0

I apologize if this is the wrong site for this question, but I honestly don't know what component of this setup is causing the problem.

I have a server running Windows Server 2012. It is running TFS 2013 and SQL Server 2012. Everything is set up and appears to be working properly (ie developers can access TFS through Visual Studio). The server is positioned behind a Cisco ASA and has a translation for port 80 and port 443. As stated, I am able to access TFS from either inside the firewall or outside the firewall. I am also able to access TFS through its web interface from either inside or outside using the proper URL (https://tfs.xxxxxxx/tfs). However, when I attempt to access the TFS server from the machine on which it is installed, I always receive a 401.1 error. In viewing the IIS logs for that site, it doesn't appear that the username and password are ever passed to the site for proper authentication. Or at least the username is never logged. I have tried adding the site to trusted sites within IE, turning off IE Enhanced Security Configuration and installing Chrome and none of these options have worked. At this point, I don't even have any idea what component is failing so I don't have any idea where to look next. Any help would be appreciated.

Dirk Dastardly
  • 75
  • 7
  • Automatc windows authentication is per default enabled for the intranet zone only, not trusted sites. – pauska Jun 24 '14 at 10:07

1 Answers1

1

Could be the infamous Loopback check. See KB 896861 and this post for a step by step guide.

Giulio Vian
  • 508
  • 2
  • 10
  • And we have a winner! 15 years in network support and I've never run across that particular bug. Thank you very much, Giulio. – Dirk Dastardly Jun 24 '14 at 11:08
  • It is not a bug, it's a security feature. Really. On the fly I found only this post for an explanation http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx. – Giulio Vian Jun 24 '14 at 11:24
  • So obviously they expect me to host TFS on one box and host the TFS Administration Console on another box? Because unless the fix you supplied is applied or you host the two components on two different boxes, there are a number of features in TFS that simply won't work. Frustrating! – Dirk Dastardly Jun 24 '14 at 13:20
  • I cannot check now, but Admin Console should work fine. You have issue when using anything but localhost. – Giulio Vian Jun 24 '14 at 17:13
  • Right. Guess I should have made that clear. I have two other apps also running on this machine and each of them need their own IP address, so I am unable to use all addresses for TFS in IIS. With that restriction, I can't get to the TFS site on localhost. – Dirk Dastardly Jun 25 '14 at 11:18
  • I see, but whenever possible I avoid to mix applications on the same box to minimize my admin burden. Your only option is to follow instructions on KB to work locally – Giulio Vian Jun 25 '14 at 13:23