Using Friendly DNS Names in Your TFS Environment



Over the past few years of dealing with plenty of TFS environments, one thing that I am glad to have done is setup friendly DNS names for TFS to use for it’s individual parts. This has helped extremely to make for a smooth transition for administrators & end users when needing to move TFS to a new hardware environment, upgrading TFS to a new version, or in several disaster recovery scenarios. Not to mention having to tell new users to connect to some odd server with a weird name like ADGKSDFU308234NT. Smile You can obfuscate all of the connection points that TFS uses. The concept is easy and if you haven’t done it already, it’s never too late.

Why use Friendly DNS Names?

I mentioned a few examples above but let me expand on it a little further by presenting two scenarios that I have run across. There are plenty of other scenarios that have been handy in the past as well. You’ll be surprised the options you have for different types of changes to the infrastructure and topology that you’ll run across in the future by using friendly DNS names.

Hardware Migration Upgrade

During a future upgrade, it is decided that new hardware is to be used for scaling out to increase the availability and performance of the TFS environment. By using friendly DNS names, end users and custom tools can continue to point to the same address (tfs.contoso.local) without making any changes. This allows for having the old environment up at the same time as having the new upgraded environment up. This helps out with rollback plans in case the upgrade was not successful.

Scale Out Analysis Services

A company has noticed that heavy usage of the OLAP warehouse cube in SQL Analysis Services has started to use a lot of the RAM on the data tier server. They would like to separate SQL Analysis Services from the database services in SQL Server to a separate server. By changing the friendly DNS name (warehouse.tfs.contoso.local) to the new Analysis Services instance, end users who have created custom Excel pivot table reports in workbooks won’t have to update each workbook.

Any others you can think of?

DNS Entries

First, you will want to create either A or CNAME records in your DNS infrastructure. If you are using Active Directory then your DNS infrastructure will more than likely be managed by your domain controller(s).

This guide assumes that you are using the following friendly DNS names throughout the configuration. In this example, the internal network uses the DNS suffix of contoso.local. You could also have contoso.com addresses point to internal servers if they are setup appropriately in DNS. Check with your DNS administrator to discuss which format should be used. Be sure to use fully-qualified DNS names especially for those clients that use VPN or have remote offices. You will want to be sure to follow the guide in order since some steps are dependent on previous steps to have been performed.

DNS Entry

Points To

tfs.contoso.local

Application Tier or Network Load Balance IP for TFS AT Farm

Used For: TFS Web Services, Team Web Access, SQL Reporting Services, and SharePoint (if on same box)

data.tfs.contoso.local

Data Tier or SQL Server Cluster IP

Used For: Location of Configuration, TPC, and Relational Warehouse Databases

warehouse.tfs.contoso.local

SQL Analysis Services Instance

india.proxy.tfs.contoso.local

One friendly DNS entry for each remote location. (Optional)

sharepoint.tfs.contoso.local

Separate friendly DNS entry for the SharePoint server if separate from the application tier. (Optional)

lab.tfs.contoso.local System Center Virtual Machine Manager Server for TFS Lab Management (Optional)
builds.tfs.contoso.local Drop folder share for build outputs.  When setting up a build definition I will use a file share like this in the settings:  \\builds.tfs.contoso.local\Builds
symbols.tfs.contoso.local Symbol Server file share for builds.  When setting up a build definition, I will use a file share like this in the settings:  \\symbols.tfs.contoso.local\Symbols

In my particular example below, I have a single server that has both the application tier components and the data tier components. SQL Analysis Services is also installed on the same server. However, I am using a separate SharePoint server and a different server for TFS Lab Management.

SNAGHTMLf5981e

Disable Loopback Check

Often when you are logging into a server and using a friendly DNS name that resolves back to itself (localhost) you will find that you end up having authentication issues because of a security feature in Windows Server. You can disable this security feature by following the directions in this KB support article: http://support.microsoft.com/kb/896861. You will want to do this for each of the servers that may resolve back to itself using the friendly DNS name. For example: application tier servers, data tier, Analysis Services server, SharePoint servers, etc.

To set the DisableLoopbackCheck registry key, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  1. Right-click Lsa, point to New, and then click DWORD Value.
  2. Type DisableLoopbackCheck, and then press ENTER.
  3. Right-click DisableLoopbackCheck, and then click Modify.
  4. In the Value data box, type 1, and then click OK.
  5. Quit Registry Editor, and then restart your computer.

Installing TFS to use the Friendly DNS Name for the Data Tier

When initially configuring Team Foundation Server, use the fully-qualified friendly DNS name for the data tier server: data.tfs.contoso.local. If this is done correctly, then the Application Tier information page on the TFS Administration Console will show that friendly DNS name in the connection string.

image

Also use this location for each team project collection that is created as well. If it done correctly then you will see it shown for the connection string to the team project collection database.

image

If TFS has already been setup and configured not using the friendly DNS name, you can alternatively use the TFSConfig.exe RemapDBs and RegisterDB command on each application tier server to update its data tier server connection string to use the friendly DNS name.

tfsconfig.exe remapdbs /DatabaseName:data.tfs.contoso.local;Tfs_Configuration /SQLInstances:data.tfs.contoso.local

More information about the RemapDBs command can be found on MSDN: http://msdn.microsoft.com/en-us/library/ee349262.aspx

image

tfsconfig.exe registerDB /SQLInstance:data.tfs.contoso.local /DatabaseName:Tfs_Configuration

More information about the RegisterDB command can be found on MSDN: http://msdn.microsoft.com/en-us/library/ms252443.aspx

image

Configuring Reporting Services to Use Friendly DNS Name

  1. Open the Reporting Services Configuration Manager by clicking Start –> All Programs –> Microsoft SQL Server 2008 R2 –> Configuration Tools –> Reporting Services Configuration Manager
  2. Connect to the appropriate SQL Reporting Services instance.
  3. Click on Report Manager URL settings page.
  4. Click on the Advanced button.

image

  1. In the Advanced Multiple Web Site Configuration dialog click on the Add button.
  2. Enter the fully-qualified DNS name: tfs.contoso.local. You can optionally remove the other entry if it is not needed.

image

image

  1. Click OK and the URL should be reserved.

image

  1. Go to the Web Service URL settings and repeat steps 4-7 and use the same fully-qualified friendly DNS name: tfs.contoso.local.
image

Configuring SharePoint to Use Friendly DNS Name

  1. Open SharePoint Central Administration by clicking Start –> Administrative Tools –> SharePoint Central Administration
  2. Click on the Configure alternate access mappings command under the System Settings section

image

  1. Click on Edit Public URLs in the toolbar.

image

  1. On the Edit Public Zone URLs page, enter the fully-qualified friendly DNS name into the Internet field for the separate SharePoint server or the friendly DNS name for the application tier server if it is installed there.

image

  1. Click on Save
  2. Verify that you are able to resolve the friendly DNS address and that the SharePoint web application recognizes it appropriately. You can do this by opening an Internet Explorer browser and navigating to http://tfs.contoso.local or http://sharepoint.tfs.contoso.local depending on your configuration.

You may want to also update the public URL for SharePoint to use for the Central Administration site as well. Perform the same steps except choose the SharePoint Central Administration in the Alternate Access Mapping Collection combo box.

image

Configuring TFS to Use Friendly DNS Name

  1. Open the TFS Administration Console and navigate to the Application Tier settings page.
  2. Click on the Change URLs action.

image

  1. On the Change URLs dialog, enter the fully-qualified friendly DNS name: http://tfs.contoso.local:8080/tfs.

image

  1. Don’t change the Server URL since it is used for intra-server communication (like warehouse adapter jobs, etc.)
  2. Click OK. Verify that the TFS Administration Console page has been updated and that e-mail alerts now use the friendly DNS name in the URL links within the e-mail.

Configuring TFS Reporting to Use Friendly DNS Name

  1. Open the TFS Administration Console and navigate to Application Tier –> Reporting.
  2. Click the Stop Jobs action before editing the configuration.

image

  1. Click OK on the warning dialog.

image

  1. Click on the Edit action.
  2. On the Warehouse tab, type the fully-qualified friendly DNS name for the data tier server that houses the relational warehouse database: data.tfs.contoso.local.

image

  1. Click on the Analysis Services tab and enter the fully-qualified friendly DNS name for the Analysis Services server: warehouse.tfs.contoso.local.

image

  1. Re-enter the password for the Account for accessing data sources.
  2. Click on the Reports tab and click on the Populate URLs button.
  3. In the URLs for Report Server group, select the URLs that were setup in the Reporting Services Configuration utility that were setup earlier.

image

  1. Re-enter the password for the Account for accessing data sources.
  2. Click OK.
  3. Click the Start Jobs action.

The Team Foundation Server Administration Console should now display the appropriate information as shown below.

image

Configuring TFS SharePoint Integration to Use Friendly DNS Name

  1. Open the TFS Administration Console and navigate to Application Tier –> SharePoint Web Applications.
  2. Click on the SharePoint Web Application item in the list box and click Change.

image

  1. On the SharePoint Web Application Settings dialog box, change the Web Application URL to the fully-qualified friendly DNS name you used earlier. (You can optionally set the Friendly Name to this address as well but this is more for a friendly label that distinguishes the SharePoint web application from multiple SharePoint web applications if configured.) Click OK.

image

  1. You should receive an information dialog box. Click OK on that dialog.
  2. The SharePoint Web Applications list should be updated with the entry that lists the friendly DNS name.
image

Build Servers & Proxy Servers

Be sure to also configure all of the build servers and proxy servers to point to the friendly DNS name when connecting to the application tier server(s). This will allow for the same type of flexibility whenever you need to make any TFS environment topology changes.

image

Let me know if you have any additional questions!

Ed Blankenship



Tuesday, 04 January 2011 13:11:39 (Pacific Standard Time, UTC-08:00)
I noticed the friendly name you used here for the web access URL contained the port. I was wondering if there might be a way to obfuscate the port in the friendly URL? Where the port is not a problem for our technical users, it is a little bit more difficult for the folks who are not as quite as techically savvy. The 2010 version is better for those folks as they can access from a link within the project portal sites.. but accessing TFS Web Access directly would be easier if they did not need to use the port in the address.

Thank you much for posting these instructions. I did not realize this would be so involved. I have been working with my server engineer to get a friendly name used for this application for a few weeks now with no luck. Now we have a clear direction to work towards(and a better understanding of why it wasn't working!).

Thanks much!
Jennifer:)
Tuesday, 04 January 2011 13:26:30 (Pacific Standard Time, UTC-08:00)
Glad you found the post useful and you bring up a great question!

Unfortunately, the DNS infrastructure and HTTP protocol don't allow you to include the port address in a DNS address. You could alternately install TFS to run on port 80 (which would require SharePoint to exist on a separate server). However, all of the default connection dialogs default to using port 8080 so people would have to remember to change it to port 80 any time they were entering the connection information.

Another approach would be to modify the Team Foundation Server Services web site to listen on both ports 8080 and 80. I don't believe there is a way to do that using the Team Foundation Server Administration Console but this can be done manually in IIS. Again this approach would require SharePoint to be on a different server.
Monday, 10 January 2011 13:05:00 (Pacific Standard Time, UTC-08:00)
Hi Ed,
Is there a way to rename the Tfs DBs ("tfs_Warehouse" and "tfs_Configuration")? Our SQL team has a naming convention for DBs, and the way TFS assigns name for TFS Dbs doesn't fit the required naming convention, even if I used the label to add a customized label to the DB names. Can I rename the TFS SQL Dbs, then edit the configuration information to change to the new names?
Thank you in advance for your help.
Thanh-Nu
Thanh-Nu
Thursday, 13 January 2011 07:05:34 (Pacific Standard Time, UTC-08:00)
Hi Ed, thank you for this much detailed guide !

you recommand installing TFS tiers directly using their FQDN names, I try to do that as well. This requires DNS aliases to be active : for example I could not set up the app tier in FQDN by editing the hosts file.
The problem with that is with the flexibility aliases are suppose to provide in an upgrade scenario, if the alias has to point to the new machine (the one being installed) then there is a service discontinuity regarding to the current (old) server.
How do you actually proceed to maximize TFS up time during an upgrade with a single alias ?

Tuesday, 18 January 2011 02:17:37 (Pacific Standard Time, UTC-08:00)
Is there a way to rename the Tfs DBs ("tfs_Warehouse" and "tfs_Configuration")? Our SQL team has a naming convention for DBs, and the way TFS assigns name for TFS Dbs doesn't fit the required naming convention, even if I used the label to add a customized label to the DB names. Can I rename the TFS SQL Dbs, then edit the configuration information to change to the new names?


Hi Thanh-Nu:

Sure there are a few ways to go about doing it... Tfs_Warehouse is definitely easier than Tfs_Configuration for changing. I believe you can use one of the commands in TfsConfig.exe to connect the application tier to a new configuration database.
Tuesday, 18 January 2011 02:22:36 (Pacific Standard Time, UTC-08:00)
you recommand installing TFS tiers directly using their FQDN names, I try to do that as well. This requires DNS aliases to be active : for example I could not set up the app tier in FQDN by editing the hosts file.
The problem with that is with the flexibility aliases are suppose to provide in an upgrade scenario, if the alias has to point to the new machine (the one being installed) then there is a service discontinuity regarding to the current (old) server.
How do you actually proceed to maximize TFS up time during an upgrade with a single alias ?


Good question...

If you were upgrading the server, you would be taking down the old environment (making it unusable) during the upgrade outage. Friendly DNS names are not a mechanism for ensuring people can still continue to use the server during an upgrade or to improve uptime. :) Their changes wouldn't be included in the new updated databases anyhow if they were editing the old environment. Outside of the upgrade scenario, you can ensure high availability by using network load balancing with multiple application tiers in a TFS AT Server Farm.

However, you'll always have downtime during upgrades... That is unavoidable and only happens every year or so (if you include service packs.)

The nice thing about friendly DNS entries is that if the upgrade fails and you need to rollback to the previous environment, you could just bring the old environment back up and point the DNS entries back to the old servers. That's a much simpler rollback plan.
Thursday, 14 April 2011 07:50:18 (Pacific Daylight Time, UTC-07:00)
This is great advice Ed!
Tuesday, 17 January 2012 11:03:46 (Pacific Standard Time, UTC-08:00)
Great post. Thanks for sharing it!
Friday, 16 August 2013 16:45:07 (Pacific Daylight Time, UTC-07:00)
Hi Ed,

I'm implementing friendly DNS names as I upgrade from TFS 2010 to 2012. I was wondering why, when creating the Report Manager URL and Web Service URL in the "Configuring Reporting Services to Use Friendly DNS Name" section, you are specifying "tfs.contoso.local" rather than "warehouse.tfs.contoso.local"?

Thanks for this guidance. I'm looking forward to reaping the benefits in our next upgrade!

Doug
Doug Baker
Friday, 16 August 2013 17:05:44 (Pacific Daylight Time, UTC-07:00)
@Doug Baker

That's a great question. SQL Reporting Services is a web-based component and SQL Analysis Services (which is the component that contains the OLAP cube for the data warehouse) is database server component. The web-based SQL Reporting Services can then be handled the same way as any other web-based component in TFS and so is intended to be installed on the TFS Application Tier server(s) - not the Data Tier server like SQL Analysis Services would be.

By installing SQL Reporting Services on the application tier server(s) you are able to enable SSRS into the web farm to be load balanced in addition to the other Team Foundation Server components. Each of the components on the application tier server(s) can then be configured to use the shared tfs.contoso.local or tfs.contoso.com DNS names where the SQL Analysis Services OLAP cube can have a separate DNS name like warehouse.tfs.contoso.local as suggested above.

In certain scale-out scenarios, you may want to move the SQL Analysis Services OLAP cube to a separate data-tier (maybe a server with a lot of RAM) to handle a larger load on the data in the cube. That's why the suggestion is to even have a separate DNS name for the cube vs. the relational databases. Once your end users start to create reports and Excel workbooks that use the data in the OLAP cube, you don't want to end up changing the DNS name that is used otherwise they will have to re-write all of their Excel-based reports. (That's never a fun message to send out!)

I hope that makes more sense!

Ed B.
Thursday, 19 December 2013 23:31:02 (Pacific Standard Time, UTC-08:00)
hi ed,

This was really helpful.Thank for Sharing.

Bindya
Saturday, 22 February 2014 13:36:40 (Pacific Standard Time, UTC-08:00)
Thanks for the excellent and thoroughly detailed post!
Brian Baker
Friday, 23 May 2014 08:44:06 (Pacific Daylight Time, UTC-07:00)
Hi Ed,

Thank you very much for an excellent post!

Would you recommend that we also create an DNS name for Git on TFS 2013? Anythink that we need to be aware of in such a situation?

I am also interested in your input for how to migrate an on premise installation of TFS 2013 with Git setup with your recommended DNS names, to Visual Studio Online. Will our current DNS names just be redirected to the Visual Studio Online parts?

Thank you for your input.

Aron
Aron Pedersen
Wednesday, 04 February 2015 12:18:39 (Pacific Standard Time, UTC-08:00)
Can you elaborate on how to setup the DNS alias for the build drop path?
Steve L.
Name
E-mail
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

[Captcha]Enter the code shown (prevents robots):

Live Comment Preview