{"id":2503,"date":"2007-03-31T11:00:00","date_gmt":"2007-03-31T11:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/buckh\/2007\/03\/31\/configuring-team-foundation-server-to-use-fully-qualified-domain-names\/"},"modified":"2007-03-31T11:00:00","modified_gmt":"2007-03-31T11:00:00","slug":"configuring-team-foundation-server-to-use-fully-qualified-domain-names","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/buckh\/configuring-team-foundation-server-to-use-fully-qualified-domain-names\/","title":{"rendered":"Configuring Team Foundation Server to use fully-qualified domain names"},"content":{"rendered":"<p>This week the following question came up.&nbsp; I&#8217;ve seen this come up before, and there are probably <a class=\"\" href=\"http:\/\/forums.microsoft.com\/MSDN\/ShowForum.aspx?ForumID=477&amp;SiteID=1\">forum<\/a> threads on it, but I figured I&#8217;d post it here.&nbsp; Bill Essary provided the answer to the question.&nbsp; As always, keep notes on what you do so that you can undo it if necessary.<\/p>\n<p><strong>Question<\/strong><\/p>\n<blockquote><p>  Is there a way to configure TFS to use fully-qualified domain names (FQDN, e.g., tfsserver.mycompany.com) for TFS, WSS, and Reporting Services?<\/p>\n<\/blockquote>\n<p><strong>Answer<\/strong><\/p>\n<blockquote><p>  1) Run &#8220;tfsadminutil <a class=\"\" href=\"http:\/\/msdn2.microsoft.com\/en-us\/library\/ms252460(VS.80).aspx\">activateat<\/a> &lt;FullyQualifiedDomainName&gt;&#8221;<\/p>\n<p>2) Update the&nbsp;following registry&nbsp;key with the FQDN: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VisualStudio\\8.0\\TeamFoundation\\ReportServer   <\/p>\n<p>3) To force FQDN references in e-mail notifications, set TFSUrlPublic in the&nbsp;<a class=\"\" href=\"http:\/\/msdn2.microsoft.com\/en-us\/library\/ms400778(VS.80).aspx\">TFS root web.config file<\/a> to http:\/\/&lt;FQDN&gt;:8080.   <\/p>\n<p>There are a handful of other places where the TFS URL is stored, but they typically wouldn&#8217;t matter if the goal is to ensure that all public access to the server is done via FQDN.&nbsp; The ones that are missed govern communication local to the TFS AT (ex: TFS scheduler prodding TFS warehouse).&nbsp; If you want to get them all, use the <a href=\"http:\/\/msdn2.microsoft.com\/en-us\/library\/aa395285(VS.80).aspx\">SSL-only configuration topic for TFS<\/a> as a guide.<\/p>\n<p>4) Add the domain to the Intranet Zone or Trusted Sites list in IE for all clients (see <a class=\"\" href=\"http:\/\/support.microsoft.com\/kb\/303650\/\">KB 303650<\/a>)<\/p>\n<\/blockquote>\n<p>If you are&nbsp;using TFS 2008 with SharePoint&nbsp;3.0 (or Microsoft Office SharePoint Services 2007), you will need to do the following as well.<\/p>\n<blockquote><p>  After&nbsp;following the steps above&nbsp;with TFS2008 + WSS 3.0 you will observe that when you try to access the team portal using http:\/\/FQDN\/sites\/TeamProjectName you will be automatically redirected to http:\/\/NETBIOSNAME\/sites\/TeamProjectName.&nbsp;<\/p>\n<p>This behavior is by design and is caused by alternate access mapping. In order to avoid this you will have to create a custom alternate access mapping which has the FQDN as the internal URL and as the public URL.<\/p>\n<ol>\n<li>Open WSS3.0 Central Administration<\/li>\n<li>Click on Operations tab<\/li>\n<li>Click on Alternate access mapping<\/li>\n<li>Click the Add Internal URLs button<\/li>\n<li>In the dropdown select the default website (port 80)<\/li>\n<li>Enter the FQDN in the textbox<\/li>\n<li>Set the Zone to Custom<\/li>\n<\/ol>\n<\/blockquote>\n<p><strong>Additional&nbsp;step&nbsp;required when .NET 3.5 SP1 is&nbsp;installed<\/strong>&nbsp;<\/p>\n<p>If you have Service Pack 1 for .NET 3.5 installed on your 2008 server (and if you do, make sure you also have SP1 for TFS 2008 installed), you will need to make an additional change.&nbsp; <a class=\"\" href=\"http:\/\/support.microsoft.com\/kb\/926642\">KB 926642<\/a> describes what you will need to do.&nbsp; The registry change is probably the simplest approach, but you will need to decide which approach is best for you based on the security tradeoffs.<\/p>\n<p>The need for this setting is due to the fact that .NET 3.5 SP1 includes changes to support Windows&#8217; features to defeat reflection attacks.&nbsp; Unfortunately, that causes problems with the way FQDN support works in TFS.&nbsp; You can find additional background on the Windows&#8217; security settings at <a class=\"\" href=\"http:\/\/blogs.msdn.com\/drnick\/archive\/2008\/03\/24\/getting-caught-by-loopback.aspx\">Getting Caught by Loopback<\/a>.&nbsp; You can also read about the impact on SQL Reporting Services at <a class=\"\" href=\"http:\/\/blogs.msdn.com\/lukaszp\/archive\/2008\/07\/18\/reporting-services-http-401-unauthorized-host-headers-require-your-attention.aspx\">Reporting Services HTTP 401 (Unauthorized) &#8211; Host Headers require your attention<\/a>.<\/p>\n<p><strong>[UPDATE February 27, 2008] <\/strong>Ladislau Szomoru provided additional steps required when making this change with TFS 2008 and SharePoint 3.0.<\/p>\n<p><strong>[UPDATE October 17, 2008] <\/strong>I&#8217;ve added information about handling the new security checks enabled by .NET 3.5 SP1 that will prevent FQDN from working without taking additional steps.<\/p>\n<p>tags: <a href=\"http:\/\/technorati.com\/tag\/tfs\" rel=\"tag\">tfs<\/a>, <a href=\"http:\/\/technorati.com\/tag\/team+foundation\" rel=\"tag\">team foundation<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This week the following question came up.&nbsp; I&#8217;ve seen this come up before, and there are probably forum threads on it, but I figured I&#8217;d post it here.&nbsp; Bill Essary provided the answer to the question.&nbsp; As always, keep notes on what you do so that you can undo it if necessary. Question Is there [&hellip;]<\/p>\n","protected":false},"author":94,"featured_media":10268,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[8],"class_list":["post-2503","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-team-foundation"],"acf":[],"blog_post_summary":"<p>This week the following question came up.&nbsp; I&#8217;ve seen this come up before, and there are probably forum threads on it, but I figured I&#8217;d post it here.&nbsp; Bill Essary provided the answer to the question.&nbsp; As always, keep notes on what you do so that you can undo it if necessary. Question Is there [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/posts\/2503","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/comments?post=2503"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/posts\/2503\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/media\/10268"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/media?parent=2503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/categories?post=2503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/buckh\/wp-json\/wp\/v2\/tags?post=2503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}