Reputation: 41
TFS 2015 On-prem: web extension failing to load over https - (The request is not supported)
I need specific guidance about when using a TFS web extension while the TFS instance is exposed over internet using https protocol.
Background: I developed a TFS 2015 web extension using rest api and installed it on our tfs collection using tfs-cli.
After installation and enabling the extension I load this extension; it throws the following error
“Error Code: 500 Internal Server Error. The request is not supported. (50)”.
During analysis I discovered that the issue is related to our TFS configuration over http and https.
I am experiencing the same error for other 3rd party extensions like FolderManagement and Team Calendar over https. These extensions work great in our TFS 2015 lab environment which is only exposed over http on the domain.
*Let’s take example of the FolderManagement extension available in the marketplace.*
Attempt 1 - previous configuration:
We have an external url say https://tfs.companyname.com/tfs registered in TMG which was routing all traffic to our internal TFS instance say http://machinename:port/tfs
In TFS Admin console notification url was set to https://tfs.companyname.com/tfs
When we accessed extension in TFS web, it didn’t load and in browser debug we got following error:
GET
https://tfs.companyname.com/tfs/_apis/public/gallery/publisher/ms-devlabs/extension/FolderManagement/1.1.10/assetbyname/main.html“Error Code: 500 Internal Server Error. The request is not supported. (50)”.
Attempt 2:
Then I changed TFS notification url in Admin console to point to internal instance http://machinename:port/tfs
Now all extensions started working fine when we accessed our TFS using http://machinename:port/tfs.
However when we accessed external url https://tfs.companyname.com/tfs then extensions didn’t work as TMG was forwarding traffic from secure (https) to insecure(http) and caused authorization issues.
Attempt 3 - Current configuration:
On TFS server we added https binding (port 443) to “Team Foundation Server” website and assigned valid certificate. Side note - The certificate is wildcarded *.companyname.com supporting the exposed dns entry for the site.
In the TFS Admin console, the notification url is set to https://tfs.companyname.com/tfs
and server url is also set to https://tfs.companyname.com/tfs
External url https://tfs.companyname.com/tfs is routing traffic to TFS server (machine IP) over 443 port.
Now when we are accessing extension in TFS web, It’s showing same error as mentioned earlier i.e.
GET
https://tfs.companyname.com/tfs/_apis/public/gallery/publisher/ms-devlabs/extension/FolderManagement/1.1.10/assetbyname/main.html“Error Code: 500 Internal Server Error. The request is not supported. (50)”.
Given the current configuration I am getting the same behaviour/error for both http and https.
Question: Why does the extension work as expected when all configuration is targeting a TFS installation hosted over http but when exposed over https the web extension behaves differently?
Upvotes: 3
Views: 630
Answers (3)
Reputation: 2139
I believe this is a bug in the product. For some strange reason (bad practice) whoever decided to write those image urls didn't honor the current browser url. This would be very simple if they just wrote a relative url.
In my case a have a public https url https://team.devscope.net/tfs/_api..., and an internal https://*:8080/tfs, but the product just invented an unprotected/new url named http://team.devscope.net:8080/tfs/_apis.
result is just an error in the browser:
Upvotes: 0
Reputation: 41
This turned out to be TMG related issue. TFS configuration was correct. Thanks a lot to everyone who helped. This issue can be closed now.
Upvotes: 0
Reputation: 51153
I have to say both http and https can work well with the same configuration for the web extension is impossible. Try below configuration before your deploy your web extension.
Configuring Your Deployment to Require HTTPS with SSL (Optional)
You can require all connections to the TFS application tier to use HTTPS with SSL. This additional security is optional but recommended.
To require SSL connections
1.On the server that hosts the website that you want to configure, choose Start, choose Administrative Tools, and then choose Internet Information Services (IIS) Manager.
2.Follow the appropriate steps for your version of IIS:
For deployments that use IIS 7.0:
a.Expand ComputerName, expand Web Sites, and then choose the website that you want to configure.
b.On the home page for that website, choose SSL Settings.
c.In the SSL Settings pane, select the Require SSL check box.
(Optional) Select the Require 128-bit SSL check box.
d.In Client Certificates, choose Ignore, Accept, or Require, depending on the security requirements of your deployment.
e.In Actions, choose Apply.
f.Repeat these steps for each website for which you want to require SSL.
More details about HTTPS with TFS please refer this MSDN link : Set up HTTPS with Secure Sockets Layer (SSL) for Team Foundation Server
Upvotes: 0
Related Questions
- TFS 2017 web application not displaying well
- Moving TFS 2017 from HTTP to HTTPS causes extensions not working properly
- TFS Build Agent failing to connect to HTTPS git in TFS 2017 when running as service
- Unable to log into TFS2015 from web or VS2015
- TFS 2015 on-prem licensing issue on REST API
- Tfs Collection Url mismatch. Expected : http://server:8080/tfs/DefaultCollection/, Current http://server:8080/tfs/DefaultCollection in TFS 2015
- How can I resolve the https proxy error message when attempting to connect to TFS Builds through Visual Studio 2015?
- Encountering 404 Not Found Error while setting up TFS 2015