TFS command line and SSL/TLS security exception

StackOverflow https://stackoverflow.com/questions/807740

Question

I am trying to use tf.exe command line to setup a new workspace. I don't like the idea installing Team Explorer and therefore required Visual Studio.

Running tested command from the other machine where VS is installed causes security exception on this one since I am trying to connect to the TFS via https. I get the error string:

Team Foundation Server https://... does not exist or is not accessible at this time. Technical information (for administrator): The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I tried to

  • ping the server => was fine
  • access it via IE => had to accept the certification, but otherwise fine

Are there any other things I can try?

Many thanks, Ovanes

Was it helpful?

Solution

Our ssl certificate was signed with some proprietary certificate (issued not by a known authority like Verisign), therefore I had to install the issuer certificate as the trusted root certificate. Afterwards everything worked fine.

Many thanks for your devotion.

OTHER TIPS

You may want to look into Team System Web Access

It provides web based access to much of the functionality of Team Explorer.

You can use Team System Web Access through a remote connection to perform the following functions:

  • Create, view, query for, and track work items.
  • Manage a project's document libraries.
  • View version-controlled files and related version information.
  • Manage the software build process by running builds and reviewing build results.
  • Generate reports to track status and trend information over time for a team project

Have you tried to install the certificate?

This error can also occur using tfpt.exe (and probably tf.exe) too, if you're using an old version. We encountered it using TFPT 2010 against a TFS 2012 server.

For anyone having this issue even after installing their certificates. There might be cases when the handshake between server and client don't use the same SSL or TLS version. I used the following changes ot the registry to force TLS on the client and it worked fine after that:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319 "SchUseStrongCrypto"=dword:00000001

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 "SchUseStrongCrypto"=dword:00000001

More info Here: https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2960358 and here https://blogs.msdn.microsoft.com/friis/2017/10/09/troubleshooting-tls-ssl-scenario-2/

Have you specified TFS port? SSL drops you automatically to 443 and TFS is using, as far as I remember port 8080.

You have to specify full url including port number when you connect for the first time. For example "http://team1server:8080".

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top