Sometimes when you setup TFS you find that your users, or just some of them, are being prompted for credentials. While manageable this is annoying and is not really related to TFS. This is an Active Directory thing and yes, there is a workaround…
The best way to fix this is to have your Active Directory administrator add your OWN domain to the list detected as internal and thus intranet. By default using just the server NETBIOS name will work anyway, but in this world of domain names http://tfs.company.com looks a lot better and is easier to remember than http://tfs . Its a brain thing… and it is a Kerberos thing, but don’t worry about that.
So, first, why is this happening?
Figure: User Authentication on the Internet / Intranet
Its the default and it should be this way!
If you accidentally change this to allow authentication in all zones you may be exposing your username and password beyond the bounds of your internal network. This is not good.
So, if you want to fix this send this email to your Active Directory administrator or support desk:
Dear Admin,
Can you please make it so that all things that I access thorough the network as “*.mydomain.com” are classed as “intranet” so that I can authenticate correctly without having to enter my username and password every time. Can you also make sure that everyone i work with has the same setting applied automatically.
**
****Figure: Bad example, I should not have to do this locally**
Hint: you can do this by adding “*.mydomain.com” to the list of websites that are automatically in Internet Explorers “Intranet” list
Figure: Good example, now i can authenticate
- Please can you change the domain policy to add this automatically to Internet Explorer
Thanks,
Frustrated local user
But, sometimes you get a less than prompt response. How can I solve this in the mean time, knowing that my Support team is working hard of fixing it permanently?
[screencast url=“ http://www.screencast.com/t/PAx7VWfa3jn" width=“640” height=“360”] Screencast: Administering TFS 2010 - Always prompted for credentials?
Figure: Internet Options is well hidden
Figure: These settings apply to all internet access, not just IE
Figure: All useful options are hidden awayNow when you open IE and go to any address that contains your company domain it will automatically pass through your Active Directory identity.
No related videos found.
If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.
We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.
ProgramUtvikling
Workday
Illumina
Cognizant Microsoft Business Group (MBG)
YearUp.org
Boxit Document Solutions
Higher Education Statistics Agency
Akaditi
MacDonald Humfrey (Automation) Ltd.
Hubtel Ghana
Boeing
CR2
Brandes Investment Partners L.P.
Slicedbread
Bistech
NIT A/S
Deliotte
Trayport
Washington Department of Transport
Nottingham County Council
Ghana Police Service
Department of Work and Pensions (UK)
Washington Department of Enterprise Services
Royal Air Force
Higher Education Statistics Agency
Genus Breeding Ltd
Big Data for Humans
Schlumberger
Hubtel Ghana
Kongsberg Maritime
