This project is read-only.

Security Exception when attempting to run tfsdeployer

Feb 9, 2009 at 11:55 AM
After following the setup instructions I attempt to start the service throught the Services dialog but immediately get a dialog saying that the service started and stopped.

I then turn tracing to level 4 and run from command line as suggested

C:\Program Files\TfsDeployer\TfsDeployer>TFSDeployer.exe -d

NotificationServiceHost: Subscrbing to Notification event at address http://mymachine:8999/BuildStatusChangeEvent/BuildStatusChangeEvent

TFSDeployer.exe Information: 0 : Subscribing to BuildStatusChangeEvent using UserName:mydomain\myusername FilterExpression:

TFSDeployer.exe Information: 0 : Connecting to server http://tfsserver:8080 To getservice Microsoft.TeamFoundation.Server.IEventService

System.Security.SecurityException: Attempted to perform an unauthorized operation.

   at Microsoft.TeamFoundation.Proxy.EventService.SubscribeEvent(String userId, String eventType, String filterExpression, DeliveryPreference preferences)

   at Readify.Useful.TeamFoundation.Common.ServiceHelper.Subscribe(String userName, String eventToSubscribeTo, String filterExpression, DeliveryPreference preference)

   at Readify.Useful.TeamFoundation.Common.Notification.NotificationServiceHost`1.Subscribe()

   at Readify.Useful.TeamFoundation.Common.Notification.NotificationServiceHost`1.OnOpened()

   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

   at System.ServiceModel.Channels.CommunicationObject.Open()

   at Readify.Useful.TeamFoundation.Common.Listener.TfsEventListener`1.OpenHost()

   at Readify.Useful.TeamFoundation.Common.Listener.TfsEventListener`1.Start()

   at Readify.Useful.TeamFoundation.Common.Listener.TfsListener.Start()

   at TfsDeployer.Program.OnStart(String[] args)

   at TfsDeployer.Program.Main(String[] args)

The Zone of the assembly that failed was:


C:\Program Files\TfsDeployer\TfsDeployer>
Any idea what could be the problem? I have tried this both on a deployment machine as well as on my dev box. The username I am using mydomain\myusername has tfsadmin credentials.
Feb 10, 2009 at 10:36 AM
I solved this myself. Problem was I was using my own username that is also part of the Contributors group. It seems that the user running tfsdeployer must be only part of the administrator group in tfs.

At least I made it work by creating a new user that is only part of the tfs administrators group.

If someone can confirm this it would be great.
Apr 8, 2009 at 7:05 PM
I'm getting the same failure when trying to execute "tfsdeployer -d". The service just mysteriously stops after starting, hence the manual execution.

I used my own domain/account name for the service, as well as for the RegistrationUserName in the config file.

Are you saying that I have to request a service account to be created and add that service account to the tfs administrators group? This seems quite odd to me.

If that's the answer, will manual execution still work, since it would be executing under my account?

Thank you.
Apr 8, 2009 at 8:57 PM
I was finally able to start the service by making the service account a local admin.

Also, in order to run the "service -d", you must open a command prompt running as the service account. On Vista this requires the sysinternals "run as" utility.
Apr 8, 2009 at 9:58 PM
In my case it was enough to create a new user and add that user to the administrators group in tfs. It seems that the user to use with tfs deployer can not be part of any other group except for the administrators group.  That user is a domain account. In our case all users are domain users as well so the user I am using for tfsdeployer is a domain user.