Unable to connect to TFS server running SSL

Avatar
Permanently deleted user
Created

Hi!

I am having some issues connecting Team City to MS Team Foundation Server. The error is as follows:

[2011-05-06 14:51:02,824]   WARN [on=editVcsRoot ] -      jetbrains.buildServer.VCS - Error occurred in test connection
jetbrains.buildServer.vcs.VcsException: TFS failed. ExitCode: 1, Stdout:: TFS Native Verifier v6.0 Copyright (C) 2006-2011 JetBrains s.r.o.
INFO  - Use Tfs from JetBrains.TeamCity.Tfs.Tfs10Accessor
TFS Native Accessor v6.0 Copyright (C) 2006-2011 JetBrains s.r.o.
INFO  - Connecting to server https://tfs.osm.no:443/tfs
Connection test:
  Server='https://tfs.osm.no/tfs'
  Username='osm.loc\OSMTFSBuild'
  Root='$/eCrewAccounting/eCrewAccounting'
ERROR - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
System.Exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.TlsStream.CallProcessAuthentication(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
   --- End of inner exception stack trace ---
   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)
   at Microsoft.TeamFoundation.Client.TeamFoundationSoapProxy.GetWebResponse(WebRequest request)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.TeamFoundation.Proxy.BisRegistrationServiceProxyWsdl.GetRegistrationEntries(String toolId)
   at Microsoft.TeamFoundation.Proxy.BisRegistrationProxy.GetRegistrationEntries(String toolId)
   at Microsoft.TeamFoundation.Proxy.BisRegistrationService.RefreshMemoryCache()
   at Microsoft.TeamFoundation.Proxy.BisRegistrationService.RefreshCachesIfNeeded(Boolean direct)
   at Microsoft.TeamFoundation.Proxy.BisRegistrationService.GetRegistrationEntries(String toolId)
   at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.FindServiceLocation(String serviceType, String toolId)
   at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.LocationForCurrentConnection(String serviceType, Guid serviceIdentifier)
   at Microsoft.TeamFoundation.Client.TfsConnection.EnsureProviderConnected()
   at Microsoft.TeamFoundation.Client.TfsConnection.<Authenticate>b__1()
   at Microsoft.TeamFoundation.Client.TfsConnection.UseCredentialsProviderOnFailure(Action action)
   at Microsoft.TeamFoundation.Client.TfsConnection.Authenticate()
   at Microsoft.TeamFoundation.Client.TeamFoundationServer.Authenticate()
   at JetBrains.TeamCity.Tfs.Command.Do() in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Command.cs:line 25
   at JetBrains.TeamCity.Tfs.Program.Main(String[] args) in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Program.cs:line 110
   --- End of inner exception stack trace ---
   at JetBrains.TeamCity.Tfs.Program.Main(String[] args) in c:\Agent\work\9f2b3673cc66b89\TfsNativeAccessor\src\Program.cs:line 349
, Stderr:: 
     at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsNativeExeRunner.start(TfsNativeExeRunner.java:61)
     at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsServerNativeExeRunner.start(TfsServerNativeExeRunner.java:102)
     at jetbrains.buildServer.buildTriggers.vcs.tfs.TfsTestConnectionSupport.testConnection(TfsTestConnectionSupport.java:26)
     at jetbrains.buildServer.controllers.admin.projects.EditVcsRootsController.doPost(EditVcsRootsController.java:19)
     at jetbrains.buildServer.controllers.BaseFormXmlController$1.handleRequest(BaseFormXmlController.java:54)
     at jetbrains.buildServer.controllers.AjaxRequestProcessor.processRequest(AjaxRequestProcessor.java:45)
     at jetbrains.buildServer.controllers.BaseFormXmlController.doHandle(BaseFormXmlController.java:52)
     at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:73)
     at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
     at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
     at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
     at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
     at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
     at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
     at jetbrains.buildServer.rootDispatcher.TeamCityDispatcherServlet.service(TeamCityDispatcherServlet.java:222)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at jetbrains.buildServer.web.SetThreadNameFilter.runChainWithModifiedThreadName(SetThreadNameFilter.java:18)
     at jetbrains.buildServer.web.SetThreadNameFilter.doFilter(SetThreadNameFilter.java:4)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:2)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
     at java.lang.Thread.run(Unknown Source)



Some information about my setup:

- TFS server running in Norway
- TFS server set up to run SSL with certificates signed by unauthorized issuer
- All client machines must store copy of unauthorized issuer locally
- Web client of TFS is available using https://tfs.osm.no/tfs
- Team explorer works fine on the TeamCity server (e.g. able to conncet and download source)
- VS 2010 works fine on the TeamCity server (e.g. able to conncet and download source)
- Both the certificate for tfs.osm.no as well as the local certificate issued has been imported into TeamCity's 'local' Java installation. No other Java is installed on the server
- Server has been rebooted after Java keystores were updated

I have tried testing the VCS with both tfs.osm.no and tfs.osm.no:443 as mentioned in the forum. That did not change anything.

I guess the main question is: Why cannot TeamCity connect to the server (trust the underlying connection and certificate) when IE, VS2010 and Team Explorer can?

Edit: CA certificate has both been attempted added as regular certificate as well as '-trustcacerts' without any difference.

Message was edited by: Ivar Sønstabø

Votes

0

Share

2 comments
Avatar
Michael Kuzmin
Created

Hi

What account does agent service use?
Please login by this account interactivelly, and recheck Team Explorer can connect to TFS server from there.

Thanks
Michael

0
Avatar
Permanently deleted user
Created

Hi!

Thanks for your reply.
I changed the service to run under the administrator I am logged in with. That did the trick.
Checking the documentation I added the project collection to the URL.

Connection is now a success.

0

Please sign in to leave a comment.