Anthony Birkett


TFS 2013 non-default port gotcha

Friday 26th September 2014

Here's an annoying problem that I lost a few hours solving. 



You use Team Foundation Server locally (not You have moved the TFS site in IIS to a new vhost and added an additional port binding. 

You have used the TFS console and changed the Notification / Web access URL to reflect your changes in IIS. 

You can access the website fine on the new binding. 

But you cannot check out code / clone the repository (Git) - "Authentication failed".



The issue is down to the accepted authentication methods for the vhost in IIS. 

Open the IIS Manager, browse to your TFS website in the Site tree. 

Open up the Authentication options. 

Enable only "Windows Authentication". Then click Advanced Settings on the right. 

Disabled "Extended Protection".

On the right again, click Providers. Remove all providers, leaving only "NTLM" enabled. 


Job done. I use TFS with Git repositories. Prior to solving this, the web access worked fine, but cloning a repo with Git would give the error "Authentication Failed". 

These settings changes mimic the default vhost authentication settings, which are not necessarily the same as IIS's defaults when creating the site. 

TFS Fix on Flickr


New comment

Your name (3 - 25 characters):

Comment (10 - 1000 characters):

Human verification:

All Posts ▼