The second one for the day, this is from Romit:

Found an interesting issue where any of the user (apart from TfsSetup account and TfsService Account) were not able to connect to Team Foundation Server. After checking the Event Viewer found something really interesting.

Issue : Not able to connect to Team Foundation Server 2008 from any user. (Error TF30041: Team Foundation Server could not connect to the database)

From Event Viewer

========================================================

TF53010: The following error has occurred in a Team Foundation component or extension:

Date (UTC): 9/15/2009 3:01:41 PM

Machine: <ServerName>

Application Domain: /LM/W3SVC/507968418/ROOT/Services-1-128974238169229171

Assembly: Microsoft.TeamFoundation.Server, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727

Process Details:

  Process Name: w3wp

  Process Id: 4744

  Thread Id: 6068

  Account name: Domain\User Account

Detailed Message: TF30041: Team Foundation Server could not connect to the database.  Contact your Team Foundation Server administrator.

Web Request Details

    Url: http://<ServerName>:8080/Services/v1.0/ServerStatus.asmx [method: POST]

    User Agent: Team Foundation (devenv.exe, 9.0.30729.1)

    Headers: Content-Length=354&Content-Type=text%2fxml%3b+charset%3dutf-8&Accept-Encoding=gzip%2cgzip%2cgzip&Accept-Language=en-US&Authorization=NTLM+TlRMTVNTUAADAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAANcKI4gYAchcAAAAP2L7Wkh84tzCGvyf%2biUkycw%3d%3d&Expect=100-continue&Host=<servername>%3a8080&User-Agent=Team+Foundation+(devenv.exe%2c+9.0.30729.1)&X-TFS-Version=1.0.0.0&X-TFS-Session=10fbc724-5809-4158-937a-8c4bea05ba1f&SOAPAction=%22http%3a%2f%2fschemas.microsoft.com%2fTeamFoundation%2f2005%2f06%2fServices%2fServerStatus%2f03%2fCheckAuthentication%22

    Path: /Services/v1.0/ServerStatus.asmx

    Local Request: True

    Host Address: 2002:3e5c:609::3e5c:609

    User: Domain\User Account [authentication type: NTLM]

 

Exception Message: TF30041: Team Foundation Server could not connect to the database.  Contact your Team Foundation Server administrator. (type DatabaseConnectionException)

 

Exception Stack Trace:    at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex, QueryExecutionState queryState)

   at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex)

   at Microsoft.TeamFoundation.Server.SqlResourceComponent.HandleException(SqlException ex)

   at Microsoft.TeamFoundation.Server.SqlResourceComponent.execute(ExecuteType executeType, CommandBehavior behavior)

   at Microsoft.TeamFoundation.Server.SqlResourceComponent.ExecuteReader()

   at Microsoft.TeamFoundation.Server.AuthorizationComponent.SecurityReadIsPermitted(String objectId, String actionId, String userSid)

   at Microsoft.TeamFoundation.Server.AuthorizationStoreAccessor.IsPermitted(String objectId, String actionId, String userSid)

   at Microsoft.TeamFoundation.Server.SecurityManager.CheckGlobalPermission(IPrincipal user, String actionId)

   at Microsoft.TeamFoundation.Server.ServerStatus.CheckAuthentication()

Inner Exception Details:

Exception Message: Login failed for user ' Domain\User Account '. (type SqlException

====================================

Now if we see the Event Viewer error, it’s complaining that ‘Domain\User Account’ does not have permission to connect to database (Domain\User Account is the user who is trying to connect to Team Foundation Server).

User Accounts does not need permission in SQL to use Team Foundation Server or to connect to it using Visual Studio.  Normally it’s our TfsService account which connect to SQL (as ‘Microsoft  Team Foundation Server Application Pool’ is by default configured to run TfsService account).

Cause

Found out that in this particular case ’ASP.Net impersonation’ was enabled for Team Foundation Server web site and it was passing the user credential to SQL instead of TfsService Account’s . By default ASP.Net impersonation is set to disable in IIS but in this particular case it was enabled. (Make sure that ASP.Net impersonation is disabled in Default Web site and for SharePoint Central Administration Site also otherwise we would see similar behavior for  them also.)

Resolution

To disable ASP.Net impersonation in IIS 7

IIS Manager  | Select the Web Site | Authentication (under Feature View) and make sure it’s disabled

(if it’s enabled you can change the setting from edit option, under Actions)

To disable ASP.Net impersonation in IIS 6

Edit configuration file in the application root directory and set following

<impersonation enable="false"/>

 

For more on ASP.Net impersonation

http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4ec9116c-7ca2-4126-9dc4-b7f82b67cd76.mspx?mfr=true 

Content by: Romit

Reviewed by: Lucky