We have an on-premise TFS2015RC installation. The server is part of our domain.
When configuring a build agent (build.vnext) on another server in the same domain, everything works as expected.
However, when configuring a build agent on a server outside of this domain, the following happens:
Using ConfigureAgent.ps1:
- accept all defaults
- choose interactive mode (e.i. not installed as Windows Service)
- then an authentication dialog shows up:
- I enter a domain user (
domain\user
) which is administrator of TFS - I provide the domain password for this user. If the password is wrong, the dialog will say so and I need to correct it (default behavior in Windows)
- I enter a domain user (
- The script proceeds, but after starting the agent it says:
ERROR:
VS30063: You are not authorized to access http://{server}:8080/tfs
Why is the authentication failing? How can I find out with which user it is trying to authenticate?
I have tried:
- looking at the logfile in the _diag folder. The log file states exactly the same, without more usable info.
- tried the advice from this link to enable Basic Authentication on IIS on the TFS server. I did this (reluctantly) but it does not resolve the issue.
OK I managed to resolve the issue like this:
Like this, it is working! However, I somehow cannot get it to run in "console mode" (i.e. not starting it as a windows service). This is not a big issue.
There was one small issue after this: in the logfile I could see it was trying to connect to http://NAME-OF-TFS:8080/tfs instead of http://IP-ADDRESS:8080/tfs, but I could resolve that issue by adding a line to the hosts file on the build machine.