Troubleshooting Team Foundation Server Proxy
This topic lists the following common issues that may occur when you use the Team Foundation Server proxy and the application-tier.
UnauthorizedAccessException when you try to access the file cache root
AccessDenied exception caused by Proxy Service Account Password Expiration
InvalidOperationException when you try to start QueryProxyStatistics webmethod
CryptographicException when you try to generate a new private key
If you cannot resolve a problem after reviewing these tips and those in the individual error message help topic, visit the Microsoft Technical Forums for Visual Studio Team System (https://go.microsoft.com/fwlink/?LinkId=54490). These forums provide searchable threads on a variety of troubleshooting topics and are monitored to provide quick responses to your questions.
UnauthorizedAccessException when you try to access the file cache root
If you try to access the CacheRoot folder, you might find the following (or similar) error message in the proxy server event log:
TF53010: An unexpected condition has occurred in a Team Foundation component.
The information contained here should be made available to your site administrative staff.
Technical Information (for the administrative staff):
Exception Message: Access to the path 'C:\Program Files\Microsoft Team Foundation 2005\Web Services\VersionControlProxy\Data\00000000-0000-0000-0000-000000000000\00' is denied. (type UnauthorizedAccessException)
Exception Stack Trace:
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, DirectorySecurity dirSecurity)
at System.IO.DirectoryInfo.Create(),
This error occurs when the proxy service account does not have the correct permissions to access the cache root folder. To correct this error, confirm that the Proxy Service account has both the Read and Write permissions set to Allow on the cache root folder.
AccessDenied exception caused by Proxy Service Account Password Expiration
If the password for the Proxy Service account has expired, and the proxy service tries to download a file from the application tier, the following error is returned:
Detailed Message: ErrorDownloadingFromAppTier
Exception Message: <html><head><title>Error</title></head><body>Error: Access is Denied.</body></html> (type ProxyException)
Exception Stack Trace:
at Microsoft.TeamFoundation.VersionControl.Server.Proxy.ProxyRepository.GetDownloadResponse(String downloadUrl)
at Microsoft.TeamFoundation.VersionControl.Server.Proxy.CacheMissDownloadStatus.StartDownload()
at Microsoft.TeamFoundation.VersionControl.Server.Proxy.CacheMissWriter.PerformDownload(Object stateInfo)
Error: Access is denied
To avoid this problem, use a script to notify you about expiring passwords. You should respond to those notifications by updating the service account password before the service is impacted. For an example of this kind of script, see the Microsoft Developer Network technical article (https://go.microsoft.com/fwlink/?LinkId=69960).
InvalidOperationException when you try to start QueryProxyStatistics webmethod
If you start the ProxyStatistics Web method, you might see the following (or similar) error message in the proxy server event log:
System.InvalidOperationException: Unable to generate a temporary class (result=1).
error CS2001: Source file 'C:\WINDOWS\TEMP\fxe6fkpm.0.cs' could not be found
error CS2008: No inputs specified
at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, CompilerParameters parameters, Evidence evidence)
at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, CompilerParameters parameters, Assembly assembly, Hashtable assemblies)
at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
at System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings, Evidence evidence)
at System.Web.Services.Protocols.XmlReturn.GetInitializers(LogicalMethodInfo[] methodInfos)
at System.Web.Services.Protocols.XmlReturnWriter.GetInitializers(LogicalMethodInfo[] methodInfos)
at System.Web.Services.Protocols.MimeFormatter.GetInitializers(Type type, LogicalMethodInfo[] methodInfos)
at System.Web.Services.Protocols.HttpServerType..ctor(Type type)
at System.Web.Services.Protocols.HttpServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
To correct this error, confirm that the Proxy Service account has the Read, Read & Execute, and List Folder Contents permissions set to Allow on the %WINDIR%\Temp folder.
CryptographicException when you try to generate a new private key
If the RSACryptoProvider cannot generate a new private key, you might see the following (or similar) CryptographicException in the proxy server event log:
Exception: CryptographicException
Message: Keyset does not exist
Stack Trace:
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.SafeProvHandle._FreeCSP(IntPtr pProvCtx)
at System.Security.Cryptography.SafeProvHandle.ReleaseHandle()
at System.Runtime.InteropServices.SafeHandle.InternalDispose()
at System.Runtime.InteropServices.SafeHandle.Dispose(Boolean disposing)
at System.Runtime.InteropServices.SafeHandle.Dispose()
at System.Security.Cryptography.RSACryptoServiceProvider.Dispose(Boolean disposing)
at System.Security.Cryptography.AsymmetricAlgorithm.System.IDisposable.Dispose()
at Microsoft.VisualStudio.Hatteras.Util.RequestSignatures.GenerateNewPrivateKey(Int32 keyLength)
at Microsoft.VisualStudio.VersionControl.Server.AdministrationManager.GenerateRepositoryKey(IPrincipal userPrincipal, Int32 keyLength)
at Microsoft.VisualStudio.Hatteras.Server.Global.Initialize()
at Microsoft.VisualStudio.TeamFoundation.Server.TeamFoundationApplication.InitializeInternal()
This error is caused when the RSACryptoProvider creates a key file but cannot delete the key file because of insufficient permissions.
Note
This problem occurs only on the application tier.
To correct this error, confirm that the Proxy Service account has the Full Control permission set to Allow on the RSA Machine Key folder in the Documents and Settings folder (for example, C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA).