I'm having trouble with the permissions associated with creating new Team Projects in TFS 2015 from Visual Studio Enterprise 2015.
Everyone in our team is a member of a common AD group, which through a series of group memberships (see below) ended up in the Project Collection Administrators group of our main collection. This means that everyone in the team can see everything, do pretty much everything, and isn't ideal so I made a couple of changes and everything appears to be working correctly except creating new projects.
Whenever anyone other than me tries to create a new project the wizard kicks off and then fails shortly after with the following message:
TFS error
I can grab the full log if necessary, but the exception is here:
---begin Exception entry---
Time: 2016-04-05T16:09:20
Module: Engine
Event Description: TF30162: Task "Queries" from Group "WorkItemTracking" failed
Exception Type: Microsoft.TeamFoundation.Client.PcwException
Exception Message: Sequence contains no matching element
Stack Trace:
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.Execute(ProjectCreationContext ctxt, XmlNode taskXml)
at Microsoft.VisualStudio.TeamFoundation.PCW.ProjectCreationEngine.TaskExecutor.PerformTask(IProjectComponentCreator componentCreator, ProjectCreationContext context, XmlNode taskXml)
at Microsoft.VisualStudio.TeamFoundation.PCW.ProjectCreationEngine.RunTask(Object taskObj)
-- Inner Exception --
Exception Message: Sequence contains no matching element (type InvalidOperationException)
Exception Stack Trace: at System.Linq.Enumerable.First[TSource](IEnumerable`1 source, Func`2 predicate)
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.WitPcwTask.QueryTask.GetPublicQueryFolder(Project project)
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.WitPcwTask.QueryTask.Parse(Boolean execute)
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.WitPcwTask.QueryTask.Execute()
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.Parse(ContextWrapper wrapper, XmlNode taskXml, Boolean fExecute)
at Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.WitPcwPlugin.PcwPluginComponentCreator.Execute(ProjectCreationContext ctxt, XmlNode taskXml)
--- end Exception entry ---
I'm running Visual Studio Enterprise 2015 with Update 2, and it works fine on my laptop with the Agile template. I've logged in with another user account on the exact same laptop, tried the Agile and Scrum templates and both have failed in the exact same place. Another user has tried separately with Visual Studio Enterprise 2015 with Update 1 and they have encountered the same error. This particular user has been able to created team projects before.
Because it was working before I changed the permissions, and because it's still working for me, I don't think there's an issue with the project template or TFS itself, so I'm leaning towards it being a permissions issue and I just haven't given the other users the right permission/membership to the right group to allow them to create the template correctly. I always have the fallback of putting the permissions back as they were before I started editing them, but it would be great if I could actually resolve this issue so I don't essentially have everyone in the team as collection admins.
Any ideas on how to resolve this?
Edit: I've been altering various permissions today to see if I can resolve this myself, and as a test I simply undid the permission changes detailed below, and it works fine - as such I'm pretty certain it's permissions, but which ones I have no idea.
Permissions before:
Everyone is a member of our AD group
Our AD group is a member of the server's local admin AD group
The local admin AD group is a member of [BUILTIN]\Administrators
[BUILTIN]\Administrators is a member of [TEAM FOUNDATION]\Team Foundation Administrators
[TEAM FOUNDATION]\Team Foundation Administrators is a member of [Our Collection]\Project Collection Administrators
Changes made:
I removed [TEAM FOUNDATION]\Team Foundation Administrators from [Our Collection]\Project Collection Administrators, leaving just me and another user directly in [Our Collection]\Project Collection Administrators.
I then set the Create New Projects permission to Allow on our AD group - without this users other than me can't even start the wizard
Clean the Cache folder on client computer. The folder path is: C:\Users\username\AppData\Local\Microsoft\Team Foundation\6.0\Cache.
Clean the Cache folder on Server machine. The folder path is:
C:\TfsData\ApplicationTier_fileCache
After cleaned, on Server machine, click Start and select Run… to open the dialog box, then input iisreset.exe and click OK, wait it run completely.
Check Event log in Event Viewer to see whether there is useful information.
Related
I am using TFS 2013, Update 5.
I am unable to see the 'Access Levels' tab in the admin section.
Verified also that the account has Console Permissions.
Added the account in [TEAM FOUNDATION]\Team Foundation Administrators group in TFS Admin Console.
While sending request from my site. I am getting
Request URL: `http://<account_name>:8080/tfs/_admin/_licenses`<br>
Request Method: GET<br> Status Code: 404 Not Found<br> X-TFS-ServiceError:
Page+not+found.
The tab just simply isn't there.
And also I am unable to see the TEST tab in the projects.
Tried the solution: Access levels configuration tab not visible in TFS 2015
I have cleared the TFS_cache and restarted the server. Even after that, I am unable to view the tab though I have added myself to Team Foundation Administrators Group. Because of this access I am unable to view the Test tab in the project collection home page, Access tab in control section and Adding / Modifing charts under work item.
Kindly help me to fix the issue.
Just check the access level or your account, make sure you are not in the Stakeholder level. Just change the access level to Basic or Advanced Level if the user was in Stakeholder level.
If you change the default access level to Stakeholder, all users not
explicitly added to the Basic or Advanced level will be limited to the
features provided through Stakeholder access.
Then try the solution mentioned in this thread: Access levels configuration tab not visible in TFS 2015
Besides, based on the error message "Status Code: 404 Not Found", generally it should an client-side issue. SO, just try below things to narrow down the issue:
Using IP instead of the server name in URL, e.g :
http://192.168.1.10:8080/tfs/_admin/_licenses
Try with other client machines or browsers
Cleaning the caches on your current client machine
Check if that works for you.
Cause of HTTP 404 Errors:
Technically, an Error 404 is a client-side error, implying that the
error is your mistake, either because you typed the URL incorrectly or
the page has been moved or removed from the website and you should
have known.
Another possibility is if a website has moved a page or resource but
did so without redirecting the old URL to the new one. When that
happens, you'll receive a 404 error instead of being automatically
routed to the new page.
If that still not work, then try to repair the TFS server, then try it again.
Even after multiple ways in the admin level if you are unable to see tab, Navigate to TFS console-->Application Tier-->Administration Security. Under users and Groups section select [Team Foundation]\Team Foundation Valid Users and set the permission of Edit Instance-level information to Allow. This way it has solved my problem.
I am using TFS 2013 and I am trying to customize a workitem template using the ProcessEditor form (I also tried to do the same using the editing and importing xml file),I am trying to add a "ReadlOnly" rule to a field only for some new TFS global group, so I added the new Group and after that I could see and select the newly added Group from the "For" dropdown but when I am trying to save the changes I always got the error "The account you entered is not recognized. Contact your Team Foundation Server administrator to add your account" I googled the error and found a suggestion here http://www.databaseforum.info/30/943697.aspx that it may be a caching issue so I waited days for this and restarted the client and the TFS server machines but without any luck although I can use old created groups without any issues however if I renamed one of these old groups then tried to use it I still got the same error message no matter I add the new groups as a member of any other group.
First, make sure your TFS admin not have done any security changes (adding account or groups or permissions) for your account.
If not, you could try below two possibilities to narrow down the issue:
Check if you had added a field that contained backslashes as values
and TFS may interpreted it as user account. For example if your field
contained a list of suggested values that looked like this: Category
1\Subcategory 1
When you add a value such as
<TRANSITION from="Resolved" to="Complete" for="[project]AllTesters" not="[project]NewTesters">
</TRANSITION>
you should not extend the project to [your project name]AllTesters, should just use [project]AllTesters
For more detail info and ways, please refer below similar issues:
TF26204: The account you entered is not recognized
Experiment on Limit AssignedTo field of WIT to Team Members
Warnings TF26171 and TF26204 during WIT import
Here is the thing, I left it for couple of days and when I returned to it I found everything is working like a charm, I added now some new groups and couldn't see them so I guess I will wait some days for it to work!
the issue was the service agent job that was responsible on syncing the AD changes with the tfs was stopped, everything worked fine when I started it
TFS team project administrator not able to run work item query, when tried through the web browser, page shows the error:
TF401349: An unexpected error has occurred, please verify your request and try again
When tried using Visual Studio 2015, the below error:
TF201072: A user or group could not be found. Verify that the users and groups used in your work item type definition have been added to Team Foundation Server.
Event log in the application server shows the below event error:
System.Data.SqlClient.SqlException (0x80131904): error="600047";%:RebuildCallersViews: Connecting Domain User could not be alidated. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
I am using TFS 2015 update 2.
Note: Same project other users can view normal.
Seems there is something wrong with that user account, although this user is already part of a TFS group, but he still can't access TFS work items. Maybe there is some snag in the TFS identity synch service, and it's usually related to a specific collection.
Attaching and re-attaching the collection will force a refresh of the identity synch data, and will usually resolve this kind issue.
If above is sitll not work.There are also many other articles on the web which help determine the root cause:
You can check whether built-in records were missing in table
TFSIntegration..tblsubscription. Refer to the link below for more
details: A case study on TFS identity replication
Another option is check if the SID of service account is correct.
Replace SID if not, you can refer to this thread for the steps.
Also take a look at the solution of this similar
error:Unable to shelve changes in VS2012 for TFS2010
I have a user who gets the following error when they attempt to create a New Team Project:
TF218027: The following reporting folder could not be created on the
server that is running SQL Server Reporting Services[...]
After several attempts to fix using feedback from this site as well as others, I have narrowed down the problem somewhat, but not sure what to do next.
The user is in the appropriate group in SSRS, with Content Manager and Team Foundation Content Manager roles. I have also broken the permission inheretance per This stackoverflow article.
The odd thing I have observed is that by putting the user into SSRS directly, it works. By being a member of a group instead, it does not work.
Any advise would be appreciated greatly.
Windows group memberships are only refreshed on log on. If you added the user to the group right now, the user might need to log off and log on again to get the new group membership into effect.
Consider the scenario of a user creating a new Team Project. The user is a developer who wants to create and manage their Team Project.
Why can't this user create a new Team Project, including the Reporting Services components?
What can be done to resolve this error?
The exception is
TF218027: the following reporting folder could not be created on the server running SQL Reporting Services.
SQL Reporting services is running under an Active Directory service account created expressly for this purpose.
The developer attempting this action is a member of a TFS group with the following permissions.
The workaround way that I implemented was to ensure the developer was in a group that had 'Content Manager' permissions in the SQL Reporting Services.
I simply added the appropriate AD group in the textbox, and the operation worked perfectly.
First I visited the SSRS page at http://myServer/TFS/Reports/MyCollection
Enter the "New Role Assignment" screen.
I actually blogged about this not too long ago. You usually see this error if Reporting Services gets set up with something other than the NETWORK SERVICE account.
FTA:
I was playing around with my test
instance of Team Foundation Server
today, trying to create a new project,
when I got error TF218027 when it
tried to create the Reporting Services
folder for the project. The strange
thing was, this was not my first
project created on this server.
I searched the Internet for anything
similar, and found a post that said
Reporting Services should be run with
the NETWORK SERVICE account. Since
this was a hastily put together
server, I was running it with the
Administrator account, so I tried
switching it over.
No dice. I got the same TF218027
error, but this time it was due to it
not being able to decrypt the
symmetric keys. Apparently, it's a
bad thing to change the account on the
Reporting Services service.
I hastily changed the account back to
Administrator and resarted the
service. Interestingly enough, this
seems to have fixed the problem.
I just run throught the same issue. I granted the user rights in SharePoint, TFS, and Report Server. And still I was getting the same error message. Then I realized something. I added that user to the Report Server's local administrator's group. It worked! Hopefully this help you out.