Error TF14045 when Upgrading Project Collection

Question

I'm getting the following error when trying to attach a project collection from "TFS 2010 SP1" to a "TFS 2012 Update 1" server:

TF14045: The identity with type 'Microsoft.TeamFoundation.Identity' and identifier 'S-1-9-1551374245-2405890060-543134791-3165605861-370251759-1-1780376448-815540042-2542150432-3770668342' could not be found.  

This is shown on the "Build" task as an "Error" status.

Also, I'm getting a "Cancelled" status on "Core Framework", "Work Item Tracking", "Process" and others (this may or may not be directly related to the Build error above, since the log ends promptly after encountering this error).  

I'm able to find this SID in the tbl_Identity table of the Configuration database on the old and new server. This references a group that used to access this collection, but does not anymore (they no longer work for our company).  I can't find where this group is visible through the user interface (TFAC and Team Explorer), so I tried to delete the group using the "TFSSecurity /gd" command, but it states "The identity cannot be resolved".  Obviously, I don't want to go around changing things in the SQL tables.  Not sure where to go from here.

To upgrade I'm going from an existing TFS 2010 SP1 server, which is running on Windows Server 2008 to a brand new TFS 2012 Update 1 server.  

1. I detached the TFS project collection from TFS 2010 - SP1.

2. Detach SQL Server database from SQL Server 2008 - SP3 running locally on TFS server.

3. Copy MDF and NDF files over to new server.

4. Attach SQL Database to new SQL Server 2012 - SP1 running locally on TFS server.

5. Attach Project Collection to new TFS 2012 - Update 1 server.

Below is the excerpt of the log with the error:

[02:00:15.453] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[02:00:15.453] Executing step: Add StrongBoc Version 1 Framework Locations
[02:00:15.453]   Executing step: 'Add StrongBoc Version 1 Framework Locations' Location.AddLocationData (449 of 502)
[02:00:15.457] Step passed: Add StrongBoc Version 1 Framework Locations. Execution time: 4 milliseconds.
[02:00:15.467] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[02:00:15.467] ++ Executing - Operation: ToDev11Beta1FinalConfiguration, Group: BuildToDev11Beta1FinalConfiguration
[02:00:15.467] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[02:00:15.467] Executing step: Initialize Additional Build Collection Permissions
[02:00:15.467]   Executing step: 'Initialize Additional Build Collection Permissions' Security.SetPermissions (450 of 502)
[02:00:15.467]   There are 1 permissions to process.
[02:00:15.467]   Setting permission #1.
[02:00:15.467]   Step Data: SecurityNamespace => 4a9e8381-289a-4dfd-8460-69028eaa93b3
[02:00:15.467]   Step Data: Token => StrongBox
[02:00:15.467]   Step Data: Allow => 32
[02:00:15.467]   Step Data: Deny => 0
[02:00:15.467]   Step Data: Merge => False
[02:00:15.467]   Step Data: IdentityDescriptor => IdentityDescriptor (IdentityType: Microsoft.TeamFoundation.Identity; Identifier: S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-1)
[02:00:15.493] Step passed: Initialize Additional Build Collection Permissions. Execution time: 26 milliseconds.
[02:00:15.493] +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[02:00:15.493] Executing step: Grant Administer Build Permissions to Project Administrators
[02:00:15.493]   Executing step: 'Grant Administer Build Permissions to Project Administrators' Build.GrantAdministerPermissionsToProjectAdmins (451 of 502)
[02:00:15.943]   [Error] TF14045: The identity with type 'Microsoft.TeamFoundation.Identity' and identifier 'S-1-9-1551374245-2405890060-543134791-3165605861-370251759-1-1780376448-815540042-2542150432-3770668342' could not be found.
[02:00:16.183]   Microsoft.TeamFoundation.Framework.Server.IdentityNotFoundException: TF14045: The identity with type 'Microsoft.TeamFoundation.Identity' and identifier 'S-1-9-1551374245-2405890060-543134791-3165605861-370251759-1-1780376448-815540042-2542150432-3770668342' could not be found.
[02:00:16.183]      at Microsoft.TeamFoundation.Framework.Server.TeamFoundationSecurityNamespace.EnsureIdentityIsKnownInternal(TeamFoundationRequestContext requestContext, IdentityDescriptor identity, Boolean throwOnFailure)
[02:00:16.183]      at Microsoft.TeamFoundation.Framework.Server.TeamFoundationSecurityNamespace.SetAccessControlEntries(TeamFoundationRequestContext requestContext, String token, IEnumerable`1 accessControlEntries, Boolean merge, Boolean throwOnInvalidIdentity)
[02:00:16.183]      at Microsoft.TeamFoundation.Framework.Server.TeamFoundationSecurityNamespace.SetAccessControlEntries(TeamFoundationRequestContext requestContext, String token, IEnumerable`1 accessControlEntries, Boolean merge)
[02:00:16.183]      at Microsoft.TeamFoundation.Server.Servicing.TFCollection.BuildStepPerformer.GrantAdministerPermissionsToProjectAdmins(TeamFoundationRequestContext requestContext, ServicingContext servicingContext)
[02:00:16.183]      at Microsoft.TeamFoundation.Framework.Server.TeamFoundationStepPerformerBase.Microsoft.TeamFoundation.Framework.Server.IStepPerformer.PerformStep(String servicingOperation, String stepType, String stepData, ServicingContext servicingContext)
[02:00:16.183]      at Microsoft.TeamFoundation.Framework.Server.ServicingStepDriver.PerformServicingStep(ServicingStep step, ServicingContext servicingContext, ServicingStepGroup group, ServicingOperation servicingOperation, Int32 stepNumber, Int32 totalSteps)
[02:00:16.183] Step failed: Grant Administer Build Permissions to Project Administrators. Execution time: 690 milliseconds.
[02:00:16.213]   Clearing dictionary, removing all items.

Answer 1

Hi Anthony,

Thanks for your post!

The issue happens when there are team projects with the same name as their containing team project collection. Please refer to the following KB article for it:

http://social.msdn.microsoft.com/Forums/is/tfsadmin/thread/1af07715-965c-4106-a274-e32a4bf8f441

If it doesn't helps, you can move the source to a new team project collection, but it will lose of history, reports etc.

Hope it helps!

Best Regards,

---

Cathy Kong
MSDN Community Support | Feedback to us
Develop and promote your apps in Windows Store
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 2

Hi Cathy,

The TFS Project Collection and the Project do not have the same name.  We definitely do not want to lose history, reports, etc.  Also, we don't have duplicate groups in the tbl_security_identity_cache table.

In the thread referenced the fact that they started modifying the tables directly which I have avoided since that could put the system in an unstable state.  

I think this is a different issue.  Also, please keep in mind that the error message is slightly different and situation is different,  I'm trying to upgrade to TFS 2012, I'm not trying to recover the system from a server failure onto the same version of TFS.  I can attach and detach the project collection from the same server just fine.

Answer 3

Hi AnthonyDiaz,

Thanks for your feedback!

I am currently looking into this issue and will give you an update as soon as possible.

Thank you for your understanding and support.

Best Regards,

---

Cathy Kong
MSDN Community Support | Feedback to us
Develop and promote your apps in Windows Store
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 4

Hi Cathy,

Thank you for looking into this further.  Just to provide you with some additional information, that may help you diagnose the problem.

The group that is having this issue was deleted a while ago, and it appears in the database with a value of 1 in the "fDeleted" column in the ADObjects table.

On my TFS 2012 copy of our project collection I removed the database record for this bad group from the ADObjects and the tbl_security_identity_cache tables and the upgrade proceeded just fine.  Obviously, this is not a good solution, and I only did this to see if this is the only problem stopping the upgrade.  I have left my production copy untouched, waiting for a proper solution to this issue.

Maybe when we deleted this group, the TFS user interface did not properly clean up the records in the database?  Not sure.  But if there is a way for us to issue a command or run an official script that cleans up user identities (especially old identities for groups that don't exist) that would be most helpful.  I understand we can't remove old users, in order to maintain integrity of version history, but old groups might be good to clean up.

We have been using TFS for over 6 years now and have had many people (and groups of people) come and go from our team, so it would be great to have a way to clean things up internally, or have the upgrade process handle this more gracefully.

Answer 5

Hi Anthony,

Thanks for your feedback!

This is a known issue with attaching a collection on 2012 Update 1. We hope to have a private version of the hotfix for this recently. Appreciate your patience.

Some known issues for this update are described in the below post.  A patch fixing these issues will be released this month.http://blogs.msdn.com/b/bharry/archive/2013/01/04/bugs-in-tfs-update-1.aspx

Best Regards,

---

Cathy Kong
MSDN Community Support | Feedback to us
Develop and promote your apps in Windows Store
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 6

Yes, this specific issue is fixed in the coming hotfix.

Answer 7

Hi Cathy,

Thank you for looking into this.  We will monitor the blogs to see when the hotfix is released and then proceed with our testing/implementation of TFS 2012.

Answer 8

Hi Adam,

Thank you for taking the time to confirm this.

Answer 9

Just FYI, this issue appears to be fixed in TFS 2012 Update 2.  The upgrade process went through just fine.  I was also able to confirm that TFS 2012 RTM does not have this issue.