Unable to connect to TFS server running SSL

Hi!

I am having some issues connecting Team City to MS Team Foundation Server. The error is as follows:

[2011-05-06 14:51:02,824]   WARN [on=editVcsRoot ] -      jetbrains.buildServer.VCS - Error occurred in test connection jetbrains.buildServer.vcs.VcsException: TFS failed. ExitCode: 1, Stdout:: TFS Native Verifier v6.0 Copyright (C) 2006-2011 JetBrains s.r.o. INFO  - Use Tfs from JetBrains.TeamCity.Tfs.Tfs10Accessor TFS Native Accessor v6.0 Copyright (C) 2006-2011 JetBrains s.r.o. INFO  - Connecting to server https://tfs.osm.no:443/tfs Connection test:   Server='https://tfs.osm.no/tfs'   Username='osm.loc\OSMTFSBuild'   Root='$/eCrewAccounting/eCrewAccounting' ERROR - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. System.Exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.    at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)    at System.Net.TlsStream.CallProcessAuthentication(Object state)    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)    at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)    at System.Net.ConnectStream.WriteHeaders(Boolean async)    --- End of inner exception stack trace ---    at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)    at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)    at Microsoft.TeamFoundation.Client.TeamFoundationSoapProxy.GetWebResponse(WebRequest request)    at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)    at Microsoft.TeamFoundation.Proxy.BisRegistrationServiceProxyWsdl.GetRegistrationEntries(String toolId)    at Microsoft.TeamFoundation.Proxy.BisRegistrationProxy.GetRegistrationEntries(String toolId)    at Microsoft.TeamFoundation.Proxy.BisRegistrationService.RefreshMemoryCache()    at Microsoft.TeamFoundation.Proxy.BisRegistrationService.RefreshCachesIfNeeded(Boolean direct)    at Microsoft.TeamFoundation.Proxy.BisRegistrationService.GetRegistrationEntries(String toolId)    at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.FindServiceLocation(String serviceType, String toolId)    at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.LocationForCurrentConnection(String serviceType, Guid serviceIdentifier)    at Microsoft.TeamFoundation.Client.TfsConnection.EnsureProviderConnected()    at Microsoft.TeamFoundation.Client.TfsConnection.<Authenticate>b__1()    at Microsoft.TeamFoundation.Client.TfsConnection.UseCredentialsProviderOnFailure(Action action)    at Microsoft.TeamFoundation.Client.TfsConnection.Authenticate()    at Microsoft.TeamFoundation.Client.TeamFoundationServer.Authenticate()    at JetBrains.TeamCity.Tfs.Command.Do() in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Command.cs:line 25    at JetBrains.TeamCity.Tfs.Program.Main(String[] args) in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Program.cs:line 110    --- End of inner exception stack trace ---    at JetBrains.TeamCity.Tfs.Program.Main(String[] args) in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Program.cs:line 349 , Stderr::      at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsNativeExeRunner.start(TfsNativeExeRunner.java:61)      at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsServerNativeExeRunner.start(TfsServerNativeExeRunner.java:102)      at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsTestConnectionSupport.testConnection(TfsTestConnectionSupport.java:26)      at jetbrains.buildServer.controllers.admin.projects.EditVcsRootsController.doPost(EditVcsRootsController.java:19)      at jetbrains.buildServer.controllers.BaseFormXmlController$1.handleRequest(BaseFormXmlController.java:54)      at jetbrains.buildServer.controllers.AjaxRequestProcessor.processRequest(AjaxRequestProcessor.java:45)      at jetbrains.buildServer.controllers.BaseFormXmlController.doHandle(BaseFormXmlController.java:52)      at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:73)      at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)      at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)      at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)      at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)      at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)      at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)      at jetbrains.buildServer.rootDispatcher.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:222)      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)      at jetbrains.buildServer.web.SetThreadNameFilter.runChainWithModifiedThreadName(SetThreadNameFilter.java:18)      at jetbrains.buildServer.web.SetThreadNameFilter.doFilter(SetThreadNameFilter.java:4)      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)      at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:2)      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)      at java.lang.Thread.run(Unknown Source)



Some information about my setup:

- TFS server running in Norway
- TFS server set up to run SSL with certificates signed by unauthorized issuer
- All client machines must store copy of unauthorized issuer locally
- Web client of TFS is available using https://tfs.osm.no/tfs
- Team explorer works fine on the TeamCity server (e.g. able to conncet and download source)
- VS 2010 works fine on the TeamCity server (e.g. able to conncet and download source)
- Both the certificate for tfs.osm.no as well as the local certificate issued has been imported into TeamCity's 'local' Java installation. No other Java is installed on the server
- Server has been rebooted after Java keystores were updated

I have tried testing the VCS with both tfs.osm.no and tfs.osm.no:443 as mentioned in the forum. That did not change anything.

I guess the main question is: Why cannot TeamCity connect to the server (trust the underlying connection and certificate) when IE, VS2010 and Team Explorer can?

Edit: CA certificate has both been attempted added as regular certificate as well as '-trustcacerts' without any difference.

Message was edited by: Ivar Sønstabø

2 comments
Comment actions Permalink

Hi

What account does agent service use?
Please login by this account interactivelly, and recheck Team Explorer can connect to TFS server from there.

Thanks
Michael

0
Comment actions Permalink

Hi!

Thanks for your reply.
I changed the service to run under the administrator I am logged in with. That did the trick.
Checking the documentation I added the project collection to the URL.

Connection is now a success.

0

Please sign in to leave a comment.