TFS30063: You are not authorized to access http://localhost:8080/tfs/Internal

May 27, 2014 at 2:33 PM
I've been trying to get the plugin to work and seem to be getting cut off at the knees with troubles before I can even get into the more complicated stuff. I created a windows user for which the plugin would use. I added this user into the Collection Administrator group, and confirmed that logging into the web portal with this user's credentials gives me full access to the web portal and all our work items. However, when I edit a work item as myself and then monitor the trace logs I notice the aggregation doesn't occur and a "You are not authorized" error is registered (shown below). I cannot figure out why/how I am getting an unauth response.

AggregatorItems.xml
<?xml version="1.0" encoding="utf-8"?>
<AggregatorItems tfsServerUrl="http://localhost:8080/tfs/Internal" username="localserver\TFSAGGREGATOR" password="xxxx" loggingVerbosity="Diagnostic">
<!--Add the time from the task up to the parent (User Story or Request)--> <AggregatorItem name="Task to Parent Sum" operation="Sum" linkType="Parent" linkLevel="1" workItemType="Task">
<TargetItem name="Original Estimate"/>
<SourceItem name="Original Estimate"/>
</AggregatorItem>
<!--Add the time from the user story up to the parent (Request)--> <AggregatorItem name="Story to Parent Sum" operation="Sum" linkType="Parent" linkLevel="1" workItemType="User Story">
<TargetItem name="Original Estimate"/>
<SourceItem name="Original Estimate"/>
</AggregatorItem>

</AggregatorItems>

DebugView:

[3380] TFSAggregator: Exception encountered processing Work Item [3012]: TF30063: You are not authorized to access http://localhost:8080/tfs/Internal.
[3380] TFSAggregator: Stack Trace: at Microsoft.TeamFoundation.Client.Channels.TfsHttpWebRequest.SendRequest()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.Channels.TfsHttpRequestChannel.Request(TfsMessage message, TimeSpan timeout)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.Channels.TfsHttpClientBase.Invoke(TfsClientOperation operation, Object[] parameters, TimeSpan timeout, Object[]& outputs)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.RegistrationProxy.GetRegistrationEntries(String toolId)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.RegistrationService.GetInstanceId()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.RegistrationService.get_InstanceClientCacheDirectory()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.RegistrationService..ctor(TfsTeamProjectCollection tfsObject)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsTeamProjectCollection.CreateServiceProxy(Type serviceType)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.GetService(Type serviceType)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.FindServiceLocation(String serviceType, String toolId)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Framework.Client.PreFrameworkServerDataProvider.LocationForCurrentConnection(String serviceType, Guid serviceIdentifier)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.EnsureProviderConnected()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.CreateInternalProxy(Type serviceType)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.GetServiceInstance(Type serviceType, Object serviceInstance)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.GetService(Type serviceType)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.GetServiceT
[3380] TFSAggregator: at Microsoft.TeamFoundation.WorkItemTracking.Client.WorkItemStore.InitializeInternal()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsTeamProjectCollection.InitializeTeamFoundationObject(String fullName, Object instance)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.CreateServiceInstance(Assembly assembly, String fullName)
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.TfsConnection.GetService(Type serviceType)
[3380] TFSAggregator: at TFSAggregator.TFSAccess..ctor(String tfsUri, String username, String password)
[3380] TFSAggregator: at TFSAggregator.Store.get_Access()
[3380] TFSAggregator: at TFSAggregator.WorkItemChangedEventHandler.ProcessEvent(TeamFoundationRequestContext requestContext, NotificationType notificationType, Object notificationEventArgs, Int32& statusCode, String& statusMessage, ExceptionPropertyCollection& properties)
[3380] TFSAggregator: Inner Exception: The remote server returned an error: (401) Unauthorized.
[3380] TFSAggregator: Stack Trace: at System.Net.HttpWebRequest.GetResponse()
[3380] TFSAggregator: at Microsoft.TeamFoundation.Client.Channels.TfsHttpWebRequest.SendRequestAndGetResponse(HttpWebRequest webRequest, WebException& webException)
Coordinator
May 27, 2014 at 3:36 PM
Edited May 27, 2014 at 3:38 PM
I have never used the user name feature. I always let it run in the context of the TFS Service account (no username or password needed).

If you have setup to use a user, then my only guess would that it needs to have TFS Service Account permissions. That may be easy with TFS 2012-2013 but in TFS 2008 it was kind of hard.
May 27, 2014 at 3:41 PM
Edited May 27, 2014 at 3:55 PM
I went ahead and removed the username and password values from the .xml. I am still receiving the same error. I am using TFS 2012
May 28, 2014 at 8:42 PM
Does anyone have any recommendations on things I can do to help narrow down the solution to my issue? I'm at a complete loss here.
Sep 16, 2014 at 7:25 PM
Ran into this same issue today when the TFS server was configured to run under NetworkService instead of a proper domain account.

I gather that since the TFS Aggregator does a loopback connection, it needs to be able to authenticate to itself. I suppose this is a security feature akin to (http://support.microsoft.com/kb/926642). Reconfiguring TFS to run under a Domain User resolved the issue for me.