1

I have installed Team Foundation Server 2015 Express on my development PC and it works fine. I am on a network that does not have domain. However, when I try to access TFS via public URL:

http://my-tfs-server.ddns.net:8080/tfs/web

I get the login dialog, enter my credentials (100% correct), and after few reties always get the following message:

401 - Unauthorized: Access is denied due to invalid credentials

Similar thing happens when I try to access TFS using VS 2010, it says I am not authorized.

But, when I use local URL, credentials and everything else works flawlessly:

http://localhost:8080/tfs/web

This is driving me nuts, am I missing something, what could be the problem?

Dusan
  • 111
  • 4
  • Have you tried to connect to http://my-tfs-serve.ddns.net:8080 http://my-tfs-serve.ddns.net:8080/tfs/ ? TFS has some redirect rules and it's expecting auto login on that URL that you mentioned AFAIK. – Alex H Feb 25 '16 at 15:59

1 Answers1

3

Check the values for Notification and Web Access URLs: they must match the public DNS name.

Administration Console

Forgot to add: avoid publishing the 8080 port, and lock down access to SSL as described in Set up HTTPS with Secure Sockets Layer (SSL) for Team Foundation Server.

Giulio Vian
  • 509
  • 2
  • 10
  • URLs are matching - that was not the problem. Now, when I have disabled Windows Authentication and enabled Basic Authentication for the TFS application in IIS - I was able to login. Wonder if it is even possible to use Windows Authentication for TFS over internet (not intranet)? – Dusan Feb 26 '16 at 08:53
  • It should work, could be something in your test (are you using the same machine, network, where is the router and so on). If you opt for Basic, use SSL!!!! – Giulio Vian Feb 26 '16 at 09:02
  • Thank you. Currently I have installed and making a !test! of TFS on my dev machine. I don't need SSL yet since this is just for testing purposes on my dev environment. I already have an SSL on the real server which will be used later. On dev machine I have a public, non-static IP so I am using dynamic dns from noip.com (ddns.net). The router is forwarding 8080 to dev machine - and it works just fine. Windows Authentication fails when accessing TFS from the same machine but over public URL. Now, the windows authentication don't work if there is a proxy between client and server - how to check? – Dusan Feb 26 '16 at 09:16
  • Correct: a proxy may disrupt Windows Auth. For similar tests, I spin off a VM in AWS/Azure/whatever and try from there. – Giulio Vian Feb 26 '16 at 10:31