2

I've been using git-tfs for almost 5 years, and then one day I got the following error when running git tfs fetch:

TF400324: Team Foundation services are not available from server https://tfs.company.com/tfs/foo.
Technical information (for administrator):
  The underlying connection was closed: An unexpected error occurred on a send.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host

I even opened Fiddler to see what was going on, and literally the TFS server disconnected the socket when my laptop attempted to connect.

After talking with one of our server admins I discovered that support for TLS 1.0 had been disabled on our TFS servers, and I think I've got my smoking gun. I think my laptop is attempting to connect to our servers using TLS 1.0, which of course causes the server to close the socket.

How can I change the version of TLS that git tfs uses when connecting to Team Foundation Services?

Greg Burghardt
  • 17,900
  • 9
  • 49
  • 92

2 Answers2

7

I figured it out, and as I suspected disabling TLS 1.0 on the Team Foundation Servers was the root of the problem. After googling git tfs tls 1.0 I stumbled across Enabling strong cryptography for all .Net applications, which led me to the fix. You need to enable strong encryption for .NET applications (duh, it says so in the title).

  1. Open up a PowerShell command prompt, running it with elevated privileges

  2. Run the following command for 64 bit applications:

    # set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

  3. Run this command for 32 bit applications

    # set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

  4. Reboot.

Now my machine is happily pulling down a hundred or so check-ins from TFS.

Greg Burghardt
  • 17,900
  • 9
  • 49
  • 92
  • Hi thanks for the help. This reg change is in the client side? On the TFS server did you changed something? – galsi Jul 28 '19 at 06:01
  • @galsi: this would be on the client machine. – Greg Burghardt Jul 28 '19 at 14:35
  • Thanks, not part of this topic did you encounter problem with GIT-TFS memory usage ? using the --batch-size flag? – galsi Jul 28 '19 at 14:58
  • I am trying to do this.. git tfs clone https://zzz:8080/absr/main $/[tfs location] . –ignore-branches –debug... but getting same issue. I am trying to get code from TFS and move into Azure DevOps. I also tried this but no use... https://github.com/microsoft/azure-repos-vscode/issues/320#issuecomment-335573266 – Ziggler Jul 06 '20 at 20:22
  • @Ziggler: these SSL issues can be tricky. It is worth posting your own question. – Greg Burghardt Jul 06 '20 at 21:36
  • @GregBurghardt.. I posted .. https://stackoverflow.com/questions/62764145/move-code-into-azure-devops-repo-from-tfs-without-losing-tfs-history – Ziggler Jul 06 '20 at 21:44
  • I was using VS2013 on a VM for a project running MS LightSwitch (not supported in later versions of VS). I hit the issue and running the script on the client machine resolved the issue like a charm. – Sangeet Jan 06 '23 at 06:16
0

I don't have much technical knowledge about TFS, but everyday i have to check-in my code from Visual Studio and recently i came across this issue. The above solution mentioned here,went from over my head.So,i tried a simpler way:

  1. Logged out then logged in into the TFS again through Team-> Manage Connections.
  2. Mapped my project again.

And Voila! i successfully checked-in my code. Maybe this will help others

Greg Burghardt
  • 17,900
  • 9
  • 49
  • 92
bhavya joshi
  • 1,096
  • 10
  • 20
  • 1
    Interesting. Seems like you ran into the same issue with TFVC in Visual Studio then. Not sure if this solution would fix `git tfs fetch` though. – Greg Burghardt Jun 24 '20 at 11:06