Sometimes when you setup TFS you find that your users, or just some of them, are being prompted for credentials. While manageable this is annoying and is not really related to TFS. This is an Active Directory thing and yes, there is a workaround…
The best way to fix this is to have your Active Directory administrator add your OWN domain to the list detected as internal and thus intranet. By default using just the server NETBIOS name will work anyway, but in this world of domain names http://tfs.company.com looks a lot better and is easier to remember than http://tfs . Its a brain thing… and it is a Kerberos thing, but don’t worry about that.
So, first, why is this happening?
Figure: User Authentication on the Internet / Intranet
Its the default and it should be this way!
If you accidentally change this to allow authentication in all zones you may be exposing your username and password beyond the bounds of your internal network. This is not good.
So, if you want to fix this send this email to your Active Directory administrator or support desk:
Dear Admin,
Can you please make it so that all things that I access thorough the network as “*.mydomain.com” are classed as “intranet” so that I can authenticate correctly without having to enter my username and password every time. Can you also make sure that everyone i work with has the same setting applied automatically.
**
****Figure: Bad example, I should not have to do this locally**
Hint: you can do this by adding “*.mydomain.com” to the list of websites that are automatically in Internet Explorers “Intranet” list
Figure: Good example, now i can authenticate
- Please can you change the domain policy to add this automatically to Internet Explorer
Thanks,
Frustrated local user
But, sometimes you get a less than prompt response. How can I solve this in the mean time, knowing that my Support team is working hard of fixing it permanently?
[screencast url=“ http://www.screencast.com/t/PAx7VWfa3jn" width=“640” height=“360”] Screencast: Administering TFS 2010 - Always prompted for credentials?
Figure: Internet Options is well hidden
Figure: These settings apply to all internet access, not just IE
Figure: All useful options are hidden awayNow when you open IE and go to any address that contains your company domain it will automatically pass through your Active Directory identity.
No related videos found.
If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.
We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.
Alignment Healthcare
Teleplan
Big Data for Humans
Capita Secure Information Solutions Ltd
Philips
New Signature
Deliotte
Cognizant Microsoft Business Group (MBG)
Graham & Brown
CR2
Sage
Emerson Process Management
Microsoft
Workday
Boxit Document Solutions
DFDS
Lockheed Martin
Slicedbread
Department of Work and Pensions (UK)
Nottingham County Council
Royal Air Force
Washington Department of Transport
Ghana Police Service
New Hampshire Supreme Court
MacDonald Humfrey (Automation) Ltd.
Lean SA
Hubtel Ghana
Ericson
Flowmaster (a Mentor Graphics Company)
Graham & Brown
