Welcome to MSDN Blogs Sign in | Join | Help

Team Foundation Server on a Domain Controller

If you choose to install Team Foundation Server on a domain controller (less than optimal), you’re going to have some issues. The one I’d like to address here is this one, which happens when viewing reports (including through the team project portal site):

rsErrorImpersonatingUser

This by design and happens because members of the Builtin Users group on a domain controller include Domain Users. Members of this group do not have the right to logon locally (SeInteractiveLogonRight). The Reporting Logon Account (for example, TFSReports) is just a regular domain user account. As a result, the default behavior on a domain controller prevents it from impersonating the user requesting the report. For more information, see http://support.microsoft.com/kb/823659.

To get around this issue, you can just logon as an Administrator and add the needed right to that account:

C:\> ntrights -u TFSReports +r SeInteractiveLogonRight

Where TFSReports is the reporting data reader account specified during Team Foundation Server setup.

Update - you can find ntrights.exe in the Windows Server 2003 Resource Kit Tools.

Published Wednesday, October 05, 2005 5:01 PM by Rob Caron
Filed under:

Comments

Thursday, October 06, 2005 2:42 AM by Hammad

# re: Team Foundation Server on a Domain Controller

You need to change the policy on the domain controller in which you will allow the specified users (user you are using to view the portal of your project) to logon locally. I hope it will work.
Thursday, October 06, 2005 3:10 PM by Rob Caron

# re: Team Foundation Server on a Domain Controller

Yes, you can either change the policy for all users, or grant that specific right to that one account. The latter is probably the more secure approach.
Friday, August 15, 2008 3:03 PM by Martin Woodward

# Another Successful VSTS Beta 3 Install

I know I probably shouldn't be this excited, but I've just installed VSTS B3 into a single VPC image, and it worked first time!! Still a couple of funnies, reports don't seem to be working doesn't look fatal, probably a...

Anonymous comments are disabled
 
Page view tracker