Make and Mend Day – Installation, Configuration and Celebration

I recently upgraded my Toshiba Tecra A7 to the RTM versions of Vista and Office 2007, and have been going through my list of things to install on a new machine to check that I haven't missed anything. In addition, I've been meaning to enable access to my TFS box via the internet for some time now, so here's my ToDo list and comments thereon:

Install VSTS on the Vista Box

Just shoved MSDN DVD 3075 into the drive and away it went. I did get a compatibility warning saying that VS2005 couldn't be installed on Vista, but I clicked Run Anyway because I'm going to install SP1 in the next step.

By the way, I already had Visual Web Developer 2005 Express Edition, Visual Basic 2005 Express Edition, Visual C# 2005 Express Edition, SQL Server 2005 Express Edition and SQL Server 2005 Developer Edition installed on this box. This morning when I got to the machine, I was notified of a new update available - SQL 2005 SP1, so that just happened in the background. I love Microsoft Update!

I also installed Team Explorer from my MSDN DVD 3538 (but after the SP1 install below, so I re-installed SP1 as well)

Install VS2005 SP1 Beta on the Vista box

I had already grabbed the beta from the connect site, so I went ahead and installed it. No dramas (although I did need a reboot because I had a bunch of things open while the install was running). Note that the beta's now closed (that is no more bug reports are being taken that will be included in this SP), but you can still download the beta.

Install VSTO SE on the Vista box

Grabbed this from the Microsoft download site.

Install VS2005 SP1 Beta on the TFS Box

When I checked this, it turns out I'd already done it, so a big check in that box first up. Nice way to start.

Enable internet access to the TFS box

I run a Small Business Server network at home (behind an ISA Server 2004, which is part of the Premium Edition of SBS R2), and the TFS box is a member server. I want to be able to access the server from outside the firewall, so I'm going to need to publish the site using ISA and I'm also going to need to issue a certificate from the SBS box that matches the domain name I'm going to use coming in.

I set up a static host entry on to point to my static IP address on my ADSL 2+ modem (which one of the NICs on my ISA machine plugs into). The entry has the wildcard flag set, which means that while the main entry is of the form <myname>, I can use a fqdn in the form tfs.<myname> and it will get resolved to the correct address, and I can use the additional name at this end to reroute the traffic correctly.

Next, I followed the steps in Walkthrough: Setting up Team Foundation Server with Secure Sockets Layer (SSL) and an ISAPI Filter on the VSTSUE blog. NB, when I was following the steps in the section entitled "Issuing a Certificate Request and Creating a Binary Certificate File", I came across a couple of anomalies:

  • Firstly, when I opened the Certification Authority MSC (which, btw, was on the SBS box, not on the TFS box), I was prompted to upgrade to the 2003 version, which I did.
  • Next, Rather than take the default (unqualified) common name in creating the request
  • Finally, when I tried to submit the request file as per step 3 of that section, I got an error:
    Certificate Request Processor
    The request contains no certificate template information. 0x80094801 (-2146875391)
    Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.
  • I tried submitting an immediate request to the certificate authority (rather than delaying the request and submitting via a request file as specified). This appeared to work, but there was no certificate installed. Looking in the Failed Requests node of the Certification Authority MSC, I found the rejection (as well as the rejection from the attempt above):
    Request Status Code:
    The requested certificate template is not supported by this CA. 0x80094800 (-2146875392) 
    Request Disposition Message:
    Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy: WebServer

There were a couple of vaguely relevant hits on, but the best hint was the error message itself. Right-clicking on the Certificate Templates node in the Certification Authority MSC and choosing Manage opened a list of the templates installed on the box, but in doing so, it reported that there were templates that needed to be imported. Doing so enabled the request and issuing of a certificate, so off we go again.

Configured the ISA server to pass traffic addressed to tfs.<myname> through to the TFS box.

I've got no separate build or proxy servers, so there's no need to install certificates there.

Time for a reboot and testing ...

This post took some time to write, so at infrequent and irregular intervals during the day, I clicked the Insert Currently Listening... button in Windows Live Writer (btw, Frank's got a good list of pluggins for Windows Live Writer here)

Currently Listening To "Les Adieux" Klaviersonate Nr.26 Es-dur Op.81a : Das Wiedersehn. Vivacissimamente from Beethoven-Sonaten by Emil Gilels

Currently Listening To PC5 in E-flat, Op.73: 1. Allegro from Beethoven 5 Piano Concertos by Vladimir Ashkenazy/CleveSym

Currently Listening To Holst: Duet for trombone and organ from art of the trombone,the by Alain Trudel

Currently Listening To Alexandre Guilmant: Chorale (Kirchenordnung Braunschweig) from the art of the trombone by Patrick Wedd

Currently Listening To the 1st Ashes Test

Currently Listening To Piano Concerto No.1 in C major: Allegro con brio from Beethoven - Piano Concertos 1-2 by Vladimir Ashkenazy & The Clevela

Comments (2)
  1. Mike James says:

    Got my hopes up there for a moment, but they went down in flames the next second – you have to reside in Oz to hear the Ashes broadcast :(( <g>

Comments are closed.

Skip to main content