TFS Integration Tools – Issue: TFS WIT bypass-rule submission is enabled

Problems & Puzzles

Everyone

When you run the TFS Integration Platform for the first time with TFS WIT bypass-rule submission enabled you will likely get the following error:

Figure: A Runtime Error

Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.PermissionException: TFS WIT bypass-rule submission is enabled. However, the migration service account ‘TFSService’ is not in the Service Accounts Group on server ‘http://tfsserver:8080/tfs/msf_migrate’.

   at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.VersionSpecificUtils.CheckBypassRulePermission(TfsTeamProjectCollection tfs)

   at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsCore.CheckBypassRulePermission()

   at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsWITMigrationProvider.InitializeTfsClient()

   at Microsoft.TeamFoundation.Migration.Tfs2010WitAdapter.TfsWITMigrationProvider.InitializeClient()

   at Microsoft.TeamFoundation.Migration.Toolkit.MigrationEngine.Initialize(Int32 sessionRunId)

Applies To

TFS Integration Platform

Findings

Only accounts in the Team Foundation Service Accounts are aloud to access the web services directly. By default the account used to install TFS is not added to this group.

In addition you will also be unable to add the account through the UI as editing this group directly is disables. It is meant to be used under the covers for Lab or Build accounts, but the TFS Integration Platform is not an out-of-the-box tool.

Figure: You can’t edit Team Foundation Service Accounts

This is a special group that does not allow you to populate it through the UI. You can however view it and all of the accounts that you use for your Build Agents, Build Controllers and other bits and bobs will all be in this list already.

You need to use the the command line

Solution

Use the tfssecurity.exe tool to update the Service Accounts Group and add the “TfsAdmin”.

Figure: Updating the TFS Security group

You use our old friend the command line. There is an application called TfsSecurity that will allow you to add an account directly to that group.

tfssecurity /g+ "Team Foundation Service Accounts" n:domainusername ALLOW /server:http://myserver:8080/tfs

Now you have that sorted you are ready to rock…

Did this help you?

Create a conversation around this article

Martin Hinshelwood

Martin Hinshelwood has worked with many customers in government, finance, manufacturing, health and technology to help them adopt and improve their agility using DevOps and Agile techniques. He writes regularly on naked Agility's Blog, and speaks often on DevOps, Agile & Process Improvement with Scrum, Visual Studio, and TFS. Martin is available onsite for technical or agile mentioning, coaching, or consulting. Find out what Martin's customers say about him and his work.

League of Extraordinary Lean-Agile Practitioners Community The league of extraordinary lean-agile practitioners is a group of peers and seasoned practitioners that continuously learn, share emergent practices, and discuss topics with courage, commitment, focus, respect, & openness! Join The League

Martin Hinshelwood

You can’t stop the signal! But you can ignore it!

In organizational development and team dynamics, Agile (as the Agile Manifesto delineates) and Scrum (as the Scrum Guide outlines) guide teams not by solving their problems but by illuminating the issues that demand attention. These frameworks aim to identify and spotlight the challenges within a team or organization’s processes, effectively …

17 April, 2024

Martin Hinshelwood

The Evolution of Agile Learning: Insights from Scrum.org’s Webinar

This week, I participated in a Scrum.org Webinar hosted by Sabrina Love (Scrum.org Product Owner) as well as my colleagues, Joanna Płaskonka, Ph.D. and Alex Ballarin to discuss the state of learning and how immersive learning is the future of training. You can watch the video below to hear what …

14 December, 2023

Martin Hinshelwood

Naked ALM: starting with why and getting naked

For a long time now I have been searching for that perfect domain that epitomised the vision, the why, of what I am trying to achieve with my customers and the industry at large. Now I have found it in http://nkdagility.com

2 May, 2013

Martin Hinshelwood

You can’t stack rank hierarchical work items?

At the MVP Summit I was appalled by the number of people who asked questions about new features for supporting hierarchical tasks! I shared a disgusted look with Peter Provost and we had a quick (and I mean really quick) conversation that resulted in this post. it really comes down …

1 March, 2012

TFS Integration Tools – Issue: TFS WIT bypass-rule submission is enabled

Applies To

Findings

Solution

Create a conversation around this article

Martin Hinshelwood

Read more

You can’t stop the signal! But you can ignore it!

The Evolution of Agile Learning: Insights from Scrum.org’s Webinar

Naked ALM: starting with why and getting naked

You can’t stack rank hierarchical work items?

Get in Touch!

Our next public training courses

Trusted by companies like

our latest blog posts

You can’t stop the signal! But you can ignore it!

Pragmatism crushes Dogma in the wild

Blocked Columns on Kanban Boards Obfuscate Workflow and Undermine Effectiveness

The Evolution of Agile Learning: Insights from Scrum.org’s Webinar

The 7 Deadly Sins of Agile: A Grecian Odyssey through Modern Software Development

How to Set and Achieve Effective Sprint Goals

The Definition of Done: Ensuring Quality without Compromising Value

Deciphering the Enigma of Story Points Across Teams

Need help? We can help you, or help you find a consultant, coach, or trainer who can!

Improve with confidence

Contact

Consulting

Training

Resources