Create a safe clone of your TFS environment

ChangeServerId to avoid confusion of client tools

Around the web there are a lot of resources about how to create a clone of your TFS environment for testing purpose. The most important step was always running the TfsCongfig ChangeServerId Command as described in the Move Team Foundation Server from your hardware configuration to another.

With the new wave of guidance for TFS 2015, a new interesting article cames out on how to do a Dry Run in a pre-production environment. In that articles a couple of tricks worth a mention, because they are really interesting and easy to do.

Risk of corrupting production environment

Tfs uses a lot of extra tools and products to fulfill it functions, it is based on Sql Server database but it communicates also with Reporting Services, Sharepoint, SCVMM for Lab management, test controllers and so on. When you restore a backup of your production environment to a clone (pre-production) environment, you need to be sure that this cloned installation does not corrupt your production environment.

As an example, if cloned server still uses the same Reporting Services instance of production server, you will probably end with a corrupted Reporting Services Database.

Protect your environment

In the above article, a couple of simple technique are described to avoid your cloned pre-production TFS corrupt something in production environment.

Edit your hosts file to make all of production servers not reachable from cloned server.

This is the simplest but most efficient trick, if you modifiy hosts file in cloned machine, giving an inexistent ip address for all the names of machines related to TFS environment, you are pretty sure that cloned environment cannot corrupt other services.

If for some reason you forgot to change Lab Management SCVMM Address or Sharepoint, cloned machine is not able to reach them, because name resolves to invalid address.

Use a different user to run TFS Service cloned environment, and be sure that this user has no special permission

Usually TFS Services runs with an account called TFService, and this account has lot of privileges in all machines related to TFS environment. As an example, it has right to manage SCVMM in a Lab Management scenario. If you create a user called TFSClonedService or TFSServiceCloned, withouth no special permission, and use that user to run cloned TFS environment, you are pretty sure that if cloned environment try to contact some external service (Ex SCVMM, Report Service, Etc) you will get a Unauthorized exception.

Remember that running a cloned TFS instance is an operation that should be done with great care, and you should adopt all techniques useful to limit accidental damage to production environment.

Gian Maria.

Work Item query by category

This is a really old functionality of TFS, but it turns out that sometimes some people missed it. When you create a query, you can add a condition on Work Item Type.

This image shows combo box rendered by the ui when you are using the equal operator

Figure 1: Add condition to Work Item Type

As you can see, you can require the Work Item Type to be equal to specific value, and the UI renders a nice combo box with all permitted values to help the user choose right value.

You can also use the in operator, to specify a comma separated list of allowed types.

In operator in Work Item Query allow to specify a comma separated query of values

Figure 2: The in operator in Work Item Query

Finally TFS has a nice concepts called Work Item Category to group togheter all Work Item Types that shared some common behavior. As an example, all types that represents a concept of requirement are shown on the Backload Board, while Work Items that represents a Task are represented in the Task Board. If you choose the in operator to specify a condition on Work Item Type, you can choose from Work Item Categories.

If you choose In Group operator you can choose between Work Item Categories instead of types

Figure 3: Query with the “in group” operator  allows you yo choose between Work Item Categories

There are many use case for this functionality, Microsoft Test Manager used Requirement category to create a generic query that lists “requirements” and is valid for all template. You can use this feature if you need to create query that spans multiple project with different project template.


Figure 4: Query for requirements on multiple Team Project

In Figure 4 I represented a simple query to list all requirements associated to me for every Team Project. As you can see from the result, I got Work Item Type “Requirement” from a CMMI Project and “Product Backlog Item” from a Scrum project.

Gian Maria.

Managing tags with Tag Admin for VS 2013

Tags management in Team Foundation Server is a really good way to add custom information to Work Items without the need to customize process template. The downside of this approach, is that every person is able to add whatever tag to work items with the risk of misspelling and duplication.

As an example if the team is doing T-Shirt sizing for User Stories, we can have people using tag S to identify a Small Story, then people decides to change to SIZE_S to better indicate the purpose of the tag. Now you have some User Story with S and other one with SIZE_S. Mispelling is another typical problem, even if TFS is suggesting you tags in edit with drop down, there is always the risk that someone write a slightly different tag.

An optimal solution to cope with these problem is installing an extension of Visual Studio that allows you to manage tags


Figure 1: Tag Admin For Visual Studio 2013 in Visual Studio Gallery

This extension adds a nice link in your team explorer to manage your tags. If you open it, you are immediately prompted with a complete list of all of your tags, with a counter that identify how many work items are associated with each tag.


Figure 2: List of tags of team project.

If some tags are not associated to any work item and you wonder why they are listed there (you see 0 as work item count) the reason is that TFS Still not cleared the Tag from the tag cache. After a tag is not used by any work item for some days, TFS decides that the tag should not be available anymore for suggestion.

In this example I have a misspelling problem between delighter and deligter so I can click mispelled tag, and a nice Action buttons appears in the UI allowing for some actions.


Figure 3: Available actions for tag

You can view a list of work items that contains that tags, you can delete that tags, effectively removing that tags from any Work Item and you can also Rename Tag. The actual version of the tool does not allow to rename a tag giving a name that already exists, and this prevent us to effectively using the tool to “merge” mispelled tag into a single tag, but it is still really useful because it allow an administrator to immediately spot mispelled tag, that can be fixed manually.

Actually you can simply click “View Linked Workitem” and then from the standard web interface apply the fix changing tags accordingly.

Gian Maria.

Limit maximum memory of SQL Server in TFS environment

If you are a small shop using on-premise TFS, probably you’ll have a single machine installation for Data and App tier for your TFS. While installing a Build server on App or Data tier is highly discouraged, using a single machine for Data and App tier is a viable solution for small and medium team, and with virtualization is quite easy to move machine to a more powerful hardware or give it more RAM if the usage or TFS increase performances starts to degrade.

If you are interested in a really good article about how to configure TFS for performance, this post cover all you need.

In this post I want to point out one aspect that is quite often underestimated but is really critical on single server installation.

SQL Server tends to consume all the RAM of the system, and if you are not limiting maximum memory that it can use, you usually have problem ranging from poor performances to malfunction. On a customer site, suddenly, build controller was disconnected from the server; looking at event viewer in TFS Machine we found that some WCF services failed to start because there is less than 5% of free RAM. Obviously almost all RAM in the system was used by SQL Server. In that installation Sql server max memory limit was not set, and the server slowed down gradually until some part (the build in this situation) stopped working.

If your TFS is a Single Server installation, start limiting SQL Server Memory size to half the RAM, then after some real usage, verify if the system still has free RAM, and gradually give more memory to SQL. This method will prevent SQL From stealing RAM to App Tier.

Limiting memory is crucial even if SQL Server is in a dedicated machine. This article : How much memory does my Sql Server actually need is a good article on the subject. Remember also that if Reporting Services are installed on the same machine you should take this in consideration. Even if Sql Server Database is the only role on the machine limiting is needed. A rough formula given by Grant is the following one.

reserve: 1 GB of RAM for the OS, 1 GB for each 4 GB of RAM installed from 4–16 GB, and then 1 GB for every 8 GB RAM installed above 16 GB RAM

If your SQL Server is on a 32 GB RAM machine, you should configure it to use 25 GB Max, with16 GB  the right value is 11 GB, with 8 GB limit is 5 GB and finally if you have 4 GB of RAM the right value is 2 GB.

Gian Maria.

Tfs2015 Build agent error: Access denied: xxxxx\yyyyy needs Listen permissions for pool zzzzz to perform the action

Tfs 2015 introduces a completely new and redesigned build system and one of the most important change is new lightweight agent system. Instead of installing TFS and then configure Build, to create a new agent you only need to download a zip file, uncompress and launch a PowerShell script. Another great advantage is the ability to run the agent as a service, or running it interactively in a simple console application.

If you configure a new agent you can check that everything is ok in TFS Control panel, in the new Agent pools tab. The new agent should be listed and it is Red if not active, Green if up and running.


Figure 1: Management of Pool and Agent in TFS Configuration

If the agent is red even if you launched the agent, you should check logs in the _diag folder.


Figure 2: Logs are placed in _diag folder

You should be able to understand and fix errors looking at the log. If you run the agent interactively, it could be that your user has no right permission to listen to the pool.

17:28:46.531831 Microsoft.TeamFoundation.DistributedTask.WebApi.AccessDeniedException: Access denied. CYBERPUNK\Administrator needs Listen permissions for pool Fast to perform the action. For more information, contact the Team Foundation Server administrator.

In this situation the user Administrator is in the TFS Administrator Group and it should have any permission, but new Build System is slightly different. The user that runs the agent, must be part of the Agent Pool Service Account, or it will not be able to run the agent


Figure 3: Permissions for Agent Pools

Simply adding the user to the AgentPoolService account should fix authorization problem


Figure 4: Agent is up and running.

Gian Maria