Using Exchange Server with TFS for Delivering E-Mail Alerts

Team Foundation Server has the ability to deliver e-mail alerts.  I have talked about this feature a few times (like here, here,  and here) and it’s a very handy feature of any work item tracking system let alone version control, automated builds, test case management, etc.  In the TFS Administration Console window, you just need to enable and specify the e-mail alert settings from the Application Tier node.

Enabling E-Mail Alerts in TFS Administration Console

Here’s the one caveat about this functionality:  TFS needs the SMTP server to allow unauthenticated requests.  Notice that TFS doesn’t allow you to specify a user name and password.  Other applications do allow this -- for example, my Windows Home Server 2011 instance at home asks for additional information.

Specifying E-Mail Alert SMTP Settings for Windows Home Server 2011

Several e-mail servers on the market, including Microsoft Exchange Server, do not allow unauthenticated SMTP requests by default.  In general, you actually don’t want to open up your SMTP server for unauthenticated requests or have an open SMTP server on your network.  This can open you up to security issues and would allow malware or compromised servers to use it as a relay.  Not fun stuff at all.

The preferred approach would be to let your e-mail server know to allow unauthenticated e-mails from each of your TFS application tier servers.  (Note:  You may have multiple application tier servers if you have setup your TFS environment to be highly available using network load balancing and created an AT web farm.)  Since most of the customers I visit have adopted Microsoft Exchange Server, here are the steps for you to pass on to your Exchange Administrator to take to “trust” TFS to deliver e-mail alerts.  As a TFS Administrator, you will not like have the permissions necessary to make these changes in your internal Exchange environment.

Thanks to the Imaginet Infrastructure team (specifically Kelsey Epps)  for help with these instructions!

Configuring the Exchange Hub Transport for TFS E-Mail Delivery

Your first step is to open the Exchange Management Console and head to the Hub Transport node underneath Server Configuration.  This will show you all of the receive connectors that are currently defined when you select the appropriate hub transport server from this list.

Hub Transport Receive Connects in Exchange Management Console

What we will end up doing is creating a new receive connector specifically for use by each of the TFS application tier servers.  In the Actions pane for the Exchange Management Console, choose “New Receive Connector…”

Creating a New Hub Transport Receive Connector in Exchange Management Console

On the Introduction page for the New Receive Connector wizard, enter a friendly name to help other Exchange Administrators understand the purpose of this receive connector and choose “Custom” for the intended use.

New Exchange Hub Transport Receive Connector Wizard - Introduction Page

On the next page for specifying the Local Network Settings, you’ll likely just want to leave the defaults and specify the fully-qualified DNS entry that will be used in the SMTP response when a client like TFS connects to it.

New Exchange Hub Transport Receive Connector Wizard - Local Network Settings Page

The next screen for specifying the Remote Network Settings is the important one.  This tells Exchange server which IP addresses should be allowed to use this receive connector.  You’ll want to remove the default entry that exists in the list and then add each of the IP addresses of each of the TFS application tier servers.  (Remember from above, you might have multiple application tier servers in your TFS environment.)

New Exchange Hub Transport Receive Connector Wizard - Remote Network Settings Page

At this point, you are ready to complete the wizard and it will create the new custom receive connector to be used by the TFS application tier servers.  Once the wizard has completed and created the new receive connector, you’ll want to open the properties dialog window for the new receive connector and enable “Anonymous Users” on the Permissions Group tab.

Enabling Anonymous Users on Custom Exchange Hub Transport Receive Connector

Now, give the fully-qualified DNS name for the Exchange hub transport server to the TFS Administration and they will be able to enter it in the TFS Administration Console in the appropriate spot.  The TFS Administrator will want to monitor the event logs for any error messages after this has been enabled in TFS to make sure that the e-mail delivery TFS jobs that run periodically when there are new e-mail alerts complete successfully.

Using an Office 365 Hosted Exchange Instance

If you happen to be using Office 365 for your Exchange instance, then you will have to setup a local SMTP Relay.  Here are a few online resources for how to do that:

Ed Blankenship

Thursday, 19 September 2013 10:05:55 (Pacific Daylight Time, UTC-07:00)
It appears that since this article has come out, TFS has been updated to allow for authenticated SMTP access in the TFS administration console. If you click on alert settings, there is now 'Advanced SMTP Settings' which if expanded will allow for you to enter credentials for an exchange account.
Ian Lander
(will show your gravatar icon)
Home page

Comment (Some html is allowed: a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.  

[Captcha]Enter the code shown (prevents robots):

Live Comment Preview