Trying to use the TFS proxy is failing at the VS IDE with the usual:
The source control proxy 'ProxyServer' is not responding, so the request will be sent to the main server. Please verify your settings.
Additional information:
TF15013: The requested Team Foundation Server is not registered with the proxy server.
Both the proxy and master are in the same domain. Proxy.config has been updated with the correct information as per instructions. Proxy Service Account is a domain account - the same as the Master service account. This account is a member of the team Foundation Valid Users group.
The strange thing is that the error message in the proxy application log is:
Event Type: Warning
Event Source: TFS Proxy Server
Event Category: None
Event ID: 3000
Date: 04/12/2006
Time: 11:02:50
User: N/A
Computer: ProxyServer
Description:
TF53010: An unexpected condition has occurred in a Team Foundation component. The information contained here should be made available to your site administrative staff.
Technical Information (for the administrative staff):
Date (UTC): 04/12/2006 11:02:49
Machine: ProxyServer
Application Domain: /LM/W3SVC/4/Root/VersionControlProxy-1-128097037559687500
Assembly: Microsoft.TeamFoundation.VersionControl.Server.Proxy, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727
Process Details:
Process Name: aspnet_wp
Process Id: 3668
Thread Id: 2908
Account name: ProxyServer\ASPNET
Detailed Message: TF30063: You are not authorized to access http://TFSMaster:8080/VersionControl.
Web Request Details
Url: http://ProxyServer:8081/VersionControlProxy/V1.0/item.asmx sfid=6220,0,0,0,0,0,0,0,0,0&ts=633009133723125000&s=PKUuv1FFPcgBX461iJJxWiqLjirIkaTLHaRHvsZPXxDQh2nhr7AzWgQXWAJInbBwBmCoJEcE1xdembqkkIZE6i8obAXz934UuWe4Sffwb6s2ePw5qypH7dobqN78M4gGWH/ND8uM2wD0XqMI2oXo7Smy1fP7u0lXauqxsm1x/VI=&fid=6220&rid=b1df2b79-2b17-4edd-bc9e-9c43623ced0e [method: GET]
User Agent: Team Foundation (devenv.exe, 8.0.50727.147)
Headers: Accept-Language=en-GB&Authorization=NTLM+TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAABYAFgBIAAAACAAIAF4AAAAUABQAZgAAABAAEACqAAAANYKI4gUAkwgAAAAPUABFAFIAUwBIAEkATgBHAEQARQBWAEQAUwAwADcARQBJAEQAMgA0ADkARAAxADYANgCtQu2djQRGvgAAAAAAAAAAAAAAAAAAAAA%2fdxCDHcVdTQ2j9TnTCS0DzYH41eShT5XBHbVhwyiiELwCsHMZeSZR&Host=rb50test%3a8081&User-Agent=Team+Foundation+(devenv.exe%2c+8.0.50727.147)&X-TFS-Version=1.0.0.0&X-VersionControl-Instance=3a1cd2b2-c44c-4f2c-8bad-2d068f648e72
Path: /VersionControlProxy/V1.0/item.asmx
Local Request: False
Host Address: www.xxx.yyy.zzz
User: Domain\MyUserCode [authentication type: NTLM]
Exception Message: TF30063: You are not authorized to access http://TFSMaster:8080/VersionControl. (type TeamFoundationServerUnauthorizedException)
Exception Stack Trace: at Microsoft.TeamFoundation.VersionControl.Client.Repository.ProcessHttpResponse(HttpWebResponse response, Stream responseStream, WebException webException, XmlReader& xmlResponseReader)
at Microsoft.TeamFoundation.VersionControl.Client.Repository.ExecWebServiceRequest(HttpWebRequest request, XmlWriter requestXml, String methodName, HttpWebResponse& response)
at Microsoft.TeamFoundation.VersionControl.Client.Repository.GetRepositoryProperties()
at Microsoft.TeamFoundation.VersionControl.Client.Repository.RefreshGuid()
at Microsoft.TeamFoundation.VersionControl.Client.Repository..ctor(VersionControlServer sourceControl, Boolean refreshGuid)
at Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer.get_Repository()
at Microsoft.TeamFoundation.VersionControl.Client.VersionControlServer.get_ServerGuid()
at Microsoft.TeamFoundation.VersionControl.Server.Proxy.ProxyProperties.LoadConfiguration(String filePath)
Inner Exception Details:
Exception Message: The remote server returned an error: (401) Unauthorized. (type WebException)
Exception Stack Trace: at System.Net.HttpWebRequest.GetResponse()
at Microsoft.TeamFoundation.VersionControl.Client.AsyncWebRequest.ExecRequest(Object obj)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
At the master server, there are errors in the security log:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 04/12/2006
Time: 11:10:03
User: NT AUTHORITY\SYSTEM
Computer: TFSMaster
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: ASPNET
Source Workstation: ProxyServer
Error Code: 0xC000006A
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 04/12/2006
Time: 11:10:03
User: NT AUTHORITY\SYSTEM
Computer: TFSMaster
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ASPNET
Domain: ProxyServer
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ProxyServer
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: www.xxx.yyy.zzz
Source Port: 4129
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I switched the directory security of the Team Foundation Server Proxy in IIS from Integrated Windows Authentication to Enable Anonymous Access = True. I supplied the credentials of the user account attempting to perform the Get at the client machine to be used for Anonymous Access. Retrying the function from the Client Machine resulted in the operation working.
For some reason, it looks like the Proxy Service is not able to impersonate the original calling credentials when passing the call from the proxy to the master TFS server.
Any ideas
Problem: TFS Proxy not working - defaulting access as local\ASPNET
rajendra patel
Hello,
Are you still having problems using the TFS proxy server
-Matt
supagu
The proxy does *not* impersonate as the requesting user - it sounds like the problem is that the Proxy Service Account is not a valid user on your TFS Server.
I would disable anonymous access again, and check which credentials your proxy service are running as. Grant that user access to your TFS server (should only need to be "valid user", so granting read access to the server or even a single project should be adequate).
You may turn around and ask "Well, if the proxy doesn't impersonate, isn't there a security hole here The proxy isn't verifying I can download a file before getting it for me " The proxy uses a different scheme than a normal client; without going into too many details, when your client makes the original get request, validation happens right there - your client is then given encrypted information (which only the server can validate), that it hands to the proxy. It basically says, "hey proxy, I want this file - here's my proof that the server said I can have it". The proxy then gives the request to the server, which can either successfully decrypt and validate it, or it rejects the request.
Hope that helps!
If you think your proxy service account has sufficient TFS permissions but you're still getting the error above, let me know how your Tfs Service Account (the identity used for the app pool that the proxy web service is running on) is set up and we'll go from there.