Going beyond nice and easy installation scenarios of TFS 2010

January 29, 2011

The TFS product team has done a great job in facilitating the installation/configuration of Team Foundation Server 2010, but don’t get too excited about all this. Some scenarios are still a real challenge to complete successfully and require a lot of planning and testing. This all depends on the fact if you are migrating from a previous Team Foundation Server (2005/2008) and what type of TFS topology you are looking for.

Easy

The easiest scenario is of course the TFS 2010 basic installation. A clean install of TFS 2010 on a client operating system (Vista / Windows 7). No hassle with SharePoint and SQL Reporting Services. This scenario can be done by every software developer and is perfect for having a local development playground for version control, work item management and build automation. You may be up-and-running in less than 1 hour! This is the only installation type where you don’t really need the famous TFS 2010 Installation Guide.

The other easy scenario is when you want to setup a clean Team Foundation Server 2010 (no upgrade) on a single server (Application Tier and Data Tier are installed on the single server). This is especially true if you are using all new installations of prerequisite software to host the configuration database, the report server, and the portal server (Windows SharePoint Services 3.0). This scenario involves already some familiarity with the other (optional) TFS Components: SharePoint and SQL Server Reporting Services. Read more about the Single-Server installation procedure.

Difficult

Selecting a (complex) multiple-server installation for Team Foundation Server should always be based on actual requirements instead of the fact that it’s just cool in trying to set this up. Don’t even think about this scenario when your potential users are lower than 250. At this time the complexity will automatically increase because you will probably also need to pass the security department for getting clearance in required service accounts for TFS and you will also need to work closely together with the SQL Server operations team / SharePoint operations team to work out a matching infrastructure for the SQL Server database instance, the SQL Server Report Server, the SQL Server Analysis Server and the Microsoft Office SharePoint Server (MOSS or WSS). Most of the time they won’t give you immediately the infrastructure you really need. You will need to earn their respect and you will need to understand their overall policies. This is definitely the part where you won’t have full control of the situation. The bigger the company, the more time it will take to get agreement from all parties. Start as early as possible with these negotiations!

Let’s shift to upgrading from a previous Team Foundation Server (2005/2008) towards Team Foundation Server 2010. In this case you have two possible options: an in-place upgrade or a migration upgrade. The in-place upgrade to TFS 2010 will use the exact same set of hardware that the previous version was using. The migration upgrade allows you to move at the same time to new and better hardware for all TFS Components. You might also want to consider moving from 32 bit to 64 bit servers. An extra difficulty might come up when the previous TFS installation is still using a SQL Server 2005 data store because TFS 2010 doesn’t offer support anymore for SQL Server 2005. Before going down the path of an upgrade, be sure to carefully read the TFS 2010 Supplemental Upgrade Guide at Codeplex.

In my opinion it’s always better to go for the migration upgrade. On top of the benefits of new hardware for Team Foundation Server 2010 (always very welcome!), you will always have an easy fall back scenario when the migration upgrade didn’t succeed.

Advanced

A not so well known feature in TFS 2010 is the ability to import data and projects from one or more previous Team Foundation Servers (2005/2008) into new Team Project Collections in a single instance of TFS 2010. Importing has some different characteristics than upgrading, but in some situations a combination of upgrading and importing might be the best fit. Consider the following situation:

  • A running multi-server TFS 2008 instance with 150+ Team Projects.
  • Team Projects should be split in different Team Project Collections that will match a specific division in the company.
  • Not all divisions can and want to upgrade at the same time due to different important release cycles. Risk and possible impact are a lot bigger when everything is upgraded at the same time.

Possible solution:

  • Perform a migration upgrade to TFS 2010.
  • Split upgraded Team Project Collection in new Team Project Collections for dedicated company divisions that were ready for the upgrade.
  • Divisions that were not ready for the upgrade can temporarily continue to work on the old TFS 2008 infrastructure.
  • To investigate a future import of remaining 2008 Team Projects for one or more dedicated divisions into TFS 2010, a trial import can be executed. During the trial period all actions to become TFS 2010 ready can be studied (builds, reports, portal, …).
  • Once the trials were successful, one or more (depending on the number of divisions left to move to TFS 2010) final imports can be performed to a new TFS 2010 Team Project Collection in combination with the rework necessary for bringing it fully operational on the new infrastructure.
  • After all remaining Team Projects are imported in TFS 2010, the TFS 2008 environment won’t be needed anymore.

Over time you will end up with a TFS 2010 environment with all desired Team Project Collections and you will have mitigated the risk of doing the one and only big-bang upgrade, forcing everyone to be ready at that particular time. One downside of the import command is that it does not upgrade reports or team project portals that are associated with the projects and databases to TFS 2010. That’s why it’s certainly a good practice to first perform an upgrade and to bring as many Team Projects back online in TFS 2010 after the initial upgrade. The original purpose of the import action is to consolidate different TFS environments into a single TFS instance.

Advertisements

TFS 2010 Team Project Security Management

January 26, 2011

Setting up security for all Team Projects on all involved TFS Components (TFS, SharePoint and SQL Reporting Services) for all individual users might be quite frustrating and error-prone from time to time.

I have seen this type of mismanagement once too many now. About time to publish some basic guidelines on how to manage Team Project security rights and permissions across all involved TFS components.

Download my recommended strategy for getting rid of the familiar red crosses in Team Explorer and manage TFS security wisely.

Download TFS2010TeamProjectSecurityManagement.pdf.

Content:

  • New Team Project
  • Group Membership for Team Project
  • What about security for SharePoint and SQL Reporting Services
  • Welcoming the TFS Administration Tool (v2.1)
  • Make use of Active Directory groups

References used in the recommendation:

A final note to conclude: the explained Team Project permission sets are not the only available permission sets in the Team Project. Read my previous blogpost on fine-grained permissions in TFS 2010 for more information.


Required permission for TFS 2010 Backup Plan

January 24, 2011

While setting up a TFS Backup Plan (part of the TFS 2010 Power Tools) on a new Team Foundation Server, I ran into a security issue.

TFSBackupError

[ Grant Backup Plan Permissions ] Account tfssetup failed to create backups using path TfsBackups.

I didn’t get rid of this error after making sure that the tfssetup account had the appropriate rights on the shared network folder where the backups will be dropped.

Giving Everyone modifications rights resolved the issue immediately, but of course that’s not the solution I was looking for.

So, ProcessMonitor from SysInternals came once again to the rescue. There I found out that SQL Server (sqlsrvr.exe) was trying to access the shared network folder.

Solution: also grant modifications rights on the shared network folder to the SQLService account that’s running SQL Server.


Version Control with Team Foundation Server 2010

January 11, 2011

On February 15, I will do a Microsoft Live Webcast on “What you should know about Version Control in Team Foundation Server 2010”.

Unlike Visual SourceSafe (VSS), which relied on a file-based storage mechanism, Team Foundation version control stores all artefacts, as well as a record of all changes and current check-outs in a SQL Server database which makes it highly reliable and scalable. It supports features such as multiple simultaneous check-outs, conflict resolution, shelving and unshelving, branching and merging, and the ability to set security levels on any level of a source tree, alongside the most visible features of document versioning, locking, rollback, and atomic commits. The source control mechanism integrates with TFS Work Item Management as well. TFS administrators can enforce check-in policies that require specific requirements to have passed and individual versions of files can be assigned labels. This session is targeted towards developers who want to know all the details about the new version control features in Team Foundation Server 2010.

Read more.

Update [May 4, 2011]: recording uploaded to Channel9

Watch recording


Timeout with TFS2010 Backup/Restore Power Tool

December 3, 2010

I peviously alread blogged about the TFS2010 Backup/Restore Power Tool, but there are still some gotchas you should be aware of.

At a customer where I made use of the TFS2010 Backup/Restore Power Tool we ran into the (known) timeout issue during a TFS Backup execution.

Active backup plan configuration: full backup each week, differential backup each day, transactional backup each 30 minutes.

The timeout (600 seconds) was caused by very big transactional log files (> 15 GB) that couldn’t be stored in time to the backup location. No matter what backup plan configuration you choose, the transactional log files of all TFS databases are continuously growing because the recovery mode of the TFS databases is set to "Full". To keep it short here, the Full recovery mode is used because it provides greater protection for data than the Simple recovery model. It relies on backing up the transaction log to provide full recoverability and to prevent work loss in the broadest range of failure scenarios. More details on SQL Server recovery modes can be found here.

As a quick fix, I changed the recovery mode of the involved databases from Full to Simple and shrunk the log files. After that I switched the recovery mode back to Full. But the issue with the growing transactional log files (+ timeout) will continue to pop up in the (near) future …

So, I was thinking about setting the recovery mode of the TFS databases to Simple permanently and switching to a nightly full backup each day. I assumed that we will always be able to do a restore to one of those full backups (maximum loss of data = 1 day) … No! Just don’t do this! The Backup/Restore Power Tool relies on SQL marked transactions to keep consistency across the TFS (and dependency products) databases. The SQL marked transaction implementation in the Backup/Restore Power Tool requires the SQL recovery mode to be set to Full. Thanks to the TFS product team for making this clear to me! Switching permanently to a Simple recovery mode could possibly result in a rollback to inconsistent TFS databases. More details on marked transactions can be found here.

A temporary solution is to manually switch to Simple recovery mode, shrink the log files and then switch back to Full recovery mode. The problem is that you would need to do this sometimes when the log files are getting "too big". A better solution might be to automate and schedule these actions for all involved TFS databases.

Here’s a sample SQL script that you might use:

ALTER DATABASE [<DatabaseName>] SET RECOVERY SIMPLE WITH NO_WAIT

USE [<DatabaseName>]

GO

DBCC SHRINKFILE (N'<DatabaseName>_log’ , 0, TRUNCATEONLY)

GO

ALTER DATABASE [<DatabaseName>] SET RECOVERY FULL WITH NO_WAIT

Timeout issues + log file sizes will be fixed in the next TFS Power Tool release (probably Q1 2011).

[Update March 13, 2011]

With the release of the new TFS Power Tools (March 2011), the timeout issue has been resolved. Note that you must not forget to disable the workaround script to shrink the logfiles.


TFS2010 Backup/Restore Tool

October 19, 2010

Despite there are some known issues with the first version of the TFS2010 Backup/Restore Tool, it has saved me already a lot of time during different TFS2010 assignments. Setting up manually a complete backup plan for all involved databases is not that straightforward for non-database-administrators. I also like the neat integration with the existing Team Foundation Administration Console.

Some other obstacles I encountered during the TFS2010 Backup configuration:

  • System Check failed in the readiness check

    TF255118: The Windows Management Instrumentation (WMI) interface could not be contacted on this computer

    This failure was simply fixed by restarting the Windows Management Instrumentation service.

    RestartWMI

  • Grant Backup Plan Permissions failed in the readiness check

    Account “x” failed to create backups using path \\tfs2010\Backups 2010

    This failure had nothing to do with security or permissions, but the error was simply caused by a space in the network path. The network backup path must not contain a space!

Note that you shouldn’t backup (yet) the SharePoint databases with the TFS2010 Backup/Restore Tool.

You can download the TFS2010 Backup/Restore Tool as part of the TFS2010 Power Tools (September 2010).


TFS2010 Configuration issue in a Windows 2000 domain

October 12, 2010

I did encounter an error while configuring Team Foundation Server 2010 on a Windows Server 2008 R2 machine (64 bit) which was joined to a Windows 2000 domain.

The error came up while running the system check verification in the TFS2010 configuration wizard.

TF255435: This computer is a member of an Active Directory domain, but the domain controllers are not accessible.  Network problems might be preventing access to the domain. Verify that the network is operational, and then retry the readiness checks.  Other options include configuring Team Foundation Server specifying a local account in the custom wizard or joining the computer to a workgroup.  http://go.microsoft.com/fwlink/?LinkID=164053&clcid=0x409

Note that the link will just bring you to the microsoft.com site and won’t help you in solving the error.

I first stumbled on this MSDN forum article, but I wasn’t really confident that this “solution” would work in my situation. The new virtual machine was setup correctly in the domain from the start and wasn’t conflicting with some other machine(s).

Digging deeper in the configuration logfile gave me this:

Exception Message: The trust relationship between this workstation and the primary domain failed.
(type SystemException)

Exception Stack Trace:    at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at Microsoft.TeamFoundation.Common.UserNameUtil.GetMachineAccountName(String hostName)
   at Microsoft.TeamFoundation.Admin.VerifyDomainAccess.Verify()

Together with the fact that SIDs could not be resolved correctly on this machine when editing local groups it was clear that there was something wrong with the AD communication.

Apparently there’s a known problem with the LookupAccountName function (only on Windows Server 2008 R2 computers joined to a Windows 2000 domain) to retrieve a security identifier (SID) for a domain account.

After applying the available hotfix (KB 976494), everything was working again and the system check in the TFS2010 configuration wizard succeeded without warnings. Problem solved!

Again a confirmation for me that installing/configuring Team Foundation Server in an enterprise environment is always a challenge because there are so many different platforms involved: Active Directory, Internet Information Server, SQL Server, Reporting Services, Analysis Services, SharePoint, …