Earlier this morning I was upgrading some of my Team Foundation Server (TFS) project sites (many of which were originally created with TFS 2005) in order to showcase the new dashboard features in TFS 2010.
While doing so, I encountered the following error in the various Excel Web Parts used to render the dashboards:
An error occurred while accessing application id TFS from Secure Store Service. The following connections failed to refresh:
Looking at the event logs on the server, I found the following:
Source: Microsoft-SharePoint Products-Secure Store Service
Date: 5/13/2010 6:11:25 AM
Event ID: 7493
Task Category: Secure Store
Description: The Microsoft Secure Store Service application Secure Store Service failed to retrieve credentials. The error returned was 'Access is denied.'. For more information, see the Microsoft SharePoint Products and Technologies Software Development Kit (SDK).
I was initially perplexed by the "Access is denied" message since I was using my administrator account to reconfigure the TFS project sites.
Diving into the SharePoint ULS logs, I discovered the underlying problem:
05/13/2010 06:11:25.69 ... Secure Store Service ... ValidateCredentialClaims - Access Denied: Claims stored in the credentials did not match with the group claim for a group app. ...
05/13/2010 06:11:25.69 ... Secure Store Service ... The Microsoft Secure Store Service application Secure Store Service failed to retrieve credentials. The error returned was 'Access is denied.'. For more information, see the Microsoft SharePoint Products and Technologies Software Development Kit (SDK). ...
05/13/2010 06:11:25.69 ... Secure Store Service ... GetCredentials failed with the following exception: System.ServiceModel.FaultException`1[Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault]: Access is denied. (Fault Detail is equal to Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault). ...
It turns out my administrator account (TECHTOOLBOX\jjameson-admin) was not in the group (TECHTOOLBOX\All Developers) that I originally specified when configuring the credentials for the Secure Store target application for TFS. [The account that I normally use to access the TFS project sites (i.e. TECHTOOLBOX\jjameson) was in the group -- which explains why I hadn't seen the error before.]
After adding my administrator account to the group, the error no longer occurred and the dashboards rendered as expected.