Thursday, April 12, 2007 8:47 PM
Our company uses a web proxy for internet traffic. The proxy will not pass any NTLM packets and thus any internal site using Windows Integrated Authentication does not work. To get around this the LAN group has the Desktop Group configure a "bypass" setting in the end user's browser. In Internet Explorer under Tools > Internet Options > Connections > Lan Settings they select "Bypass proxy server for local addresses" and then under Advanced enter a series of domains (i.e. *.int.mycompany.com;*.mycompany.com;...). This works fine as requests to these domains don't hit the proxy.
We just put our TFS server behind a new DNS name (i.e. tfs.int.mynewcompany.com) and to connect via Internet Explorer we had to include *.int.mynewcompany.com in the "Bypass proxy" settings described above. This works fine now as the proxy is eliminated. We are also able to connect fine via Teamprise 2.1 and to be honest, I'm not sure why Teamprise does not have the issue, but it seems to work just great. Not surprising as Teamprise is a very nice product with great support (no they are not paying me to say that).
However, Team Explorer is a different story. Could there be some setting in Team Explorer that is not "excluding" *.int.mynewcompany.com? Our IIS logs we can see that connections coming from Team Explorer are missing the NTLM packet. If we took out the *.int.mynewcompany.com bypass in IE we get the same log in IIS so we think it's related.
Any ideas where bypass settings may be kept (or cached) in Team Explorer.
Thursday, April 12, 2007 9:22 PM
Thanks to one of my colleagues who found this, I see both Buck and Martin have "hacks" for this situation. The hack worked in my case so that is the "solution" if you want to call editing the registry of 500+ users a solution.
Is a better solution or alternative available in the next release?