Team Foundation Server on a Domain Controller
If you choose to install Team Foundation Server on a domain controller (less than optimal), you’re going to have some issues. The one I’d like to address here is this one, which happens when viewing reports (including through the team project portal site):
This by design and happens because members of the Builtin Users group on a domain controller include Domain Users. Members of this group do not have the right to logon locally (SeInteractiveLogonRight). The Reporting Logon Account (for example, TFSReports) is just a regular domain user account. As a result, the default behavior on a domain controller prevents it from impersonating the user requesting the report. For more information, see https://support.microsoft.com/kb/823659.
To get around this issue, you can just logon as an Administrator and add the needed right to that account:
C:\> ntrights -u TFSReports +r SeInteractiveLogonRight
Where TFSReports is the reporting data reader account specified during Team Foundation Server setup.
Update - you can find ntrights.exe in the Windows Server 2003 Resource Kit Tools.
Comments
Anonymous
October 05, 2005
You need to change the policy on the domain controller in which you will allow the specified users (user you are using to view the portal of your project) to logon locally. I hope it will work.Anonymous
October 06, 2005
Yes, you can either change the policy for all users, or grant that specific right to that one account. The latter is probably the more secure approach.Anonymous
August 15, 2008
I know I probably shouldn't be this excited, but I've just installed VSTS B3 into a single VPC image, and it worked first time!! Still a couple of funnies, reports don't seem to be working doesn't look fatal, probably a...Anonymous
November 05, 2011
The comment has been removedAnonymous
November 24, 2011
You cannot install Team Foundation Server 2008 on a domain controller. See: msdn.microsoft.com/.../ee248700(v=vs.90).aspx