account' option; click the 'Next' button
- On the Select Computer page, verify that the 'Local Computer' option is selected then click the 'Finish' button
- On the Add Standalone Snap-in page, click the 'Close' button
- On the Add/Remove Snap-in page, click 'OK'
- In the Console Root window, expand Certificates
- Expand Trusted Root Certification Authorities
- Right-click the Certificates Folder, click 'All Tasks' then click 'Import'
- On the Certificate Import Wizard 'Welcome' page click the 'Next' button
- On the File to Import page, click the 'Browse' button
- Navigate to the directory and select the file saved during the 'Exporting the Root Certification Authority Certificate' portion of this guide then click 'Open'
- On the File to Import page, click the 'Next' button
- On the Certificate Store page, click the 'Next' button
- On the Completing the Certificate Import Wizard page, click the 'Finish' button
- Click 'OK' to acknowledge the import was successful when the dialog appears
- Close the console
Installing Certificates to the Client Root CA Store
The final step in this laborious installation is installing the TFS Certification Authority certificate on clients that require access to the TFS instance. The author's method of distribution was via email, but any distribution of the certificate file is acceptable (LAN, FTP, etc.) The installation procedure is identical to those steps outlined in the previous section, 'Installing Certificates to the Server Root CA Store.
Testing and Troubleshooting
To confirm a successful installation, one should repeat the steps from the 'Verifying the Installation' section of this document from the server. A test of the ability to reach the TFS SharePoint portal and the Reporting Services website via the web from a TFS Client machine and finally a test of the ability to connect to the TFS instance via Visual Studio on the client machine is required as well.
Important: Installation of the Team Explorer is required on all client machines. Team Explorer is an add-on to the standard Visual Studio 2005 environment, and many of the menu options referenced below will not be available in the absence of the Team Explorer add-in.
The following steps address these tests and offer basic troubleshooting advice. The author's desire is for this section to become a living element of the document as new errors present themselves and members of the community discover solutions.
Verifying the Installation from the TFS Machine
The TFS SharePoint portal should be accessible at the following location:
https://tfs.mydomain.com/
To verify access to the TFS environment via Team Explorer, follow these steps:
- Open Visual Studio
- Select 'Tools' then 'Connect to Team Foundation Server'
- On the Connect to Team Foundation Server dialog box, click the 'Servers' button
- On the Add/Remove Team Foundation Server dialog box, click the 'Add' button
- On the Add Team Foundation Server dialog box, enter the TFS FQDN in the 'Team Foundation Server name' box, enter the port specified for SSL on the Team Foundation Server website, select the 'HTTPS' protocol then click 'OK'
- Enter user and password information if prompted
- On the Add/Remove Team Foundation Server dialog box , click the 'Close' button
- On the Connect to Team Foundation Server dialog box, verify that the server is selected in the 'Connect to Team Foundation Server' drop-down box, then click 'OK'
- Expand the Server in the Team Explorer window, and verify that all items load. If any item appears with a red 'X' on the folder, troubleshooting is required
- Close Visual Studio
To troubleshoot the web-services from the server, one can navigate to the following URLs. If the page does not load, the service is inaccessible, and the configurations in SQL Server and the various configuration files should be checked. If the web-service detail page loads, one can click on the various methods and invoke them.
- Build: https://tfs.mydomain.com:8081/build/v1.0/integration.asmx
- Services: https://tfs.mydomain.com:8081/services/v1.0/registration.asmx
- Warehouse: https://tfs.mydomain.com:8081/warehouse/v1.0/warehousecontroller.asmx
- Work Item Tracking: https://tfs.mydomain.com:8081/WorkItemTracking/v1.0/integration.asmx
The SharePoint Central Administration Website is available at the following location:
https://tfs.mydomain.com:1443/
Verifying the Installation from the TFS Client
The TFS SharePoint portal should be accessible at the following location:
https://tfs.mydomain.com/
To verify access to the TFS environment via Team Explorer, follow these steps:
- Open Visual Studio
- Select 'Tools' then 'Connect to Team Foundation Server'
- On the Connect to Team Foundation Server dialog box, click the 'Servers' button
- On the Add/Remove Team Foundation Server dialog box, click the 'Add' button
- On the Add Team Foundation Server dialog box, enter the TFS FQDN in the 'Team Foundation Server name' box, enter the port specified for SSL on the Team Foundation Server website, select the 'HTTPS' protocol then click 'OK'
- Enter user and password information if prompted
- On the Add/Remove Team Foundation Server dialog box , click the 'Close' button
- On the Connect to Team Foundation Server dialog box, verify that the server is selected in the 'Connect to Team Foundation Server' drop-down box, then click 'OK'
- Expand the Server in the Team Explorer window, and verify that all items load. If any item appears with a red 'X' on the folder, troubleshooting is required
- Close Visual Studio
Closing Tips
If encountering authentication issues when using the FQDN, verify that the TFS Machine can resolve the FQDN. To do this, open a web browser and type in the FQDN, e.g. https://tfs.mydomain.com. If the browser cannot resolve the URL, open a command prompt and attempt to ping the FQDN, e.g. ping tfs.mydomain.com. If that fails as well, the server is not resolving the FQDN correctly, and all internal calls will fail. The quick solution is as follows:
- Open an explorer window on the TFS Machine and navigate to %system%\system32\drivers\etc
- Open the file lmhost.sam with notepad
- Enter the IP address assigned to the TFS FQDN at the bottom of the file
- Press Tab
- Enter the TFS FQDN
Example: 70.111.255.1 tfs.mydomain.com
- Save the changes