I'm trying to set-up a new build server for my TFS 2013 installation.
On a new machine, I've configured a build user:
On test, this approved the user fine; however, running the readiness checks reports:
My interpretation of this error is that build.user does not have access to TFS; which is correct. My question is: can I run the build server using a domain user, but with a separate user for TFS access?
Can I run the build server using a domain user, but with a separate user for TFS access? Yes, you can and the build service account do not need to have the access to TFS.
Suggest you use TFSBuild as the build service account as MSDN recommend.
TFSBuild, which can be a local account, a domain account, or Local
Service in a workgroup
This service account is used when builds are configured and when build
status information is communicated between the build controller and
the build agents. More info for you
reference:https://msdn.microsoft.com/en-us/library/ms253149(v=vs.120).aspx
Related
I just created a new Build server and added it to an existing Queue, I turned off the other agents in the queue so that this new build server would get the job. I sent a very simple .NET build but the build window says "Waiting for an available agent"
So I get it, I must have missed installing something on the build server. So when the job is submitted it's looking for an agent that can satisfy the "capabilities" How can I see that what capabilities the job needs so I can see why it's stuck?
As far as I know, if the agent capabilities couldn't meet the build demands, it will show the warning message at the build result or queue time.
For example:
You could try the following points to troubleshooting:
Navigate to Local machine->Service and check if the Visual Studio Team Foundation Background Job Agent is running on the TFS application tier server.
You could start or restart this service.
Make sure the account that the agent is run under is in the Agent Pool Service Account role or Project Collection Build Service Accounts and the account is a domain account.
TFS2015 -> Agent Pool Service Account
TFS2017 TFS2018 ->Project Collection Build Service Accounts
Change another available account for agent service, restart the service.
3.Restart the whole TFS server and check if this do the trick. Need some time to wait.
Here is another ticket with the similar issue, you could refer to it.
Hope this helps.
We recently migrated from an on-premise TFS server to Azure DevOps. Our team uses TFVC for source control, and I'm getting the following exception when Jenkins polls for new check-ins:
FATAL: This server requires federated authentication but no mechanism was available to handle it.
com.microsoft.tfs.core.exceptions.TFSFederatedAuthException: This server requires federated authentication but no mechanism was available to handle it.
Given the exception class name is TFSFederatedAuthException I suspect Azure is expecting some sort of OAuth integration, but Jenkins doesn't appear to support that for TFVC.
All I did was change the Collection URL for that Jenkins build to https://dev.azure.com/MyCompany. The Project path remains the same, and I verified this, because I was able to re-map all of my TFVC branches in Visual Studio by just pointing to the different collection URL and keeping the same project path. A screenshot of the Jenkins source control config is below:
This Jenkins server is internal with no public facing IP address or host name.
How can I allow Jenkins to poll a TFVC repository hosted in Azure DevOps in order to trigger a CI build in Jenkins?
Why not use Azure pipelines? That's a much bigger migration effort at the moment, and I'm just trying to solve a short term problem.
Using Azure pipelines is my long term goal, but I need to figure out how our automated tests can use an Oracle database first, because all data is deleted before each test is executed using Selenium.
Azure DevOps uses OAuth to communicate by default, putting in your username and password won't work because of that. Instead, the trick is to generate a Personal Access Token (I suspect the Code|Read+Write scope should do it) and pass that in.
For the username pass in ., for the password your generated personal access token. Give the token a nice name so you know which one is about to expire once you get the email notification.
Recently I was able to configure a build agent on my laptop and queue a successful build on TFS.
Then I tried to switch to a build server VM. I created a service account with the same rights as my account I was using from the laptop and configured a new build agent on the machine to use the service account and the same pool and started the agent.
When I log into TFS I can see the agent running in the correct pool, and it is green. So I disabled the agent from the laptop, so it would use the new agent on the build server. However, when I queue a build to the pool, the message displays "all possible agents have been disabled". So my new agent is in the pool and enabled, but when I queue a build it is not seen as a possible agent.
How do I make the new agent pick up the request to queue a new build? I verified it's running as a service on the build machine.
Please make sure the service account is a domain account and is part of “Agent Pool Service Accounts” group in TFS under your Agent Pool.
Then check the capabilities, and make sure the agent capabilities match the one set in the build definition. In addition, private agents give you more control to install dependent software needed for your builds and deployments. You can compare with you laptop, to check if there are any necessary dependent software misinstalled.
I have already created the TFS Build Agent pool windows service that is running periodically and tries to connect to TFS,
It seems it tries to run with its own credentials and the windows service is installed on a Server that is not in the same domain as TFS (but I can access the TFS from this sever), so It fails with the below error
Error in the service log file:
Microsoft.VisualStudio.Services.Common.VssUnauthorizedException:
VS30063: You are not authorized to access https://tfsURL.
How to impersonate or making the agent Pool Windows service connected as "NT AUTHORITY\Network" or with another credentials from server in a domain to the TFS which in another domain
You can either re-configure the build agent to enter a name of the user account to use for the service like the screenshot below:
Or open the Services, right click the agent service, and then select Log On tab to change the account that runs the agent:
I'm running a TFS build controller and build agent on the same machine, and I noticed that I don't see the build agent service in the services console. Maybe this is how it is when they are both on the same server, but then according to the practices as outlined in the MSDN regarding TFS, there is supposed to be a TFSService (to run the controller) and TFSBuild (to run the build agent) service accounts, but I don't see a place on where I'm supposed to assign TFSBuild to a service. Where is the build agent service? According to this article, I'm supposed to have two different user accounts: http://msdn.microsoft.com/en-us/library/vstudio/ms253149.aspx
All TFS Build components (controller and agents) share the same windows service and service account. You can see this in the TFS admin console.