Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
575 views
in Technique[技术] by (71.8m points)

tfs 2015 - How to authenticate build.vnext agent to on-premise TFS

We have an on-premise TFS2015RC installation. The server is part of our domain.

When configuring a build agent (build.vnext) on another server in the same domain, everything works as expected.

However, when configuring a build agent on a server outside of this domain, the following happens:

Using ConfigureAgent.ps1:

  1. accept all defaults
  2. choose interactive mode (e.i. not installed as Windows Service)
  3. then an authentication dialog shows up:
    • I enter a domain user (domainuser) which is administrator of TFS
    • I provide the domain password for this user. If the password is wrong, the dialog will say so and I need to correct it (default behavior in Windows)
  4. The script proceeds, but after starting the agent it says:

ERROR:
VS30063: You are not authorized to access http://{server}:8080/tfs

Why is the authentication failing? How can I find out with which user it is trying to authenticate?

I have tried:

  • looking at the logfile in the _diag folder. The log file states exactly the same, without more usable info.
  • tried the advice from this link to enable Basic Authentication on IIS on the TFS server. I did this (reluctantly) but it does not resolve the issue.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

OK I managed to resolve the issue like this:

  1. create a user TFS emotebuild on the TFS server
  2. gave this local user access to the TFS Agent Pools
  3. gave this local user access to TFS Source Control
  4. created a user BUILD emotebuild on the Build server with same password as TFS emotebuild
  5. when running the build agent configuration script, when it ask for the service accounts, choose the BUILD emotebuild user
  6. when it ask for TFS authentication, provide the TFS emotebuild user credentials

Like this, it is working! However, I somehow cannot get it to run in "console mode" (i.e. not starting it as a windows service). This is not a big issue.

There was one small issue after this: in the logfile I could see it was trying to connect to http://NAME-OF-TFS:8080/tfs instead of http://IP-ADDRESS:8080/tfs, but I could resolve that issue by adding a line to the hosts file on the build machine.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...