The restriction settings for IP addresses and domain names contain non-default values
The information in this article applies to:
Visual Studio 2005 Team Foundation Server
Visual Studio Team System 2008 Team Foundation Server
Application-tier server
Health check
The Best Practices Analyzer tool for Team Foundation Server queries Windows Management Instrumentation (WMI) classes to determine whether access to a Web site for Team Foundation is being restricted based on IP address or domain name. The tool checks the GrantByDefault, DomainDeny, DomainGrant, IPDeny and IPGrant properties of each virtual directory for these Web sites: Default Web Site, SharePoint Central Administration Service v3, Team Foundation Server, and Team Foundation Server Proxy. The following table summarizes the default values for these properties.
Property |
Default Value |
Description |
---|---|---|
GrantByDefault |
TRUE |
Defines whether access is granted by default. If this property is set to TRUE, you can use IPDeny and DomainDeny to deny access by specific IP addresses and domains. If this property is set to FALSE, you can use IPGrant and DomainGrant to grant access by specific IP addresses and domains. |
DomainDeny |
none |
Defines a list of domains to be explicitly denied access. No domains should be denied access because users in them will not be able to access Team Foundation Server. |
DomainGrant |
none |
Defines domains that are explicitly granted access. This property is relevant only if GrantByDefault is set to FALSE. |
IPDeny |
none |
Defines IP addresses that are explicitly denied access. No IP addresses should be denied access because users will not be able to access Team Foundation Server from them. |
IPGrant |
none |
Defines IP addresses that are explicitly granted access. This property is relevant only if GrantByDefault is set to FALSE. |
An error appears if access is denied based on an IP address or a domain name. If any of these properties is not set to a default value, users might experience connectivity problems to Team Foundation applications.
Note
By default, Team Foundation Server is configured to grant all computers access to all Web sites for Team Foundation. Before you revert any non-default settings, you should investigate why the settings were changed. Many organizations deny access to match their infrastructure requirements or security policies.
To resolve this issue, you must open Internet Information Services (IIS) Manager on the application-tier server and remove the IP address and domain name restrictions for each reported Web site.
Required Permissions
To perform this procedure, you must be a member of the Administrators security group on the application-tier server for Team Foundation.
To remove IP address and domain name restrictions from a Web site in IIS 6.0
Log on to the application-tier server for Team Foundation.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the tree pane, expand the local computer, and expand Web Sites.
Right-click the Web site that the error reports (for example, Team Foundation Server), and click Properties.
On the Directory Security tab, under IP address and domain name restrictions, click Edit.
Verify that Granted Access is clicked.
Clear any unwanted restrictions.
Click OK, click Apply, and then click OK.
To remove IP address and domain name restrictions from a Web site in IIS 7.0
Log on to the application-tier server for Team Foundation.
Click Start, point to Administrative Tools, right-click Internet Information Services (IIS) Manager, and then click Run as administrator.
In the Connections pane, expand the local computer, and expand Sites.
Click the Web site that the error reports (for example, Team Foundation Server).
In the Web siteHome area, double-click IPV4 IP Address and Domain Restrictions.
Click an IP address or domain in the list, and then click Remove. Click Yes to verify that you want to remove the restriction.
Repeat this step for each IP address or domain restriction that you want to remove.
See Also
Tasks
IP address and domain name restrictions are not available
Other Resources
Issues That Relate to the Application Tier for Team Foundation