The restriction settings for IP addresses and domain names contain non-default values

  • Article

The information in this article applies to:

  • Visual Studio Team Foundation Server 2010

  • Windows Server 2003 and Windows Server 2008 

  • SQL Server 2008

  • Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007

  • Servers that host the application tier, Team Foundation Server Proxy, and SharePoint Products

  • Team Foundation Server Complete Health Check

  • Team Foundation Server Framework Health Check

The Best Practices Analyzer tool for Team Foundation Server queries Windows Management Instrumentation (WMI) classes to determine whether access to a Web site for Team Foundation is being restricted based on IP address or domain name. The tool checks the GrantByDefault, DomainDeny, DomainGrant, IPDeny and IPGrant properties of each virtual directory for these Web sites: Default Web Site, SharePoint Central Administration Service v3, Team Foundation Server, and Team Foundation Server Proxy. The following table summarizes the default values for these properties.   

Property

Default Value

Description

GrantByDefault

TRUE

Defines whether access is granted by default. If this property is set to TRUE, you can use IPDeny and DomainDeny to deny access by specific IP addresses and domains. If this property is set to FALSE, you can use IPGrant and DomainGrant to grant access by specific IP addresses and domains.

DomainDeny

none

Defines a list of domains to be explicitly denied access. No domains should be denied access because users in them will not be able to access Team Foundation Server.

DomainGrant

none

Defines domains that are explicitly granted access. This property is relevant only if GrantByDefault is set to FALSE.

IPDeny

none

Defines IP addresses that are explicitly denied access. No IP addresses should be denied access because users will not be able to access Team Foundation Server from them.

IPGrant

none

Defines IP addresses that are explicitly granted access. This property is relevant only if GrantByDefault is set to FALSE.

An error appears if access is denied based on an IP address or a domain name. If any of these properties is not set to a default value, users might experience connectivity problems to Team Foundation applications.

Note

By default, Team Foundation Server is configured to grant all computers access to all Web sites for Team Foundation. Before you revert any non-default settings, you should investigate why the settings were changed. Many organizations deny access to match their infrastructure requirements or security policies.

To resolve this issue, you must open Internet Information Services (IIS) Manager on the application-tier server and remove the IP address and domain name restrictions for each reported Web site.

Required Permissions

To perform this procedure, you must be a member of the Administrators security group on the server to which the error message refers.

To remove IP address and domain name restrictions from a Web site in IIS 6.0

  1. Log on to the server to which the error message refers.

  2. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  3. In the tree pane, expand the local computer, and expand Web Sites.

  4. Right-click the Web site that the error reports (for example, Team Foundation Server), and click Properties.

  5. On the Directory Security tab, under IP address and domain name restrictions, click Edit.

  6. Verify that Granted Access is clicked.

  7. Clear any unwanted restrictions.

  8. Click OK, click Apply, and then click OK.

To remove IP address and domain name restrictions from a Web site in IIS 7.0

  1. Log on to the server to which the error message refers.

  2. Click Start, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as administrator.

  3. In the Connections pane, expand the local computer, and expand Sites.

  4. Click the Web site that the error reports (for example, Team Foundation Server).

  5. In the Web site Home area, double-click IPV4 IP Address and Domain Restrictions.

  6. Click an IP address or domain in the list, and then click Remove. Click Yes to verify that you want to remove the restriction.

    Repeat this step for each IP address or domain restriction that you want to remove.

See Also

Other Resources

Issues That Relate to the Application Tier for Team Foundation