Installation problems (Windows 2003)

This page documents difficults encountered during the installation procedure. Each section is scoped by deployment scenario.

Dual-server Deployment, Windows 2003 and SQL Server 2005

The first scenario attempted by the group is an AD domain-based deployment onto separate application tier and data tier servers. As per TFS installation guide, the servers were prepared with

1. Domain controller - ICELAND 
   • Windows Server 2003, SP2
   • domain icelava.local (NetBIOS name ICELAVA)
2. App-tier - TFS2008WAPP
   • Windows Server 2003, SP2
   • IIS 6.0
   • SQL Server 2005, SP3 *
     • Reporting Services
3. Data-tier - TFS2008WDATA
   • Windows Server 2003, SP2
   • SQL Server 2005, SP3 *
     • Database engine
     • Analysis Services

* note that the guide only states SP2 for SQL Server, but SP3 was already released at time of installation.

The TFS 2008 installation package was from the MSDN TFS trial DVD slipstreamed with TFS 2008 SP1. The merging instructions are found in the TFS installation guide, "How to: Integrate the Installation of Team Foundation Server and Service Pack 1" section.

In parallel with Aaron Seet's journal of events, an unknown condition caused the App-tier server to identify itself to the Data-tier server (SQL Server) purely as ANONYMOUS when it should have identified as ICELAVA\TFS2008WAPP$ for any service that was configured to run as NETWORK SERVICE in TFS2008WAPP. UPDATE: domain members that may share the same SID due to image cloning may fail in their inter-machine identification.

This single anomaly breaks the TFS installation procedure because it counts on services running as NETWORK SERVICE and having the App-tier server identifying correctly.

The first indication of this problem is revealed during the TFS installer's configuration of SSRS.

Error 29112. Team Foundation Report Server Configuration: Either SQL Reporting Services is not properly configured, or the Reporting Services Web Site could not be reached. Use the Reporting Services Configuration tool to confirm that SQL Reporting Services is configured properly and that the Reporting Service Web site can be reached, and then run the installation again. For more information, see the Team Foundation Installation guide.

This is showned further in the data-tier server TFS2008WDATA's Event logs

Event Type: Failure Audit
Event Source: MSSQLSERVER
Event Category: (4)
Event ID: 18456
Date:  11/02/2009
Time:  10:55:34 AM
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: TFS2008WDATA
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.1.25]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00004818 0000000e 0000000d 00460054
0010: 00320053 00300030 00570038 00410044
0020: 00410054 00070000 006d0000 00730061
0030: 00650074 00000072

The error dialog box in the TFS installation program - which features Retry and Cancel buttons - should be left alone at the moment.

Understanding the SSRS architecture is important to resolving this problem in the installation process. To workaround this, the following steps had to be carried out to reconfigure the services to run as ICELAVA\TFSservice instead of NETWORK SERVICE.

1. In TFS2008WDATA and SQL Server Management Studio, assigned the RSExec role to ICELAVA\TFSService in the ReportServer and ReportServerTempDB databases.
2. In TFS2008WAPP, added ICELAVA\TFSservice as a member of the SQLServer2005ReportServerUser$TFS2008WAPP$MSSQLServer group.
3. In TFS2008WAPP, modified the SQL Server Reporting Services (MSSQLServer) Windows service (Computer Managment) to run as the service account ICELAVA\TFSservice instead of NETWORK SERVICE.
4. Restarted the Windows service.

The error dialog box can then be dismissed with the Retry button and let the installer proceed another time. However, that recofiguration was only for the SSRS Windows service, another error will eventually appear.

Error 28806. An unexpected error occurred. Verify that SQL Server Reporting Services is installed and running on the Team Foundation app tier and that you have sufficient privileges to access it. For more information, see the setup log.

The next layer of SSRS, the http://localhost/ReportServer web services, continued to run as NETWORK SERVICE. To reconfigure this layer,

1. In TFS2008WAPP and IIS Manager, assigned ICELAVA\TFSservice as the ReportServer AppPool identity.
2. Added ICELAVA\TFSservice as a member of the SQLServer2005ReportServicesWebServiceUser$TFS2008WAPP$MSSQLServer group.

However the SSRS configuration was still not complete, and another error was encountered

Error 28805. The setup program cannot complete the request to the server that is running SQL Server Reporting Services. Verify that SQL Server Reporting Serivces is installed and running on the Team Foundation app tier and that you have sufficient permissions to accept it. For more information, see the setup log.

The Report Manager site at http://localhost/Reports exhibited

The Report Server Web Service is unable to access secure information in the report server. Please verify that the WebServiceAccount is specified correctly in the report server config file. (rsAccessDeniedToSecureData)

The SSRS configuration had to be completed by

1. In TFS2008WAPP, launched Reporting Services Configuration tool
2. In the Web Service Identity page, confirmed ICELAVA\TFSservice as the identity to be used.

These manually reconfigurations allowed the TFS installer to complete successfully. However, the Sharepoint services site remained "misconfigured" despite not stalling the installation process like SSRS did. Going straight to http://localhost to obtain a first glance at the Sharepoint root portal resulted in

Cannot connect to the configuration database.

The Sharepoint services similarly had to be reconfigured

1. In TFS2008WAPP, opened up Administrative Tools and launched SharePoint 3.0 Central Administration, addressed at http://localhost:17012.
2. Clicked on the Operations tab, and clicked on Service Accounts under the Security Configuration section.
3. In the Service Accounts page and the Select the component to update section, chose the Web application pool radio option with
   • Windows SharePoint Services Web Application for Web Service
   • DefaultAppPool for Application pool
4. Under the Select an account for this component section, selected Configurable radio option and typed in ICELAVA\TFSservice as the user name, along with its password.
5. Clicked OK to persist this setting.

The root portal could subsequently connect to the database and display the site contents.