Team System Developer Center >
Visual Studio Team System Forums
>
Team Foundation Server - Setup
>
Accessing TFS without Windows Integrated Security? (Internet Access)
Accessing TFS without Windows Integrated Security? (Internet Access)
- From what I see after an installation of Beta 3 is this Web Site on Port 8080 with integrated authorization.
I am thinking of changing this to basic authorization and after that publishing the site over SSL with an ISA server. So that it looks like that:
Client - SSL (Port443) -> ISA - HTTP (Port 8080) -> TFS
Is it really that easy or what is the recommended way of achieving this?
Does the Client in VS2005 offer a way to enter creditentials?
Answers
- There is a way to do this, so that the Sharepoint and Rosetta sites are registered elsewhere. The following should push new registration information into the integration database. Please let us know if this works.
1. Take the following template XML, and replace [protocol], [:port], [AT server] and [DT server], and replace with protocols, ports and server FQDN for your deployment registration points and then save the file as myRegistration.xml. Note if you are using the default port for the associated protocol, you don't need to add the [:port] information.
<RegistrationEntries>
<RegistrationEntry>
<Type>Reports</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>ReportsService</Name>
<Url>[protocol]://[DT server][:port]/ReportServer/ReportService.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseReportsUrl</Name>
<Url>[protocol]://[DT server][:port]/Reports</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
<RegistrationEntry>
<Type>Wss</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>WssAdminService</Name>
<Url>[protocol]://[AT server][:port]/_vti_adm/admin.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseServerUrl</Name>
<Url>[protocol]://[AT server][:port]</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUrl</Name>
<Url>[protocol]://[AT server][:port]/sites</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUnc</Name>
<Url>\\[AT server]\sites</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
</RegistrationEntries>
2. Go to the AT machine, and go to the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\Tools folder
3. Enter the following command:
TFSReg myRegistration.xml DT_ServerName
4. You may need to clear the client cache after changing the registration for WSS and RS on the server. There is a known issue about this in http://lab.msdn.microsoft.com/teamsystem/tfsknownissues.aspx under the Team Explorer section.
All Replies
It is possible for SSL, but basic authentication has a few issues we are still working out.
- As Bruce said, not all issues are worked out. However, you should be able to access the server via SSL and basic auth. VS will prompt for credentials if the default credentials fail to authenticate.
Please give it a try and let us know how it goes.
Buck - It works as estemated. The TFS Client asks for credentials and logs in.
For normal working, like checkin in or out, adding workitems everything is ok.
Problems occur when it comes to components not under full control of TFS. So is it impossible to access windows user groups for security rights.
Another problem is the access to the reporting services and the wss site. The test installation is the following:
TFS is listening on port 8080 on the testserver. The machine also hosts the reporting services and the sharepoint site on port 80. So internally it is:
http://testserver.mydomain.local:8080 for TFS
http://testserver.mydomain.local/xxx for Reporting Services and Sharepoint.
I published TFS with
https://tfs.mydomain.com
which works alright with the already described restrictions.
But how to I tell the client or the server the changed URL for the Reporting Services and Sharepoint? If they try to open a report from the IDE it tries to open something from testserver.mydomain.local which is of course not reachable from outside. So I need to reconfigure it to somthing like reports.mydomain.com. Is this possible and if yes, where is this setting? - There is a way to do this, so that the Sharepoint and Rosetta sites are registered elsewhere. The following should push new registration information into the integration database. Please let us know if this works.
1. Take the following template XML, and replace [protocol], [:port], [AT server] and [DT server], and replace with protocols, ports and server FQDN for your deployment registration points and then save the file as myRegistration.xml. Note if you are using the default port for the associated protocol, you don't need to add the [:port] information.
<RegistrationEntries>
<RegistrationEntry>
<Type>Reports</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>ReportsService</Name>
<Url>[protocol]://[DT server][:port]/ReportServer/ReportService.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseReportsUrl</Name>
<Url>[protocol]://[DT server][:port]/Reports</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
<RegistrationEntry>
<Type>Wss</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>WssAdminService</Name>
<Url>[protocol]://[AT server][:port]/_vti_adm/admin.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseServerUrl</Name>
<Url>[protocol]://[AT server][:port]</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUrl</Name>
<Url>[protocol]://[AT server][:port]/sites</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUnc</Name>
<Url>\\[AT server]\sites</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
</RegistrationEntries>
2. Go to the AT machine, and go to the %ProgramFiles%\Microsoft Visual Studio 2005 Team Foundation Server\Tools folder
3. Enter the following command:
TFSReg myRegistration.xml DT_ServerName
4. You may need to clear the client cache after changing the registration for WSS and RS on the server. There is a known issue about this in http://lab.msdn.microsoft.com/teamsystem/tfsknownissues.aspx under the Team Explorer section. It worked with reports but not documents in team explorer
<RegistrationEntries>
<RegistrationEntry>
<Type>Reports</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>ReportsService</Name>
<Url>http:// my website /ReportServer/ReportService.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseReportsUrl</Name>
<Url>http:// my website /Reports</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
<RegistrationEntry>
<Type>Wss</Type>
<ChangeType>Change</ChangeType>
<ServiceInterfaces>
<ServiceInterface>
<Name>WssAdminService</Name>
<Url>http:// my server :17012/_vti_adm/admin.asmx</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseServerUrl</Name>
<Url>http:// my website :8080</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUrl</Name>
<Url>http:// my website /sites</Url>
</ServiceInterface>
<ServiceInterface>
<Name>BaseSiteUnc</Name>
<Url>\\ my server \sites</Url>
</ServiceInterface>
</ServiceInterfaces>
</RegistrationEntry>
</RegistrationEntries>
Is this the right syntax?
my document folder properties:
name : Documents
Url : http://myserver/sites/actp (I need to change this url)
Project Name:ACTP
Server Name:http://my web:8080- <ServiceInterface>
<Name>BaseServerUrl</Name>
<Url>http:// my website :8080</Url>
</ServiceInterface>
Doesn't look right to me. The port number should be for the base WSS default site. So this should be port 80 or the SSL port you've chosen.
Can you browse to the team site from team explorer (Right click on ACTP project, and select "Show Project Portal" - is this grayed out?) - Thanks. Everything seems working fine now
- After running this tool (TFSReg) with a version of the xml file shown above, I can no longer create new team projects. I'm getting an error: "No ServiceInterface named 'DataSourceServer' found registered to tool 'Reports'".
I suspect that in registering this example, I removed a service interface that I shouldn't have. Is there anyway to restore this back to the original value? If not, what nodes do I need to specify to make this work?
I'm running Beta3 Refresh.
Thanks,
Phil - I have the same error.
Event Description: TF30207: Initialization for plugin "Microsoft.ProjectCreationWizard.Reporting" failed
Exception Type: Microsoft.VisualStudio.TeamFoundation.RegistrationEntryRetrievalException
Exception Message: No ServiceInterface named "DataSourceServer" found registered to tool "Reports".
Stack Trace:
at Microsoft.VisualStudio.TeamFoundation.TfsHelper.GetServiceUrlForTool(String toolName, String interfaceName)
at Microsoft.VisualStudio.TeamFoundation.RosettaReportUploader.Initialize(ProjectCreationContext context)
at Microsoft.VisualStudio.TeamFoundation.EngineStarter.InitializePlugins(MsfTemplate template, PcwPluginCollection pluginCollection)
--- end Exception entry ---
Any help would be very appriciated - I was able to fix this problem by adding a DataSoruce element to the registration XML.
Specifically, I added the section below to the Reports type:
<ServiceInterface>
<Name>DataSourceServer</Name>
<Url>https://myserver/ReportServer</Url>
</ServiceInterface>
Note: I also had to update the WssAdminService entry to
<ServiceInterface>
<Name>WssAdminService</Name>
<Url>http://MyServer:17012/_vti_adm/admin.asmx</Url>
</ServiceInterface>
<ServiceInterface>
This is a useful link:
http://msdn2.microsoft.com/en-us/library/ms253176
I can now create new projects just fine.
jon - Thanks, that did the trick.
Can you post your file? I have been trying to get external access to work without much luck. Thanks.
Gary A. Bushey
- Is there a guide somewhere on how to get external access to work?
