my compiled notes of TFS, explaining briefly the architecture and covering IIS components and reporting services troubleshooting steps in second email. I prepared and compiled the stuff earlier while troubleshooting cases and having discussion regarding some concepts with TFS Tech LEADS and Escalation Engineers, trainings etc.
I have tried to summarize and compiled the important details below, from TFS TROUBLESHOOTING PERSPECTIVE BASED ON THE DAY TO DAY SCENARIOS THAT WE FACE WHILE RESOLVING THE CASES.
TFS ARCHITECTURE SUMMARY WITH WHAT ALL SERVICES STANDS FOR WHAT
============================================================
Application Architecture
========================
APPLICATION TIER
=================
It is basically listener of incoming request to access the tfs project. it's depended on set of web services which are also called tfs core web services.
The mechanism by which client can connect to tfs is using these web services. They are hosted in a website called team foundation server website the port no is 8080 and has a application pool called tfsapp pool. tfs application pool runs under tfsservice account. The url is http://localhost:8080
ON TFS APPLICATION TIER(AT), YOU WILL ALSO HAVE FOLLOWING WINDOWS SERVICES.
WINDOWS SERVICES
================
1. SQL SERVER REPORTING SERVICES(SSRS) WINDOWS SERVICES
IT RUNS UNDER DIFFERENT ACCOUNTS DEPENDING ON MODE OF TFS DEPLOYMENT( SINGLE OR DUAL SERVER).
(A) FOR SINGLE SERVER IT WIUSLL RUN UNDER LOCAL SYSTEM ACCOUNT.
(B) For dual server, it will user network service account.
Concept of three built in user account and the reason for using network service account in case of dual server installation
=============================================================================================
NOTE: THERE ARE THREE BUILT IN USER ACCOUNT
• LOCAL SYSTEM-> The Local System account is a powerful account that has full access to the system, including the directory service on domain controllers. If a service logs on to the Local System account on a domain controller, that service has access to the entire domain.
• The Local Service account- is a special, built-in account that is similar to an authenticated user account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with no credentials.
• NETWORK SERVICES-> The Network Service account is a special, built-in account that is similar to an authenticated user account. The Network Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Network Service account access network resources using the credentials of the computer account.
•
Hence, in dual server, we need network service account to communicate with database on other machine.
2. SHAREPOINT TIMER SERVICE AND IT’S RELEVANCE
SHAREPOINT TIMER SERVICES RUNS UNDER TFFSERVICE ACCOUNT. THIS SERVICE IS RESPONSIBLE FOR SENDING ALERTS. SO IF U STOP THIS SERVICE, SHAREPOINT WILL WORK BUT IT
WON'T SEND ALERT. HOWEVER WHATEVER ALERT YOU CONFIGURE ON SHAREPOINT WILL GET DISABLED IF U STOP THIS SERVICE(LIKE SENDING ALERT EMAIL).
3. TFS SCHEDULER SERVICE RUNS UNDER TFS SERVICE IDENTITY
4. CODE COVEREGE ANALYSIS SERVICE RUNS UNDER TFSSERVICE ACCOUNT
WHAT TOOL TO USE FOR CONFIGURING WHAT
====================================
NOTE: FOR CONFIUGRING SHAREPOINT USE APPLICATION POOL IN IIS.
NOTE: FOR CONFIGURING ANYTHING IN TFS USE ADMINUTIL COMMAND
NOTE: FOR CONFIGURING REPORTING SERVICES USE REPORTING SERVICE CONFIGURATION TOOL
e.g. you have a project in tfs to access the project , the client will call a set of web services on the application tier(at) and that request will be given to data tier(dt) and dt will provide the requisite information to application tier(at)
COMPONENTS NEED TO BE INSTALLED ON AT ARE BELOW
============================================
1.SSRS(SQL SERVER REPORITNG SERVICES)->IIS IS REQUIRED FOR THIS
2.WSS(WINDOWS SHAREPOINT SERVICES)
3.TFSAT(TFS APPLICATION TIER)
4.IIS(INTERNET INFORMATION SERVER)
IMPORTANT NOTE: IN CASE OF TFS 2005, REPORTING SERVICES IS GREYED OUT IN DT AS IIS IS NOT THERE
IMPORTANT NOTE: THE EDITION OF SQL SERVER SHOULD BE SAME ON AT AND DT IN CASE OF DUAL SERVER.
THE REASON FOR RECOMMENDING SQL SERVER ENTERPRISE EDITION TO USE IN PRODUCTION ENVIRONMENT
=====================================================================================
NOTE: SQL SERVER DEVELOPER EDITION IS FULL FLEDGED VERSION OF ENTERPRISE EDITION BUT IT IS LICENCESD ONLY FOR DEVELOPMENT AND TESTING. THAT IS THE REASON WE NEED TO USE SQL SERVER ENTERPRISE EDITION IN PRODUCTION ENVIRONMENT.
STRUCTURE OF IIS WITH PROPER TFS INSTALLATION
========================================
• Four Application pools are created during TFS setup:
– TFSWSS – Application pool for the default website (SharePoint sites)
– TFSWSSADMIN – Application pool for the SharePoint Central Administration site
– TFS AppPool – TFS web services run under this app pool
• The three app pools above all use the TFSService account for the identity
– Reports – Runs the Reporting Services site
• This application pool normally runs under the Network Service account. It does not run under the TFSService account
Key Things to Check
===============
• Are the Application Pools Running?
• To check, hit F5 to refresh or click the refresh button in the toolbar.
• Without expanding the Application Pools node select the Application Pools node and observe the State column on the right
If a Application Pool does not say “running”, Right-click and select start.
• Start does not mean that it is really running, it really means that it is “ready” and not launched. Once an application that is set to use this app pool executes, it will run within this app pool. This is when it is launched. If there is a problem with an app pool like say for instance a bad identity or password, this is when the app pool will fail.
If you got a Service Unavailable when opening the Administrative Website then there is probably an error in the System Event Log similar to this:
A failure was encountered while launching the process serving application pool ‘TFSWSSAdmin‘ or ‘TFSWSS’. The application pool has
been disabled. This probably indicates the password is wrong/expired for the Application Pool.
By Default, if an App Pool fails 5 times in 5 minutes, it will be disabled. That means the application serviced by this app pool will not be available
• The recycling options listed allow granular control in recycling the app pool to handle issues such as memory leaks, etc where usage over time causes memory usage increases or performance degradation.
Performance Tab
==============
• The Performance tab allow users to set other options similar to the recycling tab.
• Note that you can set more than one worker process. One is the default
• When the “Request queue limit” is reached a 503 error will be returned
• There are two actions that can be taken in the “Enable CPU monitoring” section :
– “No Action” - Event log entry is written
– “Shutdown” - IIS will initiate a shutdown of the worker thread/threads
Health Tab
• The Health tab allows setting options for monitoring the process
• If the limits are reached or the process does not respond to a ping then the worker process is destroyed and a new one created
Identity Tab
• Simply the identity the process is running under
• In TFS, this is also the login needed for SQL
• Check the Home Directory Tab for the SharePoint Central Administration site and the Default Website
• The SharePoint Admin site should be set to the TFSWSSADMIN app pool
• The Default Website runs under the TFSWSS app pool
• Websites can only run one version of ASP.NET. All sites on the Application Tier run under ASP.NET 2.0. If you receive a parse error in either Reporting Services or SharePoint you should check that the site is using 2.0
If you see the ASP.NET version is 1.1 be aware, SharePoint was probably reinstalled
Directory Security Tab TFS Requires Integrated Windows authentication
Execute Permissions must NOT be none
What applications are running under each app pool
• There are 2 ways to tell. One is to look for the applications under the application pool name.
• The other is to look at the bottom of the Home Directory tab for each website
TFSWSS app pool
• The TFSWSS app pool handles the default website and the WSS sites collection
• As with the WSS database names, the app pool needs to be named TFSWSS for servicing to work (upgrade, reinstall)
• If this app pool exists in a restore or re-install scenario, setup will stop but there is an ignore option. (Just select Ignore)
TFSWSSADMIN app pool
• This app pool is the one used for the WSS Administration website
• As with the database names, the app pool needs to be named TFSWSSADMIN for servicing to work (upgrade, reinstall)
• If this app pool exists in a restore or re-install scenario, setup will stop but there is an ignore option
TFS AppPool app pool
• This app pool handles TFS
• Notice the applications running under this app pool
Reports app pool
=============
• Handles the Reporting site
Setting the identities of app pools
• The accounts that the app pools are set to need to have SQL logins to the databases they access.
• Changing the identity of an app pool does NOT give that account access to the database
• As far as SharePoint is concerned, the account that the two SharePoint app pools (TFSWSSADMIN & TFSWSS) run under has a login (user mapping) in SQL to the STS_Config_TFS and STS_Content_TFS databases.
• To change the TFS service account or to change the account that SharePoint and TFS run under, use TFSADMINUTIL ChangeAccount. It is located under the Tools directory in the TFS directory:
c:\Program Files\Microsoft Visual Studio 2005 Team Foundation Server\Tools\TFSADMINUtil ChangeAccount OldAccount NewAccount Password
This will change the settings for the app pools and add a login and permissions for the two SharePoint databases and all of the TFS databases
Application Pools do get corrupted
• If you decide it is corrupted, create a new one
• After selecting New->Application Pool
Select “Use existing application pool as template” to retain existing settings
Delete the corrupt app pool and then rename the new one to the old name
Use the “Home Directory” tab of the Web Site this App Pool will service and set the Application Pool to the new app pool
SOME TIPS FOR TROUBLESHOOTING
===========================
• Do not change the identities for the Application Pools individually, it will not create a SQL login. Use TFSADMINUTIL instead
• When an App Pool fails 5 times in 5 minutes, it is disabled.
Check the Application Event log for related errors. It will usually tell you the
NOTE: THERE SHOULD BE RELATIONSHIP WITHIN EVERY APPLICATION POOL AND WEBSITE. THOUGH MULTIPLE WEBSITES CAN RUN IN MORE THEN ONE APPLICATION POOL
CONSTITUTENTS OF WINDOWS SHAREPOINT SERVICES IN RELEVANCE TO TEAM FOUNDATION SERVER(TFS)
===================================================================================
it requires two servers
(a)configuration server and(b) content server
it requires two websites
1. default website
2. central administration websites
wss requires following two applicaiton pool(identity/account used is tfsservice account)
1.tfswss->http://localhost:80 responsible for(content website)//localhost:80/sites/projectname
2.tfs wssadmin it is application pool for http://localhost:17012(configuration website)
important note: All these application pools will get created while team foundation server(tfs) installation. we are not suppose to create it manually.
DATA TIER->COMPONENTS OF SQL SERVER 2005
===========================================
services(only for 32 bit/64 bit) the below components are going to be implemented as windows services
1. database engine service
2. sql server analysis services
3.sql server integrated services
4.mgmt
5.browser
TO CONFIGURE THE ABOVE SERVICES YOU HAVE OPTION OF EITHER USING
(A)SERVICE CONTROL MANAGER OR
(B) SQL SERVER CONFIGURATION TOOL.
WHY TO USE SQL CONFIGURATION MANAGEMNT TOOL
However, please note that it is always advisable to use SQL SERVER CONFIGURATION MANAGEMENT TOOL THEN THE SERVICE CONTROL MANAGER, reason being these services WILL BE ACCESSING THE PARTICULAR SET OF FILE PATH AND REGISTRY. USING SQL SERVER CONFIGURATION MANAGEMENT TOOL TO CHANGE THE USER ACCOUNT; IT WILL ENSURE NOT ONLY THE USER ACCOUNT WILL BE CHANGED BUT IT WILL GIVE PERMISSIONS ON SET OF FILE PATH AND REGISTRY.
NOTE: DURING THE INSTALLATION ALL THESE SERVICES NEED TO BE SETUP USING LOCAL SYSTEM ACCOUNT. YOU CAN CHANGE LATER TO DOMAIN ACCOUNT.
IMPORTANT NOTE: ON DATA TIER YOU DONT HAVE ANY WEBSERVICES.
IMPORTANT NOTE: when we are done with dt the databases missing are reporting services and two SharePoint databases. tfswarehouse and tfswareouse in analysis services databases are created but not populated.