Tags: ISA Server, ISA Server Publication, Team Foundation Server
Publishing a TFS within an ISA Server basically depends on creating three rules for web sites: One will use the TFS default port (8080), the second will use SharePoint (on port 17012) and the other one is for the common HTTP port (80).
A small comment about this: The same configuration described here, can also work for Team Foundation Server 2008.
It’s very important that you already have defined your public name for the TFS Server and even more important that this public name can be resolved by the ISA Server and over the Internet.
Let’s start then:
1 – Publish TFS Services
1.1 – Select “Publish Web Site” and use the proper name for that rule.
1.2 – Select “Publish a single Web Site or load balancer”.
1.3 – If you are not going to use SSL the just select “Use non-secured connections…”
1.4 – In this step you must indicate the FQDN that the clients will use to connect with the Team Foundation Server. Remember that this name should be already accessible for the ISA Server.
1.5 – No selection on Path and select “Forward the original host header…”
1.6 – Select “Accept Requests for: This domain name (type below)” and use the public TFS name again.
1.7 – On the next window you will need to create a Web Listener, which will be accepting the incoming requests for TFS Services port.
1.8 – Select again what kind of HTTP connections will use, secure or not secure.
1.9 – Select that the Listener will be getting the requests from the External network that you should already have on your ISA Server
1.10 Select that the Listener will not require authentication. This process will be done by the TFS itself.
1.11 Hit Next and Finish the new listener creation.
1.12 Once that the creation of the listener finishes, you’ll be back at the rule wizard.
Leave selection of “No delegation, and client cannot authenticate directly”
1.13 Leave the “All Users” option and hit Next.
1.14 The wizard will complete but that’s not all. The web listener and the rules that you just created it actually didn’t complete with their proper configuration, all the listeners are created to “listen” in the default port of HTTP. Like TFS use the port 8080 to receive incoming requests, we will need to change that default port.
Access the rule properties and get to the “Bridging” and select the port 8080.
Now enter to the listener properties and select on “Connections” the correct port.
On “Authentication” select “Advanced” and check the option “Allow client authentication over HTTP”
1.15 Hit OK twice and the rule for TFS Services it’s ready.
2 – Publish TFS SharePoint
This rule follows the same configuration that the TFS Services on the steps 1 to 13. As you can imagine the differences are made within the ports configuration, and we will replace the 8080 used on the first rule by the 17012 of our SharePoint Services.
2.1 Enter the properties of the rule you just created for the SharePoint services and Access to the “Bridging” options and select the 17012 port.
Access the Listener properties and select “Connections” with the proper port:
Again on “Authentication” select “Advanced” and mark “Allow client authentication over HTTP”
2.2 Now the TFS SharePoint Rule it’s created.
3 – Publish TFS www
Like the other two rules, the steps from 1 to 13 are completely the same. Like this rule it’s representing an HTTP connection, neither ports on the Bridging option nor the Web Listener needs to be changed, they must keep as the default port 80 configured. The only thing that you must do is the authentication method, as we did on the first two.
3.1 “Authentication” select “Advanced” and “Allow client authentication over HTTP”
3.2 Hit OK twice and you are set to go.
That’s pretty much everything to do.
There’s a common issue within TFS public name. When you use this FQDN to connect over the Internet, it appears that the users have not the proper permissions, making the “Documents” and “Reports” items unavailable, for Team Explorer. You should check another post of mine that has the workaround for that problem.
Also here’s an interesting article about how ISA Server handles authentication:
I hope you find it useful!
Common issue using Team Foundation Server with an external connection: Documents and Reports items becomes unavailableDecember 12, 2008 at 4:35 pm | Posted in Team Foundation Sever | 2 Comments
Tags: Source Control, Team Foundation Server, Troubleshooting
Team Foundation Server is a very useful tool for team work, badly designed (no secret about that), but useful. The definition itself for TFS almost obligates you that this tool must be accessible not only from the internal network from your company, but also must be from external networks and the Internet.
That’s when the problem appears. If you use Internet as the media to connect to TFS, probably you have this issue: even with all the permission in place, the Documents and Reports items from Team Explorer becomes unavailable.
Like you know, you can use the FQDN (fully qualified domain name) of the Team Foundation Server name as the connection’s name with Team Explorer, for example: server01.domain.com. Or even you can use the server’s IP. But what happens if you want to work at home with any project within TFS?. If you don’t have a VPN (virtual private network) at your organization to make valid connections with Active Directory it can be very difficult to accomplish that.
First you must achieve that you actually have a FQDN available to be used over the Internet. For example, if you own a web site for your organization, like http://www.mycompany.com, you can add a DNS record (tfs.mycompany.com) as a valid connection for your server. This post it’s intended to solve the named issue for TFS and not to guide you for a proper configuration of TFS over Internet, we can dedicate that topic to another post.
Let’s focus on the problem. You have everything in place for a TFS connection over the Internet but you get the Documents and Reports items unavailable, like if you don’t have the proper permissions in place. This is a common issue within the SQL Reporting Services and the FQDN of your TFS connection. Here’s the solution:
1 – Open cmd on your Team Foudantion Server. If you have a dual-server configuration, this must be done on the Application Tier.
2 – Type “cd %programfiles%Microsoft Visual Studio 2005 Team Foundation ServerTools” and press enter.
3 – Run “tfsadminutil activateat “
4 – Run “regedit.exe“.
5 – Access HKEY_LOCAL_MACHINESOFTWAREMicrosoftVisualStudio8.0TeamFoundationReportServer
6 – Right-click on the “Key” record and select “Modify“.
7 – Insert the TFS FQDN that you use over the Internet connection.
Now test again the connection with your Team Explorer and all the items should be available to you.
I hope you find it useful!
Tags: Step-by-Step, Team Foundation Server
If you are thinking that you have all the installation requirements for Team Foundation Server, to avoid surprises, check them again:
In a clean installation of Windows Server 2003, install all the components in the order that they are listed here:
- First of all, the complete enviorenment of TFS in a single-server mode must be in 32bits.
- Windows Server 2003 with SP1 or SP2 (R2 optional): Standard, Enterprise and Datacenter editions supported.
- Internet Information Services 6.0 with ASP.NET enabled (and no support to Front Page Extensions, they are incompatible with Sharepoint). In addition, IIS must have a default web site.
- SQL Server 2005 SP1 or SP2 Standard or Enterprise Edition as the default instance of SQL Server *. If you are not planning to install SP1 on your SQL 2005, the hotfix KB912838 is required for TFS installation.
- .Net Framework 2.0 with the hotfix KB913393 installed.
- Windows Sharepoint Services 2.0 with SP2. Server-farm type of installation **.
- If you are using a firewall check that the appropriate ports are open *.
IMPORTANT: The hotfixes for SQL 2005 and .Net Framework you may find it in TFS installation media. You probably may have problems finding the .Net Framework hotfix over the Internet.
* For a complete reference and all the components needed to SQL 2005 installation and the ports needed to TFS take a look to the TFS Installation guide at: http://www.microsoft.com/downloads/details.aspx?familyid=E54BF6FF-026B-43A4-ADE4-A690388F310E&displaylang=en
** Download Sharepoint Services 2.0 SP2 at http://go.microsoft.com/fwlink/?linkid=55087. Do not install the service at “Add or Remove Role” wizard from Windows Server 2003.
What about 64bits Processors? I have to get an operating system in 32bits to install TFS?
If you are planning in a Team Foundation Server as a Single-Server mode: Yes, that’s your only choice. But there is also the option of implementing Dual-Server Mode. You can apply this by leaving your Application tier in 32bits and the Data tier (SQL 2005) in 64bits, that’s the only way. The Application tier must always be in a 32bits environment.
Processor 2.2 GHz Pentium IV or Athlon
RAM 1 GB
Hard Disk 8 GB of available space
A third consideration is needed before installing Team Foundation Server in your company. That is if you are working in a domain or workgroup environment:
- Domain Integration: The domain functional level must be either in Windows 2000 native mode or Windows 2003. In addition TFS cannot be installed in a domain controller.
- Workgroup Integration: Team Foundation Server can only work with workgroups on supported 32-bit operating systems.
If you already checked all the requirements, hands on installation then:
1 – Log on as Administrator in the computer that you’ll install TFS.
2 – Create User accounts for TFS installation:
TFSSERVICE. Deselect “Must change password at next logon” and select “Password Never Expires”. Don’t leave the password in blank.
TFSREPORTS. Deselect “Must change password at next logon” and select “Password Never Expires”. Don’t leave the password in blank.
These exact names are not a requirement for installation; you can use the names that you want. A third account is needed, not for installation but when your clients’ computers use the Server: TFSPROXY. And in this one you cannot change his name.
Note: In almost all installation guides you will find that is also needed a fourth account: TFSSETUP, from which you will run the installation. If you are installing, in fact, the Workgroup Edition of TFS it’s not recommended to use this account for installation. The installation procedure also creates a users group named “Team Foundation Licensed Users” (for your developers), as a Workgroup Edition you can only add 5 users to this group (no sub groups permitted of course), and if you use TFSSETUP for installation, this account automatically is added to the licensed users group, loosing the possibility to add a developer. That’s why you should run setup with the Administrators account or any other with privileges to install in the server.
3 – Insert the installation media of TFS, start the Autorun and click Next.
4 – Accept the License agreement and the destination folder to TFS.
5 – Watch for the warnings in the System Health Check. And click Next.
6 – On the Service Logon Account Name insert the account you created as TFSSERVICE and its password. On the Reporting Logon Account insert TFSREPORTS and its password.
7 – Specify Alert Settings, this is optional, you can include the SMTP Server and e-mail address where the alerts notifications will be sent.
8 – On the Ready to Install Page click Install.
9 – After installation as an optional step also is the backup up of the Reporting Services Encryption Key.
After the installation is complete, to check everything went OK: in Internet Explorer locate: http://localhost:8080/services/v1.0/registration.asmx and the click GetRegistrationEntries, click Invoke (you don’t have to enter a ToolID) and in the XML verify that the type VSTF exists and the close.
It’s highly recommended that your operating system is up to date with “Windows Update”. After the installation of IIS, SQL 2005, .Net Framework, Sharepoint Services you will find several critical updates to install in you OS.