Team Foundation Server 2017 Update 1 introduces an authentication bug


  • I have recently upgraded our TFS 2013 to TFS 2017 and the upgrade went very smoothly.

    I used the migration method and setup the TFS on a new server called tfs2017. In order to keep existing Visual Studio's connecting I added our old TFS URL to the site bindings and everything worked perfectly (from browser and VS).

    Today I've upgraded the TFS2017 inline with TFS 2017 Update 1 and now I have a problem.

    When using the old TFS URL within the domain (either via a Browser or Visual Studio) it repeatedly prompts for the username and password and won't accept my credentials. I can log in successfully using the other bindings and it seems to work for the old URL when i'm accessing it from outside the domain.

    I'd like to continue to use Update 1 and fix this. Does anyone have any idea why this would have changed and where I could look to diagnose the problem?

    Many Thanks,


    Saturday, February 25, 2017 12:34 AM


All replies

  • hi Kevin,

    check the configured URLs in TFS Administration Console.

    In addition try to change authentication mode back to NTM

    Team Foundation Server 2017 and Kerberos Authentication

    Authentication Method on TFS 2017

    you should check the Kerberos setup too such that the TFS UPN principal is correct.

    Please use "Mark as Answer" if my post solved your problem and use "Vote As Helpful" if a post was useful.

    Sunday, February 26, 2017 11:41 AM
  • Hi Daniel,

    Thanks for your reply. As you suggested it turned out to be Kerberos causing the problem (the UPN principals needed to be added for each hostname we are using to access the service). I'm guessing that Update 1 uses Kerberos and RTM used NTLM.

    Thanks for your help! It's all working smoothly now.



    Kevin Palmer

    Monday, March 13, 2017 9:01 PM