Unable to access Team Foundation Server after Domain Migration

Hot Topic

View not checked out but modified files
% Time in GC counter getting "stuck"
Excel integration questions
TFS RC Setup fails with "Internet Information Services (IIS) Front Page Server Extensions are installed "
Showing the merge window by using the API
July CTP of Team Foundation server error...
Team Foundation Client for VS 2005 Release Version
Bug -> Details -> Found in build
webtest fileuploadparameter not working
process template customization problem

VS Team System

will FxCop create xml tree after analysis of an assembly
Exception in Loading TestResult(.Trx) file into XMLDocument from TFS
Creating a New Team Project
TFS Server Sizing
Area Path as parameter on reports
"In" operator in Work Item query doesn't work
Code coverage / testing errors in Team Build
Unit testing Web Services - Code coverage failing
Webtests in Internet Explorer 7
Unable to add code to Source Control (too many chars)

Unable to access Team Foundation Server after Domain Migration

Hi,

Initially, we were able to connect to the Team Foundation Server and access Work Items as well as the Source Code, as 'Contributors',

but after we were migrated to a diffferent trusted Domain, we have got the following error, whenever trying to access the Foundation Server:

"TF26000: Could not connect to the Team Foundation Server. Check that you have a network connection and that your Team Foundation server is available."

Now, we can only access Work Items or the Source Code as 'Administrators'.

Can anyone provide a solution

Thanks in advance.

Ravindra N.

Answer this question

Unable to access Team Foundation Server after Domain Migration

  • Andrew McKendrick

    Event Type: Error
    Event Source: TFS Services
    Event Category: None
    Event ID: 3018
    Date: 3/15/2006
    Time: 10:49:25 PM
    User: N/A
    Computer: OAKAPPT5
    Description:
    An unexpected condition has occurred in a Team Foundation component. The information contained here should be made available to your site administrative staff.
    Technical Information (for the administrative staff):
    Date (UTC): 3/16/2006 6:49:25 AM
    Machine: OAKAPPT5
    Application Domain: /LM/W3SVC/3/Root/services-2-127869617607384418
    Assembly: Microsoft.TeamFoundation.Server, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727
    Process Details:
    Process Name: w3wp
    Process Id: 2736
    Thread Id: 5208
    Account name: JEG\jcolgan1

    Detailed Message: GSS: Failed to retrieve identity from source : [S-1-5-21-682003330-2025429265-839522115-166241]
    Exception Message: Thread was being aborted. (type ThreadAbortException)

    Exception Stack Trace: at Microsoft.TeamFoundation.NativeMethods.LookupAccountSid(String systemName, Byte[] psid, StringBuilder accountName, UInt32& nameLength, StringBuilder domainName, UInt32& domainLength, AccountType& accountType)
    at Microsoft.TeamFoundation.NativeMethods.SidToName(Byte[] sid, String& domainName, AccountType& accountType)
    at Microsoft.TeamFoundation.Server.IdentityStoreAccessor.ReadIdentityFromStore(String sid)

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

  • San71

    Ahhh... okay... so now, you are still connecting to the TFS on DomainA, but using your accounts on DomainB. You would be logging on as DomainB\myUser to a TFS on DomainA.

    Okay... so it isn't a migration of TFS perse, rather a migration of your "Network User Group" to a different domain.

    I will ping someone over here to see what thoughts we have on this.



  • Beajon

    I had tried to do some cross-domain access in B3R without any luck, but there were a couple of things that helped some things worked.

    Got to the TFS Server, register the server with the fully qualified domain name. The client's use this to connect, and if the fqdn isn't specified some things may mess up.

    tfsadminutil activateat <fqdn>

    When you say you were migrating, does that mean moving sharepoint, tfs, etc Do all of these work Have you checked the group membership to see if the contributors are added and added from the right domain There is normally a lot of things that have a reference to the domain that it was installed that might be wrong.



  • kp6453

    Hi Ravindra,

    There should be corresponding event log entries on your AT. Please can you post them - it should help narrow down the error

    Cheers



  • DavideA

    Please see http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=311846&SiteID=1 for server move/migration instructions.

    Thanks,



  • Wouter_N

    TFS ultimately stores windows identities using Security IDs (SIDs). TFS regularu synchronizes with AD using the SID, as well as checking user's access based on the SID.

    Now when your group got moved to DomainB, I'm guessing that you all got new SIDs, which is why you can no longer be found in TFS when you try to access with DomainB\User.

    When you tried adding a new DomainA group/user that matched what was in TFS - this still does not work because the recreated identity will have a new SID.

    You have a couple of options.

    1) Run the TfsAdminUtil SID tool to basically change all references of users from DomainA to DomainB (assuming your account names remained the same as part of the migration). This *may* not work, because I'm assuming that your DomainA accounts were no longer part of AD, and TFS failed to find those accounts in AD and probably marked them for deleted.

    2) Probably the only option left to you is to go into the Contributor's group, and add the DomainB\users to the Contributors group. (I think someone else may have already suggested this ) Do you have an account that was not moved that had Project Admin rights on the TFS Server to do this with

    Thanks,



  • Paul Gerald

    Intitally, we were all on DomainA added as a Group.

    TFS Server, Sharepoint Server etc are all on DomainA.

    But later we were migrated to Domain B. That is when the error started happening.

    btw, DomainB is a subset of DomainA.

    Later, we were again created as a seperate group on DomainA (assuming domain migration garbled something up) but still no access to the TFS Server.

    Surprisingly, we are having access to Sharepoint portal .

    All this while we are as 'Contributors'.

  • FredH

    The thing to remember is that even though it all integrated with TFS, there are really 3 seperate technologies in play as far as authentication and security go. You have the TFS webservices, sharepoint, and reporting services.

    That being said, what steps have you taken in the migration from domain A to domain B and back What have you done to TFS in that time Have you done anything with the TFSAdminUtil command at all Are you able to access TFS with any account



  • DavidHarrison

    Lets see if I have this correct.

    You installed TFS on DomainA, using DomainA\TFSReportingService, DomainA\TFSService, and installing with DomainA\TFSUser. You then were able to connect to TFS using DomainA\MyUser.

    We then migrated to DomainB. I have a few questions on that.
    1. What are your install accounts
    2. Was it a complete install or an upgrade
    3. What users are you connecting to TFS with
    4. I assmume this is correct but just checking, Since this is a subdomain, you have full-two way trust between DomainsA and B.



  • Tim Droz

    The TFS installed is on DomainA.

    We were on DomainA accessing the TFS.

    We as a Network User Group then got migrated from DomainA to DomainB. From there, started the access issues.

    We assume that there is a problem with the 'Contributors' role, where the Beta3Refresh is not able to resolve the usernames in the group after the domain change, with some identifier tied to the original group.

    Maybe an upgradation to RTM would resolve the problem.

    Can any one throw light on this


  • Unable to access Team Foundation Server after Domain Migration
Answer this question