TFS Connectivity: Login failed error while connecting to Team Foundation Server (TF30041: Team Foundation Server could not connect to the database)


The second one for the day, this is from Romit:


Found an interesting issue where any of the user (apart from TfsSetup account and TfsService Account) were not able to connect to Team Foundation Server. After checking the Event Viewer found something really interesting.


Issue : Not able to connect to Team Foundation Server 2008 from any user. (Error TF30041: Team Foundation Server could not connect to the database)


From Event Viewer


========================================================


TF53010: The following error has occurred in a Team Foundation component or extension:


Date (UTC): 9/15/2009 3:01:41 PM


Machine: <ServerName>


Application Domain: /LM/W3SVC/507968418/ROOT/Services-1-128974238169229171


Assembly: Microsoft.TeamFoundation.Server, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a; v2.0.50727


Process Details:


  Process Name: w3wp


  Process Id: 4744


  Thread Id: 6068


  Account name: Domain\User Account


Detailed Message: TF30041: Team Foundation Server could not connect to the database.  Contact your Team Foundation Server administrator.


Web Request Details


    Url: http://<ServerName>:8080/Services/v1.0/ServerStatus.asmx [method: POST]


    User Agent: Team Foundation (devenv.exe, 9.0.30729.1)


    Headers: Content-Length=354&Content-Type=text%2fxml%3b+charset%3dutf-8&Accept-Encoding=gzip%2cgzip%2cgzip&Accept-Language=en-US&Authorization=NTLM+TlRMTVNTUAADAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAANcKI4gYAchcAAAAP2L7Wkh84tzCGvyf%2biUkycw%3d%3d&Expect=100-continue&Host=<servername>%3a8080&User-Agent=Team+Foundation+(devenv.exe%2c+9.0.30729.1)&X-TFS-Version=1.0.0.0&X-TFS-Session=10fbc724-5809-4158-937a-8c4bea05ba1f&SOAPAction=%22http%3a%2f%2fschemas.microsoft.com%2fTeamFoundation%2f2005%2f06%2fServices%2fServerStatus%2f03%2fCheckAuthentication%22


    Path: /Services/v1.0/ServerStatus.asmx


    Local Request: True


    Host Address: 2002:3e5c:609::3e5c:609


    User: Domain\User Account [authentication type: NTLM]


 


Exception Message: TF30041: Team Foundation Server could not connect to the database.  Contact your Team Foundation Server administrator. (type DatabaseConnectionException)


 


Exception Stack Trace:    at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex, QueryExecutionState queryState)


   at Microsoft.TeamFoundation.Server.SqlResourceComponent.MapException(SqlException ex)


   at Microsoft.TeamFoundation.Server.SqlResourceComponent.HandleException(SqlException ex)


   at Microsoft.TeamFoundation.Server.SqlResourceComponent.execute(ExecuteType executeType, CommandBehavior behavior)


   at Microsoft.TeamFoundation.Server.SqlResourceComponent.ExecuteReader()


   at Microsoft.TeamFoundation.Server.AuthorizationComponent.SecurityReadIsPermitted(String objectId, String actionId, String userSid)


   at Microsoft.TeamFoundation.Server.AuthorizationStoreAccessor.IsPermitted(String objectId, String actionId, String userSid)


   at Microsoft.TeamFoundation.Server.SecurityManager.CheckGlobalPermission(IPrincipal user, String actionId)


   at Microsoft.TeamFoundation.Server.ServerStatus.CheckAuthentication()


Inner Exception Details:


Exception Message: Login failed for user ‘ Domain\User Account ‘. (type SqlException


====================================


Now if we see the Event Viewer error, it’s complaining that ‘Domain\User Account’ does not have permission to connect to database (Domain\User Account is the user who is trying to connect to Team Foundation Server).


User Accounts does not need permission in SQL to use Team Foundation Server or to connect to it using Visual Studio.  Normally it’s our TfsService account which connect to SQL (as ‘Microsoft  Team Foundation Server Application Pool’ is by default configured to run TfsService account).


Cause


Found out that in this particular case ’ASP.Net impersonation’ was enabled for Team Foundation Server web site and it was passing the user credential to SQL instead of TfsService Account’s . By default ASP.Net impersonation is set to disable in IIS but in this particular case it was enabled. (Make sure that ASP.Net impersonation is disabled in Default Web site and for SharePoint Central Administration Site also otherwise we would see similar behavior for  them also.)


Resolution


To disable ASP.Net impersonation in IIS 7


IIS Manager  | Select the Web Site | Authentication (under Feature View) and make sure it’s disabled


(if it’s enabled you can change the setting from edit option, under Actions)


To disable ASP.Net impersonation in IIS 6


Edit configuration file in the application root directory and set following


<impersonation enable=”false”/>


 


For more on ASP.Net impersonation


http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx


http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4ec9116c-7ca2-4126-9dc4-b7f82b67cd76.mspx?mfr=true 


Content by: Romit


Reviewed by: Lucky


 


 


Comments (0)