I'm trying to install Team Build (2008) on a different Build Server (BS) to the Application Tier (AT). BS is a 32-bit Windows 2008 server (as is the AT). They are on a corporate domain.
The EXE in question is
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies>
TFSBuildService.exe
The service on BS cannot start - the error is "Windows could not start the Visual Studio Team Foundation Build service on Local Computer\r\nError 5: Access is denied.". There is NO additional information in the Event Log. It is set to run as DOMAIN\TFSSERVICE account, which is also added to the Local Administrators group. It fails very quickly.
When I try to run it 'interactively' - the error on the command line is "Program too big to fit in memory".
It seems to me like this should be a fairly simple thing to set-up and use. What am I missing?
Notes:
I got my .config from Buck. I'm pretty sure I've correct set the ports, Windows Firewall rules
I can access the web services on AT from BS via Internet Explorer (using the DOMAIN\TFSERVICE login)
I've added DOMAIN\TFSSERVICE user to a TFS project's Build Services group
I have checked DOMAIN\TFSSERVICE has full permissions on pretty much everything on the Build server.
Try this:
Associate the default port to the new build service account using the wcfhttpconfig.exe command-line tool located in the following folder:
C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies
Execute (from the folder above):
wcfhttpconfig.exe reserve DOMAIN\UserAccount 9191
Full credit from the following post:
http://wesmacdonald.spaces.live.com/Blog/cns!25108A9ADA96C9D7!1553.entry
I suggest you should set up a dedicated TFSBUILD account and not use the TFS Service account for this task as a best practice.
OK, the fact that you can access web services using the TFSSERVICE account from BS through to AT is a good thing, I am making the assumption you have created a LOCAL account on the BS machine for the TFSSERVICE account?
If not, please:
add a LOCAL account with the same name as DOMAIN\TFSSERVICE.
ensure that the password matches that of the DOMAIN\TFSSERVICE account.
ensure that account has "log on as a service" right under Local Security Policy.
Please read article: http://social.msdn.microsoft.com/Forums/en-US/tfsbuild/thread/d519b8e3-451a-4f07-97b1-e2943c2756c2
My issue was that my passwords for the AT and BS machine had to MATCH on the same domain. Please double-check that the TFSSERVICE account password matches on both the AT and BS machine, as the service will use impersonation when on the same domain.
Related
Been looking through and trying all guides i found on this topic but no luck. I am running and MVC project with HTTPS and want to access the debug site with some remote mobile devices to test out the website. I followed a guide that almost work and i think I am pretty close to getting it to work. Here are the steps I have done:
Turn off Firewall
Open projectfolder of website go to \vs\config\ and open applicationhost.config
Find your site and line that contains your mapped port like this:
-edit it to get this result:
Tried to run Visual Studio as Admin at this point, Got regular error 400: Bad Request - Invalid Hostname when trying to access site from other computer
Opened CMD as Admin and ran the following command:
netsh http add urlacl url=http://*:44363/ user=everyone
- URL reservation successfully added
-Tried to start Visual studio as admin and non admin. Gets the following error message
"Unable to launch the IIS Express Web Server.
Failed to reister URL "https://localhost:44363" for site "x" Application. Error description: Cannot create file when that file already exists"
-I then have to run cmd again and remove the url with the command:
netsh http delete urlacl url=http://*:44363/
How do i get this to work with Visual Studio 2017 ? I cant be many steps from getting it to work. I have read many guides but none of them works
Amazing how such a simple common need can be so painful to fulfill out of the box in 2017!
Anyway https://github.com/icflorescu/iisexpress-proxy worked nicely for me.
Install it with node:
npm install -g iisexpress-proxy
Then its just something like:
iisexpress-proxy 51123 to 3000
Under 2 mins to get running.
Let me share my experience with Visual Studio and IIS Express that should help you. I am not using HTTPS and my project type is Web site with WCF but you should be able to accomplish your goal.
Here are prerequisites:
IIS Express installed
Visual Studio installed
Added url reservation for public port (netsh http add url=http://*:50001/ User=Everyone) from elevated command prompt.
Added firewall inbound rule for 50001 TCP port (Control Panel-->Windows Firewall-->Advances Settings-->Inbound Rules-->New Rule...)
Now let us setup a project in VS. I am using one of predefined templates with C#. Compile it and try to run it from VS. At that moment VS is starting developer instance of IISExpress that helps your site to run.
You should be able to see IIS Express icon in Notification area. With right click you will see that your site is running and a port (we will call it VSPORT) that is assigned by VS. This port must be different than reserved port (50001).
If you managed to accomplish this without problems then you have almost everything ready for running your site without VS.
Go to your project folder
Go to .vs folder
Go to config folder
Open applicationhost.config
Locate sites/your_site section
Copy everything between your_site and /your_site
Now we need to add this info in "global" IIS Express config.
Go to IIS Express folder (something like c:\Users\USERNAME\Documents\IISExpress)
Go to config folder
Open applicationhost.config
Locate sites section.
Paste information about your site.
Change binding from
binding protocol="http" bindingInformation="*:VSPORT:localhost"
to
binding protocol="http" bindingInformation=":50001:"
Save changes
With this change you may start IISExpress.exe directly and you can continue to use VS to work on you project at the same time.
If you want to access it from other computers do it as http://YOURIP:50001/.
Do have in mind that you need to ensure that your javascript code is NOT using address and port number directly.
You can solve the problem by downloading the 'conveyor' library from extensions and update in Visual Studio.
You can access it from other devices.
Open Visual Studio
Tools > Extensions and Updates
Online > Visual Studio Marketplace
Search 'Conveyor'
Download and install this extension
When you launch the API, you can access it from other devices. This plugin creates a link from your own ip address.
Example:
https://youripadress:5000/api/values
I host my projects on Visual Studio Team Services cloud TFS. I'm trying to run some TFS command lines (specifically this) but I'm not getting very far. I believe the problem is most likely the format of the URL. My command looks like this (linebreaks added for readability):
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE>
tf status itemspec
/collection:"http://MYACCOUNT.visualstudio.com/DefaultCollection"
/login:MYEMAIL
The error I get in response looks like this:
TF31002: Unable to connect to this Team Foundation Server:
http://MYACCOUNT.visualstudio.com/DefaultCollection.
Team Foundation Server Url:
http://MYACCOUNT.visualstudio.com/DefaultCollection.
Possible reasons for failure include:
- The name, port number, or protocol for the Team Foundation Server is incorrect .
- The Team Foundation Server is offline.
- The password has expired or is incorrect.
Technical information (for administrator):
The remote server returned an error: (404) Not Found.
I've tried it with my password too, but the response is no different. I found this but it did not help me at all. Has anyone been able to run commands against TFS on Visual Studio Team Services?
Please double check the URL. All URLs for Visual Studio Team Services are https, not http. At a minimum, your project collection URL should be:
https://MYACCOUNT.visualstudio.com/DefaultCollection
If you are using https as Ed mentions, then you are failing to authenticate. Don't use the /login option. Tf.exe will pop up the same authentication dialog as VS does when connecting to your Team Services account. You would need to log in with your Microsoft Account (unless you have Azure Active Directory linked to your Team Services account, and then it is your AAD identity). I ran tf.exe on my work account to double check, and I was able to sign in (two factor auth required in my case - all handled by the auth dialog and I did not use the /login option).
BEFORE: I had a TFS 2010 on a temporary test environment set up with a project and I had web users and everything worked great.
NOW: I've installed it on a permanent environment (same O/S, domain, everything) but any permissions I set no longer seem to have any effect.
It seems only the service account can access any features.
Authentication is NTLM.
Any network users I give access to are either being asked for their credentials to connect to the server and being rejected regardless (they can connect to the default IIS fine) or they get:
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Ridiculous, but the problem is that the new install was on the E: not the C: so the local NETWORK SERVICE account (that I use as a service account for TFS) did not have access to the files/folders under \Program Files\Microsoft Team Foundation Server 2010\
After DCpromoing and then demoting the server that TFS runs on, we cannot use WSS ("Cannot connect to the configuration database") to manage team projects. I believe that if I could find the default permissions that are set up when TFS is first installed on a server that is joined to a domain - in terms of any service accounts that are created and which accounts various services should run as - I would be able to get it back up and running again. Does anybody know the default NT accounts and permissions for Team Foundation Server?
That error sounds like a SharePoint error. This technet article outlines the permissions (server, SQL, registry) that are required for a default WSS install.
When I try to start Build Service from Administration Console I receive
TFSBuildServiceHost failed to start
correctly
and the event log reports
Service cannot be started.
Microsoft.TeamFoundation.TeamFoundationServerUnauthorizedException:
TF30063: You are not authorized to
access
http://localhost:8080/tfs/defaultcollection.
My build configuration settings are as follows
Connect to Team Project Collection
(outgoing) :
http://localhost:8080/tfs/defaultcollection
Local Build Service Endpoint
(incoming) :
http://localhost:9191/Build/v3.0/Services
Run Build Service As :
Windows Service
Credentials :
NT AUTHORITY\NetworkService
I have a default Build Controller and 1 Build Agent, with working Directory $(SystemDrive)\Builds$(BuildAgentId)$(BuildDefinitionPath). Both are enabled
My Security Setting are as follows
Application Tier > Service Account : NT AUTHORITY\LOCAL SERVICE
Team Project Collections > DefaultCollection > Group Memeberships > [DefaultCollection]\Project Collection Build Service Accounts : Contains NT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\SYSTEM
IIS > Sites > Team Foundation Server > tfs : Contains NT AUTHORITY\NETWORK SERVICE (full control)
C\Builds\ : Contains NT AUTHORITY\NETWORK SERVICE (full control)
C:\Program Files\Microsoft Team Foundation Server 2010\Application Tier : Contains NT AUTHORITY\NETWORK SERVICE (full control)
So I am not sure what else I am missing?
I managed to get this problem resolved by reinstalling TFS (not ideal).
The short answer, I think, to resolve this is to follow the steps for changing the Build Service Account, instead.
http://msdn.microsoft.com/en-us/library/bb909750(v=vs.90).aspx
It appears the problem was that I did not pay close enough attention during the Build Service Configuration stage of the installation, in particularly the health check step, which gave a warning that the specified service account, under which the Build Service would execute, must be added to Windows Credentials Manager. The warning further stated that, if I chose to use the current interactive user (i.e. my account, instead of an account I specially created for the Build Service) that the installation could do this for me, otherwise I would have to do it manually. Since I had already wasted two days on this, I chose to use my account instead and let the installation perform the necessary security setup, luckily !! since it appears that, adding the account to Windows Credential Manager is not the only thing you have to do, nor is any other seemingly logical thing, such as adding the account to the Team Project or Project Collection. I subsequently tried to manually change the account to a dedicated TFS user account, by assigning it to the Build Service, added it to Windows Credentials Manager and Team Project Collection, but no luck. I think the problem is that the account must also be specified for the WCF end points that TFS exposes to allow the build service to connect to it and I think this can be done through wcfhttpconfig.exe as mentioned in the link.