Configure Settings for Dashboard Compatibility
To use a deployment of Microsoft Office SharePoint Server 2007 with your deployment of Visual Studio Team Foundation Server, you must configure it with the settings that Team Foundation Server requires. If you do not configure these settings, the reports and dashboards in team project portals might not have all the functionality that you expect or might not function correctly. To configure settings for compatibility with Team Foundation Server, you must perform the following tasks:
Ensure that certain services are running on the server that is running Microsoft Office SharePoint Server 2007
Configure Shared Services Administration
Create a shared service provider (SSP)
Configure the single sign-on service
Create an enterprise application definition for use with Team Foundation Server
You will need a thorough knowledge of your deployments of Team Foundation Server and Microsoft Office SharePoint Server 2007 to configure them successfully. Configuration requires administrative permissions on both Microsoft Office SharePoint Server 2007 and Team Foundation Server. You must also create or have access to a set of preconfigured accounts for use when you configure Microsoft Office SharePoint Server 2007. To better understand the permissions and accounts that you require, you should review the provided example before you perform the procedures in this topic.
Note
Certain services that are required for full integration with Team Foundation Server, such as Excel Services, are available only in Microsoft Office SharePoint Server 2007 Enterprise Edition.
In this topic
Required Permissions
Example Deployment
Create a Web Application
Configure Settings for Dashboard Compatibility
Configure Services Required by Team Foundation Server
Create a Shared Service Provider For Use with Team Foundation Server
Configure Single Sign-On
Add a Trusted File Location for Excel Services
Set the Access Model
Required Permissions
To perform this procedure, you must be a member of the following groups or have the following permissions:
a member of the Administrators security group on the server or servers that are running the administration console for Team Foundation
a member of the Farm Administrators group for the farm to which you are configuring a Web application and changing settings for SharePoint Products
In addition to these permissions, you might need to address the following requirements on a computer that is running Windows Server 2008:
To follow a command-line procedure, you might need to open an elevated Command Prompt by clicking Start, right-clicking Command Prompt, and clicking Run as Administrator.
To follow a procedure that requires Internet Explorer, you might need to start it as an administrator by clicking Start, clicking All Programs, right-clicking Internet Explorer, and then clicking Run as administrator.
To access SharePoint Central Administration, Report Manager, reports, or Web sites for SQL Server Reporting Services, you might need to add these sites to the list of trusted sites in Internet Explorer.
For more information, see the following topic on the Microsoft Web site: User Account Control.
Example Deployment
Configuring Microsoft Office SharePoint Server 2007 is a complex process that requires careful planning, especially as you determine which accounts to use as service accounts, administrative accounts, and group accounts. For more information, see the example provided in Interactions Between SharePoint Products and Team Foundation Server. You can also review the full list of required service accounts in Service Accounts and Dependencies in Team Foundation Server. The requirements are discussed in detail, both in the abstract and in an example deployment. You should review the information carefully to make sure that you understand the requirements and how they apply to your organization before you start the configuration.
Create a Web Application and Site Collection for Use with Team Foundation Server
If you do not already have a Web application and a site collection that are configured for use with Team Foundation Server, you must manually create them.
To create a Web application and site collection
Create a SharePoint Web application that uses port 80, uses NTLM for authentication, and has a unique name that also indicates the port number.
For more information about how to create a SharePoint Web application and a site collection for use with Team Foundation Server, see Create SharePoint Web Applications and Sites for Use with Team Foundation Server.
Create a site collection with a unique name on that Web application.
Configure Settings for Dashboard Compatibility
To set up Microsoft Office SharePoint Server 2007 to host team project portals for Team Foundation Server, the administrators for SharePoint Products and Team Foundation Server require certain information from each other.
For specific examples of this information exchange, see "Example Deployment of Team Foundation Server with Microsoft Office SharePoint Server 2007" in Interactions Between SharePoint Products and Team Foundation Server.
For more information about the service accounts that Team Foundation Server uses and with which it interacts, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" in Service Accounts and Dependencies in Team Foundation Server.
For more information from the documentation for SharePoint Products, see the following topic on the Microsoft Web site: Plan for administrative and service accounts.
Configure Services Required by Team Foundation Server in SharePoint Central Administration
Team Foundation Server requires certain services to run in Microsoft Office SharePoint Server 2007 for reports and dashboards to appear correctly in team project portals.
To configure services in Office SharePoint Server
On the server that is running Microsoft Office SharePoint Server 2007, open SharePoint Central Administration.
Click the Operations tab, and under Topology and Services, click Services on server.
In Select server role to display services you will need to start in the table below, click Single Server or Web Server for small server farms or Web server for medium server farms.
Note
For this procedure, both options are equally valid. The services are the same for both selections.
In Start services in the table below, find Excel Calculation Services, click Start, and then wait for the operation to complete.
In Start services in the table below, find Office SharePoint Server Search, and then click Start.
The Configure Office SharePoint Server Search Service Settings page opens.
In Query and Indexing, select the Use this server for indexing content and Use this server for serving search queries check boxes.
In Contact E-mail Address, type the address of an e-mail account to which external users should send mail about problems with this server.
In Farm Search Service Account, type the user name and password of a domain account to use as the Office SharePoint Server Search Service Account.
Leave the rest of the settings in their default configuration, click Start, and then wait for the operation to complete.
Note
The service account that you specify for Office SharePoint Server Search Service Account requires special permissions and has security implications. For this account, you should not specify the service account that you use for SharePoint Products or a system account, such as Network Services. For more information, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" in Service Accounts and Dependencies in Team Foundation Server.
In Start services in the table below, find Windows SharePoint Services Search, and then click Start.
The Configure Windows SharePoint Services Search Service Settings page opens.
In Service Account, type the user name and password of a domain account to use as the service account.
In Content Access Account, type the user name and password of an account to use as the read-only access account.
Leave the rest of the settings in their default configuration, click Start, and then wait for the operation to complete.
Note
The service accounts that you specify for Service Account and Content Access Account both require special permissions and have security implications. For more information, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" Service Accounts and Dependencies in Team Foundation Server.
Create a Shared Service Provider For Use with Team Foundation Server
After you enable the services that Team Foundation Server requires, you must create a shared service provider (SSP) for use with Team Foundation Server. You will also create a SharePoint Web application to support this SSP.
To create a shared service provider and the Web application that it will use
Click Home to display the main page for Central Administration, and then click Shared Services Administration.
On the Manage this Farm's Shared Services page, click New SSP.
The New Shared Services Provider page appears.
In SSP Name, either type a name for the new SSP, or accept the default name.
The default name is SharedServices followed immediately by a number (for example, SharedServices1).
Click Create a new Web application.
The Create New Web Application page appears.
In IIS Web site, click Create a new IIS Web site.
(Optional) In Description, change the value from the default value, SharePoint, to the name that you provided in the previous step (for example, SharedServices1).
Important
Do not change the port number or remove the port number reference from the description.
In Security Configuration, click NTLM, and then click Create a new application pool.
In Application Pool, configure the following options:
In Application pool name, ensure that the name matches the name in Description.
In the Select a security account for this application pool section, click Configurable, and then type the user name and password of the service account for SharePoint Products.
Leave the rest of the settings in their default configuration, and then click OK.
After the Web application is created, the New Shared Services Provider page appears with an error message in the title bar. This behavior is expected.
In SSP Name, in Web Application, verify that the name of the Web application that you just created for the SSP appears, and do not modify any of the default settings in this section.
In My Site Location, under My Site Location URL, in Relative URL, type a relative URL if a site already exists at /.
This URL is required only if a site already exists at /. Users typically specify /My but you can specify any name that does not use prohibited characters. For more information, see Naming Restrictions in Team Foundation.
In Enter the SSP Service Credentials, type the user name and password of a domain account that you want to use as the account for the service credentials.
Note
You must specify a domain user account, but it does not have to be a member of any particular security group. Specify a unique user account that does not have administrative permissions. Do not use the service account for Team Foundation (TFSService) or the data reader account (TFSReports) because they both require permissions that this account should not have. For more information, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" in Service Accounts and Dependencies in Team Foundation Server.
Leave the rest of the settings in their default configuration, click OK, and wait for the operation to complete.
Note
If a warning message appears about hosting the administration site for SSP and the root site on the same server, click OK.
On the Success page, click OK.
Configure Single Sign-On
To configure single sign-on, you must create an enterprise application definition. During the following procedure, you might need to log on with two sets of credentials. To successfully complete this procedure, the account with which you log on to the server that is running Microsoft Office SharePoint Server 2007 must meet the following requirements:
The account must be a domain user account. It cannot be a group account.
The account must be a member of the Farm Administrators group.
The account must be a member of the local Administrators group on the encryption-key server.
The account must be a member of the securityadmin and db_creator roles on the instance of SQL Server that will host the single sign-on database.
The account must be either the same account that is used as the Single Sign-On Administrator Account or a member of the group account that is used as the Single Sign-On Administrator Account.
To configure single sign-on
In SharePoint Central Administration, click the Operations tab.
Under Security Configuration, click Service accounts.
On the Service Accounts page, in the Credential Management section, click Windows service, and then click Single Sign-on Service from the list of services.
In the Select an account for this component section, click Configurable.
Type the user name and password of an account that you have configured to use as the sign-on account, and then click OK.
Note
The service account that you specify requires special permissions and has security implications. The account must have the permissions that are required to log on interactively on this server and must be a member of the Administrators group on the single sign-on server. For this account, you should not specify the service account that you use for SharePoint Products or a system account, such as Network Services. For more information, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" in Service Accounts and Dependencies in Team Foundation Server and the following topics on the Microsoft Web site: Plan for administrative and service accounts, Single Sign-On Service, and Start the Single Sign-On Service.
Click Start, click Administrative Tools, and then click Services.
In Services, right-click Microsoft Single Sign-On Service, and then click Properties.
On the General tab, in Startup type, click Automatic, click Start, and then click OK.
In SharePoint Central Administration, click the Operations tab.
Under Security Configuration, click Manage settings for single sign-on.
Note
To open this page, you might need to log on with the account and credentials that you configured in the previous step. In that case, you should switch users or start another session and log on to the server with that account. You should not log off your current user session. As an alternative, you can try the Sign In as a Different User function in SharePoint Central Administration, but that function might not work for this operation. To try to use this function, click Welcome UserName at the top of the window, click Sign In As A Different User, and then sign in with that account.
On the Manage Settings For Single Sign-On page, click Manage server settings.
The Manage Server Settings for Single Sign-On page appears.
In Single Sign-on Administrator Account, type the user name and password of an account that you have configured to use as the sign-on account.
Note
The service account that you specify requires special permissions and has security implications. The account must have the permissions that are required to log on interactively on this server and must be a member of the Administrators group on the single sign-on server. For this account, you should not specify the service account that you use for SharePoint Products or a system account, such as Network Services. For more information, see "Service Account Interaction Between Team Foundation Server and Microsoft Office SharePoint Server 2007" in Service Accounts and Dependencies in Team Foundation Server and the following topics on the Microsoft Web site: Plan for administrative and service accounts, Single Sign-On Service, and Start the Single Sign-On Service.
In Enterprise Application Definition Administrator Account, type the user name of the person or group of people whom you want to assign as the manager or managers of enterprise application definitions on this server.
You should consider creating and using a group that you will use for all members of the Team Foundation Administrators group.
Leave the rest of the settings in their default configuration, and then click OK.
On the Manage Settings For Single Sign-On page, click Manage encryption key.
On the Manage Encryption Key page, click Create Encryption Key.
On the Create Encryption Key page, click OK.
Important
Make sure that you back up the encryption key to a secure location.
Return to the Manage Settings For Single Sign-On page.
Note
If you signed into SharePoint Central Administration with a different user account to change the settings for Single Sign-On, you should change your session back to one that you are running with your own account. After you make this change, the top two options disappear from the Manage settings for Single Sign-On page.
Click Manage settings for the enterprise application definitions.
On the Manage Settings for the Enterprise Application Definitions page, click New Item.
The Create an Enterprise Application Definition page appears.
(Optional) In Application and Contact Information, in both Display name and Application name, type TFS.
This step is not required, but it can be useful for convenience in later identification.
In E-mail address, type the e-mail address of the person or group whom you want to receive e-mail messages about this application.
In Account type, click Group.
In Authentication type, click Windows Authentication, and then click OK.
Return to the Manage Settings For Single Sign-On page, and then click Manage account information for enterprise application definitions.
The Manage Account Information for Enterprise Application Definitions page appears.
In the Account information section, in the Enterprise account definition list, click the name of the enterprise account definition that you created to support Team Foundation Server.
If you followed the suggested naming convention, the name will be TFS.
In Group account name, type the name of a global security group in the domain that contains all the users to whom you want to grant access to dashboards and reports in Team Foundation Server, and then click Set.
In Provide Server Account Information, type the name and password for the report reader account (referred to with the placeholder TFSReports), and then click OK.
On the Manage Account Information for Enterprise Application Definitions page, click Done.
Add a Trusted File Location for Excel Services
For reports to operate correctly, you must also configure the Web application that you created for Team Foundation Server to use as a trusted file location for Excel Services.
To add a trusted file location
In SharePoint Central Administration, click Home to return to the home page for SharePoint Central Administration.
Under Shared Services Administration, click the name of the shared service provider that you created.
If you followed the suggested naming convention, this application will be called SharedServices1.
The home page for administering the Web application opens.
Under Excel Services Settings, click Trusted file locations.
On the Trusted File Locations page, click Add trusted file location.
The Excel Services Add Trusted File Location page appears.
In Address, type the URL of the root site of the Web application that you will use with Team Foundation Server.
You should specify the Web application that you created in the Create a Web Application section.
In Location Type, click Windows SharePoint Services.
In Trust Children, select the Children trusted check box.
In the External Data section, under Allow External Data, click Trusted data connection libraries and embedded.
(Optional) Clear the Refresh Warning Enabled check box.
In Maximum Concurrent Queries Per Session, change the number to 20, make sure that the Refresh warning enabled check box is not selected, and then click OK.
Note
On servers that are running SharePoint Products on Windows Server 2008 or Windows Server 2008 R2, you must also enable the Desktop Feature Experience feature before Microsoft Office applications will interoperate correctly with Team Foundation Server. For more information, see Desktop Experience Overview.
Set the Access Model
After you configure all the settings and services that Team Foundation Server requires, you must configure the access model for the Web application for single sign-on for delegation. If you do not configure the access model, Team Foundation Server and the Web application cannot interoperate.
To set the access model
On the server that is running SharePoint Central Administration, open a command prompt.
Change directories to %programfiles%\Common Files\Microsoft Shared\Web Server Extensions\12\bin and type the following command:
stsadm -o set-ecssecurity -ssp SharedServiceProviderName -accessmodel delegation
SharedServiceWebApplicationName is the name of the shared service provider that you created. If you followed the suggested naming convention, this name is SharedServices1.
At the command prompt, type iisreset to restart IIS.
See Also
Tasks
Add Integration with SharePoint Products to a Deployment of Team Foundation Server
Integrate Team Foundation Server with SharePoint Products Without Administrative Permissions
Concepts
Interactions Between SharePoint Products and Team Foundation Server
Extensions for SharePoint Products
The Team Foundation Administration Console
Team Foundation Server Architecture