Tips for Setting Up TFS with SSL

I recently made it through the process of enabling SSL on a TFS instance. Every component is communicating securely now including the build agent and SharePoint Central Administration. It wasn't easy, though. The MSDN walkthrough of the process is missing some steps. If you're having trouble configuring your environment to use HTTPS, check out the following tips and lessons learned.
  • If your certificates are issued used a fully-qualified domain name (FQDN), you must specify the secure URLs using the FQDNs.
  • As you go through the process, verify the individual components of TFS are functioning correctly using HTTPS both on the several AND externally. If Reporting Services isn't working, TFS doesn't have a chance. The walkthrough gets this out of order, having you reconfigure RS after reconfiguring the team projects and TFS connections. If something went wrong, now you're pointed to an RS instance that doesn't work. Get RS configured to require SSL and test it using the Report Manager web interface. The same goes for SharePoint. Make sure you can access any existing team sites via SSL as well as create standalone sites under the TFS site collection.
  • SharePoint will continue to redirect from secure communications to good ole vanilla HTTP unless Alternate Access Mappings have been created. These can be set up within SharePoint Central Administration. Just go to the Operations tab and click on Alternate Access Mappings under the Global Configuration section. Add internal Intranet URLs for the Default Web Site as well as the Central Administration site.

  • You'll need a separate certificate for each build machine. You cannot use the same certificate used on the application tier machine. A build machine can still support multiple secure build agents with one certificate, as well.
Hopefully, these tips will help you get your TFS environment running securely. If anyone has other lessons learned from their experience with setting up TFS over HTTPS, let me know and I'll update this post.

UPDATE: The TFS global support team has posted an entry on their blog with an updated walkthrough for setting up TFS for HTTPS / SSL. It's funny knowing that my experiences at a recent client precipitated this update.


Task Board for Team System Beta 3 Available

Conchango released a new beta of Task Board for Team System yesterday. If you're not a beta tester yet, you can register here.


Team Foundation Server Performance Tuning

Just yesterday I heard some people complaining about Visual Studio's start up time in relation to service packs being applied. Now this morning, along comes Martin Woodward with a most excellent post about a new feature in SP1 that should help alleviate that pain point in shops using Team Foundation Server 2008. Thanks, Martin!


SQL Server Version Reference

I had trouble recently finding a definitive listing of all the versions of SQL Server with their corresponding descriptions. The @@version function provides this information but for a comprehensive list check out the following links. I got them from my good buddy Paul Silvey. Thanks, Paul!


Team System Web Access Agile State Diagrams

Here are the Team System Web Access state diagrams for the MSF for Agile work item types. Enjoy!

Agile Bug States.png
Agile QoS States.png
Agile Risk States.png
Agile Scenario States.png
Agile Task States.png


Team System Web Access CMMI State Diagrams

I really love the state diagrams that Team System Web Access generates for the various work item types in the process template. They're kind of difficult to access without either viewing or creating a work item. To that end, I've saved off the images and uploaded them to my SkyDrive. I'm providing links to the pictures for my own use as well as the community's. Here are the diagrams for the MSF for CMMI work item types. Enjoy!

CMMI Bug States.png
CMMI Change Request States.png
CMMI Issue States.png
CMMI Requirement States.png
CMMI Review States.png
CMMI Risk States.png
CMMI Task States.png