locked
TFS 2015 FIPS Issue

    Question

  • Good Morning,

    I'm a system administrator over a closed DoD Network (no internet connectivity) and need to upgrade our existing TFS 2013 Update 4 installation into 2015. A primary issue I've run into is the following error:

    "The configuration process for Team Foundation Server cannot continue because FIPS is enabled. Please disable FIPS and try to configure again."

    Unfortunately FIPS is a compliance standard that must be enabled on this network. If I disable it temporarily and run the upgrade agent then re-enable it, will TFS 2015 still work?


    IT-2 John Dickerson

    Friday, August 14, 2015 5:20 PM

Answers

  • Hi John,

    The upgrade function completed without errors, but once I start the TFS Admin Console the project collections are gone and all of the URLs are missing. When I go to configure them to associate them to the existing databases and websites is when everything is broken. It discovers databases and populates the URLs correctly, but when I "Verify" towards the end is where everything seems to explode. Going into IIS I see that both websites are broken. After the Verify section runs it does have errors but I reverted to a snapshot to correct the unavailability. I'll start sandboxing a duplicate and rerun the upgrade to get you specific error codes and detailed information.


    IT-2 John Dickerson

    Wednesday, August 19, 2015 8:05 PM

All replies

  • Hi John,  

    Thanks for your post.

    The FIPS is enabled in you system, and your TFS 2013 Update 4 Server is working fine?

    If there’s no internet connectivity in your TFS 2013 Server machine, you’re upgrading to TFS 2015 by installing TFS 2015 ISO on TFS 2013 Server machine?

    If the FIPS is enabled on your TFS 2013 Server machine and your TFS 2013 Server is working fine, I think you can disable the FIPS temporarily and run the upgrade, TFS 2015 will works too.

    Note: make the full backup for  your TFS 2013 Update 4 Server before any upgrade operation.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Monday, August 17, 2015 3:09 AM
    Moderator
  • Good Morning John,

    The system is currently running TFS 2013 Update 4 with Windows Server 2008r2 and is FIPS enabled operating normally. When I run the update utility one of the errors is the FIPS enablement. I just wanted to be sure that it would still operate since the upgrade utility didn't allow it when active. The system doesn't have any connectivity whatsoever.

    I have encountered another issue that gets a little more complicated though. When TFS was installed, we didn't like the directory structure for the URL (http://"servername":"port"/"directory"/) so we change it so the it registered as http://tfs."FQDN"/ by copying the directory structure into the root and pointing a new website to it with redirects and a CNAME record. After running the upgrade utility it seems to of broken all of the websites with little to no explanation. The websites operate normally before the upgrade.


    IT-2 John Dickerson

    Monday, August 17, 2015 1:54 PM
  • Hi John,  

    Thanks for your reply.

    You have upgraded to TFS 2015 RTM?

    Your TFS 2015 RTM URL changed back to default http://servername:8080/tfs after upgrade? You can access this Web Access site and your TFS 2015 Server works fine now?


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Tuesday, August 18, 2015 1:49 AM
    Moderator
  • I tried to run the TFS 2015 upgrade but it failed in the configuration due to IIS issues. Before the upgrade everything seems in order, but after the TFS website in IIS is broken (red "X" and all pointers removed, even the application pool is gone). The configurations we applied before had the website display as the non-default of http://tfs.fqdn/ but we kept the old default website that displayed http://servername:8080/tfs (we just disabled it). Both of the websites are broken as I mentioned above though, hence why I'm uncertain of the issue as the default configuration should have upgraded normally.

    IT-2 John Dickerson

    Tuesday, August 18, 2015 12:43 PM
  • Hi John,  

    Thanks for your reply.

    As the upgrade failed, could you go back to your TFS 2013 Update 4 Server using your TFS 2013 backup?

    Or  we suggest you reinstall the TFS 2015 Server and select Upgrade wizard to use your TFS 2013 backup (in SQL Server).

    If there’s error happened during upgrade, please share the detailed error message here.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Wednesday, August 19, 2015 7:45 AM
    Moderator
  • Hi John,

    The upgrade function completed without errors, but once I start the TFS Admin Console the project collections are gone and all of the URLs are missing. When I go to configure them to associate them to the existing databases and websites is when everything is broken. It discovers databases and populates the URLs correctly, but when I "Verify" towards the end is where everything seems to explode. Going into IIS I see that both websites are broken. After the Verify section runs it does have errors but I reverted to a snapshot to correct the unavailability. I'll start sandboxing a duplicate and rerun the upgrade to get you specific error codes and detailed information.


    IT-2 John Dickerson

    Wednesday, August 19, 2015 8:05 PM
  • I am encountering a similar issue with FIPS but not on installation. I am finding certain files wont check in.  namely CSProj Files.  We are currently using TFS 2013 and visual studio 2012.  When I modify files, they check out like normal.  Upon check in I receive the following message "All of the changes were either unmodified files or locks. The changes have been undone by the server." We have found disabling FIPS resolves the issue however this is not a permanent solution as i work on a DOD network.  Is there a compatibility issue with TFS 2013 and FIPS where its required to be disabled or is there a configuration that can resolve this so TFS works with it enabled?

    Thanks, Steven

    Thursday, December 01, 2016 2:26 PM