This documentation is archived and is not being maintained.

A web.config file for the application-tier server is not configured correctly

Visual Studio 2010

The information in this article applies to:

  • Visual Studio Team Foundation Server 2010

  • Windows Server 2003 and Windows Server 2008 

  • SQL Server 2008

  • Application-tier server

  • Team Foundation Server Complete Health Check

  • Team Foundation Server Framework Health Check

The Best Practices Analyzer tool for Team Foundation Server checks the information in the web.config file for the application-tier server.

An error appears if any of the following conditions is true:

  • Incorrect application ID

    The value of the application ID in the web.config file must match the value that is defined in the registry.

  • Incorrect data source in the web.config file

    The value of the data source in the web.config file must match the value that is defined in the registry.

  • Incorrect database name in the web.config file

    The value of the database name in the web.config file must match the value that is defined in the registry.

  • Trust Level is not set to Full

    The Trust level must be set to Full in the web.config file.

  • Web.config does not contain the system.directoryservices reference

  • Web.config does not contain the system.directoryservices section in configSections

  • The web.config file for Team Web Access has the validateRequest attribute set to true

    The performance of your deployment may decrease if this attribute is enabled.

  • The web.config file for Web Services has .Net tracing enabled

  • The web.config file for Team Web Access has .Net tracing enabled

    The TfsJobAgent.exe.config file for the Team Foundation Job Agent service has .Net tracing enabled

    The performance of your deployment may decrease if .NET tracing is enabled.

To resolve the issues in the previous list, add the missing information, or correct the entries in the named configuration file.

Required Permissions

To perform these procedures, you must be a member of the Administrators security group on the application-tier server for Team Foundation.

To correct the named configuration file

  1. Log on to the application-tier server, and openWindows Explorer.

  2. Locate the directory path that contains the named configuration XML file, and open the file in a text editor.

    The default location for these files is Drive:\Program Files\Microsoft Team Foundation Server 2010\Application Tier\. For 64-bit machines, the default location is Drive:\Program Files (x86)\Microsoft Team Foundation Server 2010\Application Tier\. Open one of the following folders based on the message that appeared:

    • TFSJobAgent

    • Web Access

    • Web Services

    NoteNote

    Even if you are logged on with administrative credentials, you must open Notepad as an administrator to perform this function on a server that is running Windows Server 2008. To open Notepad as an administrator, click Start, right-click Command Prompt, and click Run as administrator. For more information, see the following page on the Microsoft Web site: User Account Control.

  3. Perform one of the following actions based on the message that appeared:

    • To correct the applicationID, data source, or database name (Initial Catalog), locate the appSettings section, and change the values based on the information in the error message:

      <appSettings>
         <add key="applicationDatabase" value="Data Source=DataTierServer;Initial Catalog=TFSConfiguration;Integrated Security=True;" />
      …
         <add key="applicationId" value="ApplicationID" />
          </appSettings>
      
    • If system.directoryservices or the value for the reference type is missing, locate the configSections section, and add or correct it to match the following text:

      <configSections>
          <section name="system.directoryservices" type="System.DirectoryServices.SearchWaitHandler, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </configSections>
      
    • To correct the trust level, locate the GLOBALIZATION section, and change the value to Full:

      <trust level="Full" originUrl="" />
      
    • To disable validation of requests, locate the For Integrated Windows Authentication section, and then change the value to false as the following example shows:

      <!-- For Integrated Windows Authentication, enable Identity Impersonation -->
         <identity impersonate="true"/>
         <httpRuntime executionTimeout="300"/>
         <pages validateRequest="false" enableEventValidation="false" enableSessionState="false">
            <controls>
         . . .
         </pages>
      
    • To disable .NET tracing for application services, locate the appSettings section, and then change the value to false for traceWriter as the following example shows:

      <appSettings>
         <add key="applicationDatabase" value="Data Source=MSL-2791111-VM3;Initial Catalog=Tfs_Configuration;Integrated Security=True;" />
         <add key="WorkItemTrackingCacheRoot" value="D:\Windows\Temp\TFTemp" />
         <add key="traceWriter" value="false" />
         <add key="traceDirectoryName" value="%TEMP%\\TFLogFiles" />
         <add key="applicationId" value="c344e958-6188-4521-b5dc-bcac775562cd" />
      </appSettings>
      
    • To disable .NET tracing for Team Web Access or the TFSJobAgent, locate the system.diagnostics section, and then comment the listeners sections. The following example shows tracing disabled for the TFSJobAgent:

      <system.diagnostics>
         <trace autoflush="false" indentsize="4">
         <!--To enable tracing to file, simply uncomment listeners section and set trace switch(es) below.
                Directory specified for TextWriterTraceListener output must exist, and job agent service account must have write permissions. -->
         <!--<listeners>
            <add name="myListener" 
            type="System.Diagnostics.TextWriterTraceListener" 
                initializeData="C:\Replace_Me_With_A_Directory_The_Service_Account_Can_Write_To\jobagent.log" />
            <remove name="Default" />
         </listeners>-->>
         . . .
      </system.diagnostics>
      
  4. Save and close the file.

The tool logs the information that it gathers in the tree report under the Config File Contents node. You can locate this node by expanding Team Foundation Server Complete Health Check, expanding Team Foundation Server, expanding Team Foundation Server Application Tiers, expanding Team Foundation Server AT, expanding Web Sites, expanding Team Foundation Server, and then expanding LM/W3Svc/8080/ROOT/tfs.

Show: