TFS2010 Configuration issue in a Windows 2000 domain

I did encounter an error while configuring Team Foundation Server 2010 on a Windows Server 2008 R2 machine (64 bit) which was joined to a Windows 2000 domain.

The error came up while running the system check verification in the TFS2010 configuration wizard.

TF255435: This computer is a member of an Active Directory domain, but the domain controllers are not accessible.  Network problems might be preventing access to the domain. Verify that the network is operational, and then retry the readiness checks.  Other options include configuring Team Foundation Server specifying a local account in the custom wizard or joining the computer to a workgroup.  http://go.microsoft.com/fwlink/?LinkID=164053&clcid=0x409

Note that the link will just bring you to the microsoft.com site and won’t help you in solving the error.

I first stumbled on this MSDN forum article, but I wasn’t really confident that this “solution” would work in my situation. The new virtual machine was setup correctly in the domain from the start and wasn’t conflicting with some other machine(s).

Digging deeper in the configuration logfile gave me this:

Exception Message: The trust relationship between this workstation and the primary domain failed.
(type SystemException)

Exception Stack Trace:    at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at Microsoft.TeamFoundation.Common.UserNameUtil.GetMachineAccountName(String hostName)
   at Microsoft.TeamFoundation.Admin.VerifyDomainAccess.Verify()

Together with the fact that SIDs could not be resolved correctly on this machine when editing local groups it was clear that there was something wrong with the AD communication.

Apparently there’s a known problem with the LookupAccountName function (only on Windows Server 2008 R2 computers joined to a Windows 2000 domain) to retrieve a security identifier (SID) for a domain account.

After applying the available hotfix (KB 976494), everything was working again and the system check in the TFS2010 configuration wizard succeeded without warnings. Problem solved!

Again a confirmation for me that installing/configuring Team Foundation Server in an enterprise environment is always a challenge because there are so many different platforms involved: Active Directory, Internet Information Server, SQL Server, Reporting Services, Analysis Services, SharePoint, …

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: