Can TFS 2010 be configured with managed service accounts?

Question

I'm trying to deploy TFS 2010 in a sandbox environment, and I created a managed service account for TFS. However, I seem to be unable to configure it in the Advanced Configuration Wizard.

Advanced Configuration Wizard dialog with validation errors

The error reported when I click 'test' is "TFS254021: The account name or password that you specified is not valid."

Any suggestions?

i really wish someone had actually answered this, i just ended up creating the accounts with passwords on the domain based on this guide: http://msdn.microsoft.com/en-us/library/ms253149.aspx — artfulhacker, Apr 08 '13 at 21:31
I simple "no, MSAs are not (yet) supported" here or somewhere in MSDN/Technet would have spared us some nuisance. — mbx, Jun 08 '17 at 11:37

score 3 · Answer 1 · answered Dec 17 '11 at 09:02

3

Account names ending in a $ are normally machine accounts, not user (even non-iterative user) accounts.

It is quite possible that TFS, or something that TFS uses, assumes this and thus blocks the name.

(Otherwise, be very sure you have correctly typed the password. I've ended up using copy and paste for both account creation and its use to allow a long and complex password but avoiding typos.)

answered Dec 17 '11 at 09:02

Richard

5,324
1
23
20

This seems like the best answer. – Tim Elhajj Dec 17 '11 at 17:39
1

MSAs don't have passwords.... – artfulhacker Apr 08 '13 at 21:32

score 0 · Answer 2 · answered Dec 16 '11 at 22:18

0

Is this service account user in the Administrator group on the TFS server?

answered Dec 16 '11 at 22:18

orbitron

391
1
2
6

No. Does it need to be? – Ben Collins Dec 16 '11 at 22:47
@BenCollins The TFS server account does not need to be a local administrator (running here without being a member). – Richard Dec 17 '11 at 09:00
Never put TFS service account into local administrators group – Tim Elhajj Dec 17 '11 at 17:38
@BenCollins My bad, Tim is right, you want to just grant it the ability [to run a service](http://stackoverflow.com/questions/178633/minimum-rights-required-to-run-a-windows-service-as-a-domain-account) on that system – orbitron Dec 19 '11 at 19:24

Tim Elhajj · Answer 3 · 2011-12-17T17:47:32.850

-1

Remove the $ from the name of the account and try again. Make sure the account has Log on as a service permissions. Don't put it in the local admin group. Good luck!

edited Dec 17 '11 at 17:47

answered Dec 17 '11 at 17:40

Tim Elhajj

393
2
7

MSAs usually look like that: [Leave the password blank, and ensure that the account name has a dollar sign ($) at the end.](https://technet.microsoft.com/en-us/library/dd548356(v=ws.10).aspx) – mbx Jun 08 '17 at 11:39

Can TFS 2010 be configured with managed service accounts?

3 Answers3