Project Web App cannot connect to Project Server after December 2011 CU/hotfix

Today, after installing the December 2011 Project Server 2010 Cumulative Update and hotfix, I got the following error when trying to connect to Project Server Web Application:

Project Web App cannot connect to Project Server”


After investigating the problem, I found this message in the Event Viewer:

“There is a compatibility range mismatch between the Web server and database "ProjectServer_Published", and connections to the data have been blocked to due to this incompatibility. This can happen when a content database has not been upgraded to be within the compatibility range of the Web server, or if the database has been upgraded to a higher level than the web server. The Web server and the database must be upgraded to the same version and build level to return to compatibility range”

To solve the issue I ran the Sharepoint 2010 Products Configuration Wizard and now I’m able to connect to Project Server Web App again.


Publish Team Foundation Server 2010, Sharepoint 2010 and Project Server 2010 over SSL/HTTPS

Some days ago I was asked to publish our Team Foundation Server 2010 on the web over a secure communication protocol (SSL/HTTPS). I read the Alan’s blog and the Rudi Groenewald’s blog about the same argument but none of them fits my situation at all.

The environment we have is more complex than those they describe. The general architecture is the following:

  • a TFS server (I’ll simply call it TFS) that hosts the following services/tier: Team Foundation application tier and Reporting Services application tier instance,
  • a Sharepoint server (I’ll simply call it TFSSP) that hosts the following services/application: a Sharepoint 2010 farm with a Project Server 2010 instance;
  • a SQL Server 2008 R2 server (I’ll simply call it TFSDT) that hosts all databases for Sharepoint, TFS and Project Server.
    At the end of the procedure, we want to have the following sites published:


  1. Have the FQDN you want to use: for this guide I will use “
  2. Have the needed rules configured on the firewall/DNS of your network, in order to allow connections to servers: we asked our system administrator to allow connection to TFS through port 443 and 8088 and to TFSSP through 443.

Procedure overview:

  1. Create a certificate from a Microsoft Certificate Services Server (I installed one because we hadn’t had it);
  2. Configuring IIS servers on TFS and TFSSP;
  3. Configuring Sharepoint Web Application;
  4. Configuring Reporting Services server;
  5. Configuring Team Foundation Server instance.

1. Installing Microsoft Certificate Services Server and create a certificate

I installed a certification authority server on TFS because we hadn’t had one in our network.

  1. Log on to TFS as an administrator.
  2. Click Start, point to Administrative Tools, and then click Server Manager.
  3. In the Roles Summary section, click Add roles.
  4. On the Select Server Roles page, select the Active Directory Certificate Services check box. Click Next two times.
  5. On the Select Role Services page, select the Certification Authority check box, and then click Next.
  6. On the Specify Setup Type page, click Enterprise, and then click Next.
  7. On the Specify CA Type page, click Root CA, and then click Next.
  8. On the Set Up Private Key and Configure Cryptography for CA pages, you can configure optional configuration settings, including cryptographic service providers: I accepted the default values by clicking Next twice.
  9. In the Common name for this CA box, type the common name of the CA, TFS, and then click Next.
  10. On the Set the Certificate Validity Period page, feel free to adjust the validity period or leave the default and then click Next.
  11. On the Configure Certificate Database page, accept the default values or specify other storage locations for the certificate database and the certificate database log, and then click Next.
  12. After verifying the information on the Confirm Installation Options page, click Install.
  13. Review the information on the confirmation screen to verify that the installation was successful After then, I create the certificate for the TFS web server:
  14. Open up the IIS Manager (on TFS) and select the server;
  15. Select “Server Certificates
  16. In the Actions pane, select “Create Domain Certificate
  17. Follow the steps in the “Create Certificate” dialog to create a request. I use the following values:
    • Common name:
    • Organization: mydomain
    • Organizational unit: mydomain
    • City/locality: Rome
    • State/province: Rome
    • Country region: IT
    • Online Certification Authority: domain-tfs-CA\tfs
    • Friendly name:
  18. Click OK if an error window is prompted and go to Certification Authority services, under the folder Pending Requests;
  19. Select the pending request for the certificate, right click and select All Tasks->Issue;
  20. Under the folder Issued Certificates, select the issued certificate, right click and select All Tasks->Export Binary data and save it on a local folder;
  21. In the Server Certificates on IIS, select “Complete Certificate Request” to import the certificate file;
  22. Then select the certificate you’ve just imported, right click and select Export to export both the certificate and primary key in order to import them to IIS on TFSSP;

Finally I exported the root certificate from the authority because I will need to install it on clients in order to be able to connect with Visual Studio.

  1. On TFS server, log on as administrator
  2. Run command prompt and type:  certutil -ca.cert C:\\tfs-ca.cer
  3. The tfs-ca.cer certificate must be installed on clients in order to connect with Visual Studio

2. Configuring IIS servers on TFS and TFSSP

On TFS we need to set the SSL bindings:

  1. Open IIS Manager;
  2. Select “Default Web Site” and select “Bindings” in the Action Pane;
  3. Click “Add” in the “Site Bindings” pop-up.
  4. Change the following values:
    • Type: hhtps
    • Port: 443
    • SSL Certificate: tfs-cert
  5. Click “Ok” in the Add Site Binding and “Close” in “Site Bindings
  6. Perform the same steps for the “Team Foundation Server” website except use port 8088 instead of 443.

On TFSSP we need to import the certificate from TFS and set the SSL bindings:

  1. Open IIS Manager;
  2. Select “Server Certificates
  3. In the Actions pane, select “Import”, browse to the previously exported certificate and type the password;
  4. Select the sharepoint web application (for example, “Sharepoint – 80”) and select “Bindings” in the Action Pane;
  5. Click “Add” in the “Site Bindings” pop-up.
  6. Change the following values:
    • Type: hhtps
    • Port: 443
    • SSL Certificate: tfs-cert
  7. Click “Ok” in the Add Site Binding and “Close” in “Site Bindings
    Moreover, on the TFSSP server, install the certificate into the Trusted Root Certificate Authority.

3. Configuring Sharepoint Web Application

To configure Sharepoint web application:

  1. Open up SharePoint Central Administration;
  2. Click on Configure alternate access mapping under System Settings;
  3. Click on Edit Public URLs;
  4. Select the Sharepoint – 80 web application;
  5. Set as Default;
  6. Click Save;
  7. Return to SharePoint Central Administration;
  8. Click on Security and then on Manage Trust;
  9. In the ribbon interface, go to Trust Relationships Tab and click on New button;
  10. In the Root Certificate to trust relationship section, click on Browse;
  11. Select the certificate that you have exported;
  12. Set a name for the certificate, like “TFS certificate” and click on OK;
    Great! Now you should be able to navigate both to and the following two steps, you will configure Reporting Services and change the links showed on the Team Foundation Web Access home page and the links sent by Team Foundation alert service.

4. Configuring Reporting Services server

To configure Reporting Services to allow https traffic:

  1. On TFS, open up Reporting Services Configuration Manager
  2. Select Web Service URL
  3. In the right panel, select “tfs-cert” as the SSL Certificate and 443 as the SSL Port.
  4. Select Apply
  5. Select Report Manager URL
  6. In the right panel, select Advanced
  7. In the Advanced Multiple Web Site Configuration window that pops up click Add under the Multiple SSL Identities for Report Manager
  8. The Add a Report Manager SSL Binding window will pop-up, just select “tfs-cert” and it will automatically get the URL from the certificate.
  9. Click OK until you get back to the main Reporting Services Configuration window.

5. Configuring Team Foundation Server instance

  1. On TFS, open up Team Foundation Server Administration Console
  2. Navigate to the Application Tier
  3. In the right pane, select Change URLs
  4. In the Change URLs pop up, change the Notification URL to “"
  5. Click Ok, we are finished configuring the Application Tier.
  6. Navigate to the Sharepoint Web Applications
  7. In the right pane, select the “http://tfssp” application and click Change
  8. Change the Web Application URL value in the Sharepoint Web Application Settings to “”
  9. Navigate to Reporting in the left pane.
  10. In the right pane select Edit
  11. The Reporting window will popup.  Select the Reports tab.
  12. Select the Populate URLs, this will cause the drop downs in the tab to refresh with what the Report Server has configured.
  13. Change the drop downs in the URL section to the https addresses that were created earlier
  14. Once you click Ok, be sure to click Start Jobs in the Reporting pane.


That’s all!

“Red-X” on Work Items folder in Team Explorer 2010

This morning I was working with TFS and Team Explorer 2010, when I get a very strange type of error: a red-X on the Work Items folder in Team Explorer, whereas in Team Web Access I get an access denied error over the Work Items queries…

I already got Red-X errors over Documents and Reports folders but it  was never on the Work Items folder: I learnt it’s a rare occurrence when compared to the much more prevalent Red-X on Documents and/or Reports!

Moreover I had no error information to help me start troubleshooting the problem: the work item tracking web service was working and the event logs were not throwing anything helpful. What I did was to run the witexport command: when I ran this command, it gave me an error (“TF201072: A user or group could not be found.”). Again not very helpful!

After investigating I notice it was only a problem with my client: nor colleague had a similar issue, neither I had a similar issue from another machine. This drove me to the solution: clearing the Visual Studio Cache!

The Visual Studio cache, on Windows 7 and Windows Server 2008, is under C:\Users\<user>\AppData\Local\Microsoft\Team Foundation\<version>

After removing all files under this directory all works fine, again.