Don’t try this at home, OK?
I wanted to try out less than Basic TFS setup. I only wanted source control part to start with. I took the following:
- Existing AD Domain
- Domain user on local machine with VS 2010 ready
- Remote virtual Windows Server 2008 R2 created by merging Hyper-V template
- TFS 2010 Installation Disc
First step was installation, and there is not much to say about it – just use minimum set of features, but then comes the hard part – configuration.
The basic idea was to add computer to the domain, setup TFS and then configure my domain user (or a group, such as Developers) to use TFS for source control.
OK. Let’s go. Verify installation requirements. I’ve allocated 1GB RAM for the machine, and it should do for my sub-basic setup, so I’ll ignore the warning about that. TFS will setup SQL Server 2008 Express Edition for us – that’s cool. But system has a problem:
Verification check fails with the error: TF255435: This computer is a member of an Active Directory domain, but the domain controllers are not accessible.
http://support.microsoft.com/kb/2026258 is supposed to handle this, and it has valuable information.
- Make sure that the domain controllers are accessible.
- Change computer SID to make it unique. See NewSID v4.10 for details.
- Reset the computer in AD or disjoin and rejoin computer to the domain.
But wait! NewSID is retired! Sysinternals wizard claims that SID is (almost) never used, and duplicates don’t present a security issue. So, I’ve decided to leave the domain until the configuration is complete, and join back again. But then I couldn’t add domain users! Domain is obviously accessible but again I get something like:
This computer is a member of an Active Directory domain, but the domain controllers are not accessible.
I refused to believe that SID has anything to do with it, but after couple days(!) of exhausting any other possibility, I decided that I don’t want to leave the domain for any config operation, so I went back to NewSID.
I got it from Softpedia [http://www.softpedia.com/progDownload/NewSID-Download-41001.html], and boldly tried running it, but it knocked up the processor to 100% for several minutes, so I’ve had to kill it.
OK, I’ve also found sysprep way of changing SID. Running sysprep ended in: “Setup is starting Services” screen followed by message box “Windows could not finish configuring the system. To attempt resume configuration, restart the computer”. Safe mode? No luck.
So, I’ve crashed the machine so a clean start was required. In the meanwhile, I found the reason for NewSID endless loop here, so NewSID got another chance. On the clean machine, the registry entry mentioned there was not duplicated and NewSID rebooted in 2 minutes, straight into BSOD. Confirmed – others experienced that too – Server 2008 R2 specific issue.
Another clean start (new virtual server) and sysprep got the second chance. It rebooted into setup sequence as documented, and finally I have a clean machine with unique SID. Guess what – no more need to join/leave domain for config operations.
After manually configuring IIS to use .NET 4, Basic configuration went successfully, and after changing service account to a domain account I finally managed to give my domain user required permissions.
Firewall double check, and Visual Studio restarted, and web access works as well as source control.