TFS Connectivity: Login failed error while connecting to Team Foundation Server (TF30041: Team Foundation Server could not connect to the database)

  • Article

The second one for the day, this is from Romit:

Found an interesting issue where any of the user (apart from TfsSetup account and TfsService Account) were not able to connect to Team Foundation Server. After checking the Event Viewer found something really interesting.

Issue : Not able to connect to Team Foundation Server 2008 from any user. (Error TF30041: Team Foundation Server could not connect to the database)

From Event Viewer

========================================================

TF53010: The following error has occurred in a Team Foundation component or extension:

Date (UTC): 9/15/2009 3:01:41 PM

Machine: <ServerName>

Application Domain: /LM/W3SVC/507968418/ROOT/Services-1-128974238169229171

Assembly: Microsoft.TeamFoundation.Server, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727

Process Details:

Process Name: w3wp

Process Id: 4744

Thread Id: 6068

Account name: Domain\User Account

Detailed Message: TF30041: Team Foundation Server could not connect to the database. Contact your Team Foundation Server administrator.

Web Request Details

Url: https://<ServerName>:8080/Services/v1.0/ServerStatus.asmx [method: POST]

User Agent: Team Foundation (devenv.exe, 9.0.30729.1)

Headers: Content-Length=354&Content-Type=text%2fxml%3b+charset%3dutf-8&Accept-Encoding=gzip%2cgzip%2cgzip&Accept-Language=en-US&Authorization=NTLM+TlRMTVNTUAADAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAANcKI4gYAchcAAAAP2L7Wkh84tzCGvyf%2biUkycw%3d%3d&Expect=100-continue&Host=<servername>%3a8080&User-Agent=Team+Foundation+(devenv.exe%2c+9.0.30729.1)&X-TFS-Version=1.0.0.0&X-TFS-Session=10fbc724-5809-4158-937a-8c4bea05ba1f&SOAPAction=%22http%3a%2f%2fschemas.microsoft.com%2fTeamFoundation%2f2005%2f06%2fServices%2fServerStatus%2f03%2fCheckAuthentication%22

Path: /Services/v1.0/ServerStatus.asmx

Local Request: True

Host Address: 2002:3e5c:609::3e5c:609

User: Domain\User Account [authentication type: NTLM]

Exception Message: TF30041: Team Foundation Server could not connect to the database. Contact your Team Foundation Server administrator. (type DatabaseConnectionException)

Exception Stack Trace: at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex, QueryExecutionState queryState)

at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex)

at Microsoft.TeamFoundation.Server.SqlResourceComponent.HandleException(SqlException ex)

at Microsoft.TeamFoundation.Server.SqlResourceComponent.execute(ExecuteType executeType, CommandBehavior behavior)

at Microsoft.TeamFoundation.Server.SqlResourceComponent.ExecuteReader()

at Microsoft.TeamFoundation.Server.AuthorizationComponent.SecurityReadIsPermitted(String objectId, String actionId, String userSid)

at Microsoft.TeamFoundation.Server.AuthorizationStoreAccessor.IsPermitted(String objectId, String actionId, String userSid)

at Microsoft.TeamFoundation.Server.SecurityManager.CheckGlobalPermission(IPrincipal user, String actionId)

at Microsoft.TeamFoundation.Server.ServerStatus.CheckAuthentication()

Inner Exception Details:

Exception Message: Login failed for user ' Domain\User Account '. (type SqlException

====================================

Now if we see the Event Viewer error, it’s complaining that ‘Domain\User Account’ does not have permission to connect to database (Domain\User Account is the user who is trying to connect to Team Foundation Server).

User Accounts does not need permission in SQL to use Team Foundation Server or to connect to it using Visual Studio. Normally it’s our TfsService account which connect to SQL (as ‘Microsoft Team Foundation Server Application Pool’ is by default configured to run TfsService account).

Cause

Found out that in this particular case ’ASP.Net impersonation’ was enabled for Team Foundation Server web site and it was passing the user credential to SQL instead of TfsService Account’s . By default ASP.Net impersonation is set to disable in IIS but in this particular case it was enabled. (Make sure that ASP.Net impersonation is disabled in Default Web site and for SharePoint Central Administration Site also otherwise we would see similar behavior for them also.)

Resolution

To disable ASP.Net impersonation in IIS 7

IIS Manager | Select the Web Site | Authentication (under Feature View) and make sure it’s disabled

(if it’s enabled you can change the setting from edit option, under Actions)

To disable ASP.Net impersonation in IIS 6

Edit configuration file in the application root directory and set following

<impersonation enable="false"/>

For more on ASP.Net impersonation

https://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx

https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4ec9116c-7ca2-4126-9dc4-b7f82b67cd76.mspx?mfr=true

Content by: Romit

Reviewed by: Lucky