To maintain quality and focus, we limit concurrent engagements and never overbook. When we work with you, our attention is fully on your needs. Whether you need a short-term boost or a long-term strategic partnership, we tailor our approach to deliver real value.
We operate on a fixed-price model, eliminating the need for time tracking or approval gates. Our engagements are based on a defined time period, ensuring full flexibility to collaborate on any topic within our expertise—technical, process-related, or strategic.
Get in touch today to discuss how we can support your organisation's agility, DevOps adoption, and value delivery.
TL;DR; Explains how to resolve TFS Integration Platform errors caused by missing permissions for bypass-rule submission by adding accounts to the Team Foundation Service Accounts group.
When you run the TFS Integration Platform for the first time with TFS WIT bypass-rule submission enabled you will likely get the following error:
Figure: A Runtime Error
Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.PermissionException: TFS WIT bypass-rule submission is enabled. However, the migration service account ‘TFSService’ is not in the Service Accounts Group on server ‘http://tfsserver:8080/tfs/msf_migrate’.
at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.VersionSpecificUtils.CheckBypassRulePermission(TfsTeamProjectCollection tfs)
at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsCore.CheckBypassRulePermission()
at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsWITMigrationProvider.InitializeTfsClient()
at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsWITMigrationProvider.InitializeClient()
at Microsoft.TeamFoundation.Migration.Toolkit.MigrationEngine.Initialize(Int32 sessionRunId)
Applies To
TFS Integration Platform
Findings
Only accounts in the Team Foundation Service Accounts are aloud to access the web services directly. By default the account used to install TFS is not added to this group.
In addition you will also be unable to add the account through the UI as editing this group directly is disables. It is meant to be used under the covers for Lab or Build accounts, but the TFS Integration Platform is not an out-of-the-box tool.
Figure: You can’t edit Team Foundation Service Accounts
This is a special group that does not allow you to populate it through the UI. You can however view it and all of the accounts that you use for your Build Agents, Build Controllers and other bits and bobs will all be in this list already.
You need to use the the command line
Solution
Use the tfssecurity.exe tool to update the Service Accounts Group and add the “TfsAdmin”.
Figure: Updating the TFS Security group
You use our old friend the command line. There is an application called TfsSecurity that will allow you to add an account directly to that group.
1tfssecurity /g+ "Team Foundation Service Accounts" n:domainusername ALLOW /server:http://myserver:8080/tfs
Now you have that sorted you are ready to rock…
Did this help you?
Smart Classifications
Each classification [Concepts, Categories, & Tags] was assigned using AI-powered semantic analysis and scored across relevance, depth, and alignment. Final decisions? Still human. Always traceable. Hover to see how it applies.
Generated via dense vector embeddings and cosine similarity, not clickbait heuristics. These are the closest semantic matches to this post; AI-approved, relevance-assured. Learn how it works.
Learn to manage software projects using Scrum and Visual Studio, covering backlog management, sprint planning, team collaboration, agile testing, and …
Outcomes and Capabilities
These offerings complement the ideas in this post, helping you translate insights into impactful outcomes.
Move from Azure DevOps or TFS to GitHub with full history preservation, workflow modernisation, and team capability building. Migration services that …
Connect with Martin Hinshelwood
If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.
Schedule a Teams Call with Martin Hinshelwood
Our Happy Clients
We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.
