TFS 2010 Build - batch file 'access denied' - tfs

Running TFS 2010
I am trying to do a proof of concept, having batch files run as part of the build process. I have an 'invokeProcess' in my build seqeunce which runs a batch file. When I run the build, it 'partially succeeds' and then shows an 'access denied' error on the batch file.
Thoughts? Honestly I'm not even sure how to diagnose what user it is trying to run under.

Is your build server different than your TFS server? In our environment, our build server runs all the windows services that execute the builds. Those builds are executed under the context of the user id that the build service is configured to start with.
To execute a batch file, you not only need to give permissions to the batch file itself, but you also need to grant rights to the cmd.exe file (since this will execute a new command line process) as well as any executables your batch file may call.
Try running procmon (http://technet.microsoft.com/en-us/sysinternals/bb896645) and execute your build again - it will show you exactly what files the system is denying access to.

Have you verified that the service account that is the identity for the build service has access to the batch location? You can find the service account in the TFS Administration Console (available on your TFS Server)

Related

Is there a way to generate an Intellitrace file from a TFS Build?

I currently have an on-premises TFS 2017, a TFS build and a test that fails on the build agent but not when running locally. I heard about historical debugging but I couldn't find instructions on how to enable it on a TFS build, if that's even possible.
Is it possible to configure my build so that it generates an intellitrace file for me to debug the test run afterwards?
For intellitrace which related to the old testsettings file and could add some variables to configure this.
You could also manually enable such option in the VS on your build agent.
Also find a link mentioned it seems also work with Msbuild arguments. Even not documented anywhere in Msbuild command doc. I wonder whether IntelliTrace is still running even though it's not explicitly specified to do so
However, looks like you just want to find the root cause why your tests failed on tfs build even it passed locally.
To narrow down the issue, suggest you directly remote to your build agent. Instead of through TFS build, manually build your project, run the tests in the Visual Studio on build agent.
It will come out whether it's an environment issue. You must make sure it's the same environment for build agent and your local.
TFS is just using build service account to invoke msbuild/vstest command in build agent to run build/test.
Also make sure build service account have appropriately permission if your tests required some permission.

How can terminate the job if some files keep open on windows build machines

How can I invoke build as failure on file unable open in windows build machines. Actually the build was a success, because of the file opened the job doesn't deploy some of files and finally application is failing.
My requirement is to fail the build if some files keep open. is there any workaround? I see couple open tickets for similar kind of issue.
02:26:08 c:\resin-3.1.12\webapps\ROOT\WEB-INF\lib\ridl-3.2.1.jar - The process cannot access the file because it is being used by another process.
02:26:08 c:\resin-3.1.12\webapps\ROOT\WEB-INF\lib\unoil-3.2.1.jar - The process cannot access the file because it is being used by another process.

TFS Build Server gives service unavailable (503) message

I recently installed TFS 2015 on a new machine. I want to configure the same machine as our build server but i have massive trouble doing this. I neither can configure the new vNext-system nor can i configure an "old-style" xaml build server. As the build account i want to use the NT AUTHORITY\Network Service. For the xaml configuration i set "Execute service as" to NT AUTHORITY\Network Service and use the same account for the connection to the team foundation server.
But when i add a new controller and want to browse to custom assemblies, i get a "service unavailable" error. So i decided to test without the custom assemblies, added an build agent and created a new build-definition for a simple test project. I added a build to the queue and wait. Nothing happenend (in the build window) until after about 50 seconds an error was shown in the build window: Service Unavailable (Typ VssServiceResponseException).
Same for the new vNext builds. I downloaded the agent.zip from the web-frontend, opened the powershell and started configuring the build-agent. After waiting some minutes, the configuration aborted with.... service unavailable.
So i decided to test something different : instead of using the FQHN, i used localhost and - tataaa - it starts the agent, which is also shown green in the web-frontends agent-tab. So i created a new vNext-Build-Definition and added it to the queue, but it does not start, but shows the message : "waiting for console output from an agent".
So i decided to test it on a different pc : i downloaded the agent to my laptop and installed it, configuring the agent with it's FQHN. Without any problems the agent was started and i was able to start and run a build.
So the question is : Why am i'm not able to configure the build service on the tfs. I guess it has something to do with permissions, but i don't now, what permissions the network service account should have. I also tried it with a local account, but with the same result.
Any hints are very appreciated. Thanks in advance.
BTW: I can ping the FQHN from the command-line.
This is the output, after trying to add a vNext-agent via the powershell.
UPDATE:
I used the the servers IP-address instead of its name and it suddenly worked.
Take XAML build for example, to configure a Team Foundation Build Service, you must be a member of both the Windows Administrators security group on the server on which you are configuring Team Foundation Build Service and the Project Collection Administrators group on TFS.
According to the second paragraph, you can configure build controller and add build agent. Before queuing a build, you need to make sure the build controller and agent are in Ready status, sometimes relevant services are not yet fully available when you newly configure them or restart them.
Also, you may try to remove build service feature, and reconfigure it, to see whether you can solve the issue.

Can't install TFS 2015 build vNext agent as a service

I'm looking at migrating our builds from the old XAML to the new build system, but I have a problem with configuring the build agent to run as a service.
Configuring the agent to run interactively (in my session on the build server) works. The builds are OK but this is not useable as I have to open a session and start the agent.
Configuring the agent to run as a service with the default NT AUTHORITY\NETWORK SERVICE works. The builds are broken. WiX doesn't like this account and fails during the ICE validation. The drop also fails because this account doesn't have access to the drop folder.
Configuring the agent to run as a service with a domain account fails. The service is not created and I get the following error:
Installing service vsoagent.tfs-server.tfs-build-server-agent1...
Creating EventLog source vsoagent.tfs-server.tfs-build-server-agent1 in log Application...
An exception occurred in the OnAfterInstall event handler of System.ServiceProcess.ServiceInstaller.
System.NullReferenceException: Object reference not set to an instance of an object.
The username and passwords are OK, I get a different "bad username or password" error when typing a bad password. The user was used for the old XAML build system on the same build server and is in the local admin group, so it has authorisations AFAIK.
I was running TFS 2015, I upgraded to 2015 update 1 then forced an agent update in the web interface. After that it works, I can configure the agent to run as a service using a domain account.
Agent.Version is still saying 1.83.2 in the web interface, but the files are actually different in the agent folder. An agent.old folder is left after the upgrade and you can see that VsoAgent.exe and VsoAgentService.exe have a different size and version. Also the agent.old folder has 138 files in 46 folders, but the agent folder has 157 files in 53 folders.
I Had the same issue with the WIX validation. But i did not try to reconfigure the agent (not due to problems,just due to pure laziness), instead i did just change the account to a domain account using the services overview. restarted the machine and everything did work fine.
To narrow down your issue:
1.Try to Configure the agent to run as a service with another domain account on another computer
2.If you need to change the logon account, don't do it from the services snap-in. Instead, From an elevated Command Prompt, run: C:\Agent\Agent\VsoAgent.exe /ChangeWindowsServiceAccount
update
If you upgrade your TFS2015 to TFS2015update1. Do not just use the simple update agent in the web interface. You need download the agent from web and reconfigure it in the cmd.

Using TFS Build to run .bat files on remote server

The project I am on is using TFS Build in conjunction with Web Deploy to handle the deployments of the web site and service to the servers. We also have a windows service that needs to be deployed to the server as well.
My question is: Is there a way to deploy the Windows Service to the Web Server from the TFS Build server?
The other issue I have is that the service needs to be stopped before it can be deployed. I have tried to modify the Build Configuration file, but could not manage to get it to work.
Thanks.
Options:
If you install TFSBuildagent service on the web server and grant the user which runs the service Admin rights on the web server, then you can create a new build definition just for the deployment/installation. This is fairly simple and straight forward, but this would only work when you have limited number of web servers (who wants to install TFS BUild agent on all 2000 servers) and only work in the non-prod environment. This is how we are doing it for non-prod deployments, I have created a build definition which is just for deployment, which takes care of all the things like stopping services etc.
If the user which runs the TFSBuild Service on the build server have enough rights on the web server then you can use psexec or powershell to run your commands remotely. Read the below links: 1. PSEXEC
Powershell Remote commands
What did you do to stop the service in your build configuration file? Does the user have enough rights?
There is no inbuilt activity/process which can help you run scripts on remote machines in TFS build workflow.
Step 1 for you is to identify how you are going to run scripts on the remote machine, as mentioned above you can either use PSEXEC or Powershell (though running PowerShell on remote computers may be a little more complicated to set up).
Step2, write the actual scripts to do the work, stop services, install MSI etc.
Step3, Edit your current build defintion - create a new custom activity or make use of InvokeProcess activity from within your build definition to invoke the script that you have created in Step 2. InvokeProcess Activity

Resources