locked
TFS Service Account Question RRS feed

  • Question

  • Hi Folks,

    Apologies for the simplicity of my descriptions far too much of this is new to me!

    We are operating TFS in a domain that Trusts our main business domain (so that our business user accounts can be used)

    I have installed TFS and created a TFSSERVICE account on the TFS Server (no TFSPROXY) the TSSERVICE account has the logon as  a service policy applied.

    In IIS the TFS Server application ppol and Web Application pool use the TFSSERVICE userid.

    TFS seems to work fine from both VS2008 (for reporting Services) and VS2010 (for VB .NET) however I'm getting errors in the application event log - as shown below.

    TF53010: The following error has occurred in a Team Foundation component or extension:

    Date (UTC): 24/01/2012 13:38:39

    Machine: AUTOMISLB1

    Application Domain: /LM/W3SVC/8080/ROOT/tfs-1-129718846498317581

    Assembly: Microsoft.TeamFoundation.Framework.Server, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727

    Service Host:

    Process Details:

    Process Name: w3wp

    Process Id: 6672

    Thread Id: 7408

    Account name: UK\steve.x.pritchard

    Detailed Message: TF200035: One or more errors occurred when Team Foundation Server attempted to synchronize the following identity: S-1-5-21-117609710-725345543-1201100437-686744. Number of errors that occurred: 1.

    ++++++++++++++++++++++

    Sync error for identity: S-1-5-21-117609710-725345543-1201100437-686744

    Logon failure: unknown user name or bad password.

     

    Domain name: UK

     

    at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)

    at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)

    at Microsoft.TeamFoundation.Framework.Server.DomainEntry.Initialize(DirectoryContext context)

    at Microsoft.TeamFoundation.Framework.Server.DomainEntry..ctor(TeamFoundationRequestContext requestContext, SecurityIdentifier domainSecurityId, String& netbiosName)

    at Microsoft.TeamFoundation.Framework.Server.DomainProperties.GetProperties(SecurityIdentifier domainSecurityId, String& netbiosName, TeamFoundationRequestContext requestContext, String& fullDomainName, String& domainRootPath)

    at Microsoft.TeamFoundation.Framework.Server.WindowsProvider.SyncADIdentity(TeamFoundationIdentity identity, Boolean includeMembers, TeamFoundationRequestContext requestContext, SyncErrors syncErrors)

    at Microsoft.TeamFoundation.Framework.Server.WindowsProvider.SyncIdentity(IdentityDescriptor descriptor, Boolean includeMembership, String providerInfo, TeamFoundationRequestContext requestContext, SyncErrors syncErrors)

    Logon failure: unknown user name or bad password.

    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

    at System.DirectoryServices.DirectoryEntry.Bind()

    at System.DirectoryServices.DirectoryEntry.get_AdsObject()

    at System.DirectoryServices.PropertyValueCollection.PopulateList()

    at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)

    at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)

    at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry directoryEntry, String propertyName)

    Web Request Details

    Url: http://10.45.86.57:8999/tfs/_tfs_resources/Services/v1.0/GroupSecurityService.asmx [method: POST]

    User Agent: Team Foundation (devenv.exe, 9.0.30729.4413)

    Headers: Content-Length=544&Content-Type=text%2fxml%3b+charset%3dutf-8&Accept-Encoding=gzip&Accept-Language=en-GB&Expect=100-continue&Host=10.45.86.57%3a8999&User-Agent=Team+Foundation+(devenv.exe%2c+9.0.30729.4413)&X-TFS-Version=1.0.0.0&X-TFS-Session=fd46d49b-bc47-4379-9890-65a552959ce8&SOAPAction=%22http%3a%2f%2fschemas.microsoft.com%2fTeamFoundation%2f2005%2f06%2fServices%2fGroupSecurity%2f03%2fAddMemberToApplicationGroup%22

    Path: /tfs/_tfs_resources/Services/v1.0/GroupSecurityService.asmx

    Local Request: False

    Host Address: 10.45.96.105

    User: UK\steve.x.pritchard [authentication type: NTLM]

     

     

    I'm guessing that this is the TFSSERVICE account  trying to access the UK Domain Active Directory(which it has no rights to do) but I may be wrong.

     

    Does anyone out there speak "event log" and maybe can point me in the right direction?

     

    Thanks in Advance

     

    Steve

    Tuesday, January 24, 2012 2:05 PM

Answers

  • Hi Steve,

    Thanks for your post!

    Could you execute the following command to identify what the groups the user belongs to?

    TFSSecurity /imx/collection:http://servername:8080/tfs/collectionname n:domain\username

    For more information about TFSSecurity /imx, you can refer to 

    http://msdn.microsoft.com/en-us/library/ms400806.aspx

    and please add the user the Domain Active Directory.

    Hope it helps!

    Best Regards,


    Cathy Kong [MSFT]
    MSDN Community Support | Feedback to us
    Wednesday, January 25, 2012 9:29 AM
    Moderator

All replies

  • Hi Steve,

    Thanks for your post!

    Could you execute the following command to identify what the groups the user belongs to?

    TFSSecurity /imx/collection:http://servername:8080/tfs/collectionname n:domain\username

    For more information about TFSSecurity /imx, you can refer to 

    http://msdn.microsoft.com/en-us/library/ms400806.aspx

    and please add the user the Domain Active Directory.

    Hope it helps!

    Best Regards,


    Cathy Kong [MSFT]
    MSDN Community Support | Feedback to us
    Wednesday, January 25, 2012 9:29 AM
    Moderator
  • Hi Steve,

    How about the issue?

    I am changing the issue type to "Mark As Answer" because you have not followed up with the necessary information. If you have more time to look at the issue and provide more information, please feel free to change the issue type back to "Unmark As Answer" by clicking the option at the bellow of the post window. If the issue is resolved, we will appreciate it if you can share the solution so that the answer can be found and use by other community members having similar questions.

    Best Regards,


    Cathy Kong [MSFT]
    MSDN Community Support | Feedback to us
    Monday, January 30, 2012 6:48 AM
    Moderator