VSTS Installation trouble
During a recent migration story of which I will shortly post some additional information we have experienced severe install issues with TFS. This was all caused by a non-custom / locked down Windows Server 2003 installation. On this environment I have seen numerous issues, but the main error was:
Error 28100. Error loading Event web service.
After a couple of days we noticed the installation wasn't default and was locked down with the Security Configuration Wizard for Windows Server 2003. It seem it fails on the SSRS configuration piece in the installer. Here's the Security Config Wizard XML file that is the culprit. I haven't found what the exact setting is that causes the error. Hopefully someone else saves some time with this post...
<?xml version="1.0" encoding="UTF-16" ?>
<SecurityPolicy Version="1.0">
<Rules>
<Rule Name="Microsoft.OS.Services" Version="1.0">
<Parameters>
<Parameter Order="1">
<Service Name="EDI Subsystem" StartupMode="Disabled" />
<Service Name="ENTSSO" StartupMode="Disabled" />
<Service Name="Microsoft.BizTalk.KwTpm.StsBizTalkAdapter.StsBizTalkAdapterService" StartupMode="Disabled" />
<Service Name="RuleEngineUpdateService" StartupMode="Disabled" />
<Service Name="ListManager" StartupMode="Disabled" />
<Service Name="DMLService" StartupMode="Disabled" />
<Service Name="PredictorService" StartupMode="Disabled" />
<Service Name="IMAP4Svc" StartupMode="Disabled" />
<Service Name="RESvc" StartupMode="Disabled" />
<Service Name="MSExchangeES" StartupMode="Disabled" />
<Service Name="MSExchangeIS" StartupMode="Disabled" />
<Service Name="MSExchangeMGMT" StartupMode="Disabled" />
<Service Name="MSExchangeMTA" StartupMode="Disabled" />
<Service Name="MSExchangeSA" StartupMode="Disabled" />
<Service Name="MSExchangeSRS" StartupMode="Disabled" />
<Service Name="MSPOP3Connector" StartupMode="Disabled" />
<Service Name="UN2" StartupMode="Disabled" />
<Service Name="DRDAResync" StartupMode="Disabled" />
<Service Name="NVAlert" StartupMode="Disabled" />
<Service Name="NVRunCmd" StartupMode="Disabled" />
<Service Name="PO005" StartupMode="Disabled" />
<Service Name="SnaDdm" StartupMode="Disabled" />
<Service Name="DDM001" StartupMode="Disabled" />
<Service Name="DDM999" StartupMode="Disabled" />
<Service Name="MngAgent" StartupMode="Disabled" />
<Service Name="MQBridge" StartupMode="Disabled" />
<Service Name="DDM6DB" StartupMode="Disabled" />
<Service Name="SnaRpcService" StartupMode="Disabled" />
<Service Name="SnaBase" StartupMode="Disabled" />
<Service Name="SnaNetMn" StartupMode="Disabled" />
<Service Name="SnaPrint" StartupMode="Disabled" />
<Service Name="SnaServr" StartupMode="Disabled" />
<Service Name="TN3270" StartupMode="Disabled" />
<Service Name="TN5250" StartupMode="Disabled" />
<Service Name="ISACtrl" StartupMode="Disabled" />
<Service Name="ADAM_ISASTGCTRL" StartupMode="Disabled" />
<Service Name="Fwsrv" StartupMode="Disabled" />
<Service Name="ISASched" StartupMode="Disabled" />
<Service Name="ISASTG" StartupMode="Disabled" />
<Service Name="MSSQL$MSFW" StartupMode="Disabled" />
<Service Name="SQLAgent$MSFW" StartupMode="Disabled" />
<Service Name="MIIServer" StartupMode="Disabled" />
<Service Name="MOM" StartupMode="Disabled" />
<Service Name="SBCore" StartupMode="Disabled" />
<Service Name="MSSQL$SBSMONITORING" StartupMode="Disabled" />
<Service Name="SQLAgent$SBSMONITORING" StartupMode="Disabled" />
<Service Name="WBLOGSVC" StartupMode="Disabled" />
<Service Name="SMS_EXECUTIVE" StartupMode="Disabled" />
<Service Name="SMS_SITE_BACKUP" StartupMode="Disabled" />
<Service Name="SMS_SITE_COMPONENT_MANAGER" StartupMode="Disabled" />
<Service Name="SMS_SQL_MONITOR" StartupMode="Disabled" />
<Service Name="clisvc" StartupMode="Disabled" />
<Service Name="SMS Hardware Inventory Agent Service" StartupMode="Disabled" />
<Service Name="Wuser32" StartupMode="Disabled" />
<Service Name="CcmExec" StartupMode="Disabled" />
<Service Name="SMS_REPORTING_POINT" StartupMode="Disabled" />
<Service Name="SMS_SERVER_LOCATOR_POINT" StartupMode="Disabled" />
<Service Name="SMS_NT_LOGON_DISCOVERY_AGENT" StartupMode="Disabled" />
<Service Name="SPSAlert" StartupMode="Disabled" />
<Service Name="SPSAdmin" StartupMode="Disabled" />
<Service Name="SharePointPSSearch" StartupMode="Disabled" />
<Service Name="SSOSrv" StartupMode="Disabled" />
<Service Name="MSSQL$SHAREPOINTPORTAL" StartupMode="Disabled" />
<Service Name="SQLAgent$SHAREPOINTPORTAL" StartupMode="Disabled" />
<Service Name="MSSQLSERVER" StartupMode="Disabled" />
<Service Name="MSSQLServerADHelper" StartupMode="Disabled" />
<Service Name="SQLSERVERAGENT" StartupMode="Disabled" />
<Service Name="MSSQLServerOLAPService" StartupMode="Disabled" />
<Service Name="ReportServer" StartupMode="Disabled" />
<Service Name="SPTimer" StartupMode="Disabled" />
<Service Name="MSSQL$SHAREPOINT" StartupMode="Disabled" />
<Service Name="SQLAgent$SHAREPOINT" StartupMode="Disabled" />
<Service Name="SrmSvc" StartupMode="Disabled" />
<Service Name="SrmReports" StartupMode="Disabled" />
<Service Name="IFSSVC" StartupMode="Disabled" />
<Service Name="WECSVC" StartupMode="Disabled" />
<Service Name="WinRM" StartupMode="Disabled" />
<Service Name="zzSUA" StartupMode="Disabled" />
<Service Name="SSNIS" StartupMode="Disabled" />
<Service Name="mapsvc" StartupMode="Disabled" />
<Service Name="nfssvc" StartupMode="Disabled" />
<Service Name="Client for NFS" StartupMode="Disabled" />
<Service Name="DFSR" StartupMode="Disabled" />
<Service Name="6to4" StartupMode="Disabled" />
<Service Name="AeLookupSVC" StartupMode="Disabled" />
<Service Name="aspnet_state" StartupMode="Manual" />
<Service Name="AdtAgent" StartupMode="Disabled" />
<Service Name="ADTServer" StartupMode="Disabled" />
<Service Name="Alerter" StartupMode="Disabled" />
<Service Name="ALG" StartupMode="Disabled" />
<Service Name="AppMgmt" StartupMode="Disabled" />
<Service Name="AppMgr" StartupMode="Disabled" />
<Service Name="AudioSrv" StartupMode="Disabled" />
<Service Name="browser" StartupMode="Disabled" />
<Service Name="BINLSVC" StartupMode="Disabled" />
<Service Name="BITS" StartupMode="Automatic" />
<Service Name="CertSvc" StartupMode="Disabled" />
<Service Name="cisvc" StartupMode="Disabled" />
<Service Name="ClipSrv" StartupMode="Disabled" />
<Service Name="ClusSvc" StartupMode="Disabled" />
<Service Name="COMSysApp" StartupMode="Manual" />
<Service Name="CryptSvc" StartupMode="Automatic" />
<Service Name="DcomLaunch" StartupMode="Automatic" />
<Service Name="DFS" StartupMode="Disabled" />
<Service Name="DHCP" StartupMode="Automatic" />
<Service Name="DHCPServer" StartupMode="Disabled" />
<Service Name="dmadmin" StartupMode="Manual" />
<Service Name="dmserver" StartupMode="Automatic" />
<Service Name="DNS" StartupMode="Disabled" />
<Service Name="DNSCache" StartupMode="Automatic" />
<Service Name="elementmgr" StartupMode="Disabled" />
<Service Name="ERSvc" StartupMode="Disabled" />
<Service Name="EventLog" StartupMode="Automatic" />
<Service Name="EventSystem" StartupMode="Automatic" />
<Service Name="Fax" StartupMode="Disabled" />
<Service Name="FPNW" StartupMode="Disabled" />
<Service Name="Groveler" StartupMode="Disabled" />
<Service Name="HelpSvc" StartupMode="Disabled" />
<Service Name="HidServ" StartupMode="Disabled" />
<Service Name="HTTPFilter" StartupMode="Manual" />
<Service Name="IAS" StartupMode="Disabled" />
<Service Name="IASJet" StartupMode="Disabled" />
<Service Name="IISAdmin" StartupMode="Automatic" />
<Service Name="ImapiService" StartupMode="Disabled" />
<Service Name="IRMon" StartupMode="Disabled" />
<Service Name="IsmServ" StartupMode="Disabled" />
<Service Name="kdc" StartupMode="Disabled" />
<Service Name="lanmanserver" StartupMode="Automatic" />
<Service Name="lanmanworkstation" StartupMode="Automatic" />
<Service Name="LicenseService" StartupMode="Disabled" />
<Service Name="lmhosts" StartupMode="Automatic" />
<Service Name="LPDSVC" StartupMode="Disabled" />
<Service Name="MacPrint" StartupMode="Disabled" />
<Service Name="MacFile" StartupMode="Disabled" />
<Service Name="Messenger" StartupMode="Disabled" />
<Service Name="mnmsrvc" StartupMode="Disabled" />
<Service Name="MSDTC" StartupMode="Automatic" />
<Service Name="MSMQ" StartupMode="Disabled" />
<Service Name="MSMQTriggers" StartupMode="Disabled" />
<Service Name="MSSEARCH" StartupMode="Disabled" />
<Service Name="MSSQL$UDDI" StartupMode="Disabled" />
<Service Name="MQDS" StartupMode="Disabled" />
<Service Name="MSFTPSVC" StartupMode="Automatic" />
<Service Name="MSIServer" StartupMode="Manual" />
<Service Name="NetDDE" StartupMode="Disabled" />
<Service Name="NetDDEDSDM" StartupMode="Disabled" />
<Service Name="netlogon" StartupMode="Disabled" />
<Service Name="Netman" StartupMode="Manual" />
<Service Name="NLA" StartupMode="Disabled" />
<Service Name="NNTPSVC" StartupMode="Disabled" />
<Service Name="NTfrs" StartupMode="Disabled" />
<Service Name="NtLmSSP" StartupMode="Manual" />
<Service Name="NtmsSvc" StartupMode="Manual" />
<Service Name="NWCWorkstation" StartupMode="Disabled" />
<Service Name="NwSapAgent" StartupMode="Disabled" />
<Service Name="POP3SVC" StartupMode="Disabled" />
<Service Name="PolicyAgent" StartupMode="Disabled" />
<Service Name="PlugPlay" StartupMode="Automatic" />
<Service Name="ProtectedStorage" StartupMode="Automatic" />
<Service Name="RasAuto" StartupMode="Disabled" />
<Service Name="RasMan" StartupMode="Disabled" />
<Service Name="RDSessMgr" StartupMode="Disabled" />
<Service Name="RemoteAccess" StartupMode="Disabled" />
<Service Name="RemoteRegistry" StartupMode="Automatic" />
<Service Name="Remote_Storage_Server" StartupMode="Disabled" />
<Service Name="Remote_Storage_User_Link" StartupMode="Disabled" />
<Service Name="RPCLocator" StartupMode="Disabled" />
<Service Name="RPCSs" StartupMode="Automatic" />
<Service Name="RSVP" StartupMode="Disabled" />
<Service Name="RSoPProv" StartupMode="Disabled" />
<Service Name="RQS" StartupMode="Disabled" />
<Service Name="sacsvr" StartupMode="Disabled" />
<Service Name="SamSs" StartupMode="Automatic" />
<Service Name="SCardSvr" StartupMode="Manual" />
<Service Name="Schedule" StartupMode="Disabled" />
<Service Name="seclogon" StartupMode="Automatic" />
<Service Name="SENS" StartupMode="Automatic" />
<Service Name="ShellHWDetection" StartupMode="Automatic" />
<Service Name="SharedAccess" StartupMode="Disabled" />
<Service Name="SimpTcp" StartupMode="Disabled" />
<Service Name="SMTPSVC" StartupMode="Automatic" />
<Service Name="SNMP" StartupMode="Disabled" />
<Service Name="SNMPTRAP" StartupMode="Disabled" />
<Service Name="Spooler" StartupMode="Disabled" />
<Service Name="SQLAgent$UDDI" StartupMode="Disabled" />
<Service Name="srvcsurg" StartupMode="Disabled" />
<Service Name="stisvc" StartupMode="Disabled" />
<Service Name="SwPrv" StartupMode="Manual" />
<Service Name="SysmonLog" StartupMode="Automatic" />
<Service Name="TAPISrv" StartupMode="Disabled" />
<Service Name="TermService" StartupMode="Manual" />
<Service Name="TermServLicensing" StartupMode="Disabled" />
<Service Name="TFTPD" StartupMode="Disabled" />
<Service Name="Themes" StartupMode="Disabled" />
<Service Name="TlntSvr" StartupMode="Disabled" />
<Service Name="Trksvr" StartupMode="Disabled" />
<Service Name="TrkWks" StartupMode="Disabled" />
<Service Name="Tssdis" StartupMode="Disabled" />
<Service Name="UPS" StartupMode="Disabled" />
<Service Name="UMWdf" StartupMode="Manual" />
<Service Name="VDS" StartupMode="Manual" />
<Service Name="VSS" StartupMode="Manual" />
<Service Name="W3SVC" StartupMode="Automatic" />
<Service Name="W32Time" StartupMode="Automatic" />
<Service Name="WebClient" StartupMode="Disabled" />
<Service Name="WindowsSystemResourceManager" StartupMode="Disabled" />
<Service Name="WinHTTPAutoProxySvc" StartupMode="Disabled" />
<Service Name="WinMgmt" StartupMode="Automatic" />
<Service Name="WINS" StartupMode="Disabled" />
<Service Name="WmdmPmSN" StartupMode="Disabled" />
<Service Name="wmi" StartupMode="Disabled" />
<Service Name="WmiApSrv" StartupMode="Manual" />
<Service Name="WMServer" StartupMode="Disabled" />
<Service Name="wuauserv" StartupMode="Automatic" />
<Service Name="WZCSVC" StartupMode="Disabled" />
<Service Name="xmlprov" StartupMode="Disabled" />
<Service Name="clr_optimization_v2.0.50727_32" StartupMode="Manual" />
<Service Name="*" StartupMode="Disabled" />
</Parameter>
</Parameters>
</Rule>
<Rule Name="Microsoft.OS.Registry.Values" Version="1.0">
<Parameters>
<Parameter Order="1">
<Value>
<Hive>HKEY_LOCAL_MACHINE</Hive>
<Key>SYSTEM\CurrentControlSet\Services\lanmanserver\parameters</Key>
<Name>requiresecuritysignature</Name>
<Type>REG_DWORD</Type>
<Data>0</Data>
</Value>
<Value>
<Hive>HKEY_LOCAL_MACHINE</Hive>
<Key>SYSTEM\CurrentControlSet\Control\Lsa</Key>
<Name>lmcompatibilitylevel</Name>
<Type>REG_DWORD</Type>
<Data>2</Data>
</Value>
<Value>
<Hive>HKEY_LOCAL_MACHINE</Hive>
<Key>System\CurrentControlSet\Services\LanmanServer\parameters</Key>
<Name>pipefirewallactive</Name>
<Type>REG_DWORD</Type>
<Data>0</Data>
</Value>
</Parameter>
</Parameters>
</Rule>
<Rule Name="Microsoft.OS.Audit" Version="1.0">
<Parameters>
<Parameter Order="1">
<Event Type="System" Success="False" Failure="False" />
<Event Type="Logon" Success="False" Failure="False" />
<Event Type="ObjectAccess" Success="False" Failure="False" />
<Event Type="PrivilegeUse" Success="False" Failure="False" />
<Event Type="PolicyChange" Success="False" Failure="False" />
<Event Type="AccountManagement" Success="False" Failure="False" />
<Event Type="DetailedTracking" Success="False" Failure="False" />
<Event Type="DirectoryServiceAccess" Success="False" Failure="False" />
<Event Type="AccountLogon" Success="False" Failure="False" />
</Parameter>
</Parameters>
</Rule>
<Rule Name="Microsoft.OS.IIS.RequiredLegacyVDirs" Version="1.0">
<Parameters>
<Parameter Order="1">
<Version Number="1.1.1.1" GeneratedBy="scw.exe" BinaryVersion="5.2.3790.1830 [5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]" />
<Del_Metadata>
<METADATA_NODE>
<METADATA_KEY SPECIALFLAGS="1">/LM/W3SVC/1/Root/IISAdmin</METADATA_KEY>
</METADATA_NODE>
</Del_Metadata>
<Del_Metadata>
<METADATA_NODE>
<METADATA_KEY SPECIALFLAGS="1">/LM/W3SVC/1/Root/IISHelp</METADATA_KEY>
</METADATA_NODE>
</Del_Metadata>
<Del_Metadata>
<METADATA_NODE>
<METADATA_KEY SPECIALFLAGS="1">/LM/W3SVC/1/Root/IISSamples</METADATA_KEY>
</METADATA_NODE>
</Del_Metadata>
<Del_Metadata>
<METADATA_NODE>
<METADATA_KEY SPECIALFLAGS="1">/LM/W3SVC/1/Root/MSADC</METADATA_KEY>
</METADATA_NODE>
</Del_Metadata>
<Del_Metadata>
<METADATA_NODE>
<METADATA_KEY SPECIALFLAGS="1">/LM/W3SVC/1/Root/Scripts</METADATA_KEY>
</METADATA_NODE>
</Del_Metadata>
<Secure_All_VDir_Content_Dirs>FALSE</Secure_All_VDir_Content_Dirs>
</Parameter>
</Parameters>
</Rule>
<Rule Name="Microsoft.OS.IIS.WebServiceExtensions" Version="1.0">
<Parameters>
<Parameter Order="1">
<Version Number="1.1.1.1" GeneratedBy="scw.exe" BinaryVersion="5.2.3790.1830 [5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]" />
<Change_If_Exist_Extension>
<WEB_EXTENSION_LIST>
<WEB_EXTENSION_ITEM>
<GROUP_ID>ASP.NET v1.1.4322</GROUP_ID>
<STATUS>ALLOWED</STATUS>
</WEB_EXTENSION_ITEM>
<WEB_EXTENSION_ITEM>
<GROUP_ID>ASP.NET v2.0.50727</GROUP_ID>
<STATUS>ALLOWED</STATUS>
</WEB_EXTENSION_ITEM>
<WEB_EXTENSION_ITEM>
<GROUP_ID>ASP</GROUP_ID>
<STATUS>ALLOWED</STATUS>
</WEB_EXTENSION_ITEM>
<WEB_EXTENSION_ITEM>
<GROUP_ID>HTTPODBC</GROUP_ID>
<STATUS>PROHIBITED</STATUS>
</WEB_EXTENSION_ITEM>
<WEB_EXTENSION_ITEM>
<GROUP_ID>SSINC</GROUP_ID>
<STATUS>PROHIBITED</STATUS>
</WEB_EXTENSION_ITEM>
<WEB_EXTENSION_ITEM>
<GROUP_ID>WEBDAV</GROUP_ID>
<STATUS>PROHIBITED</STATUS>
</WEB_EXTENSION_ITEM>
</WEB_EXTENSION_LIST>
</Change_If_Exist_Extension>
<Prohibit_All_Others>FALSE</Prohibit_All_Others>
</Parameter>
</Parameters>
</Rule>
</Rules>
<PolicyAuthoringData>
<Extension ID="{53F6F305-1C1A-4768-A255-81F6145BE09F}" Name="SCW">
<PrototypeMachine Name="IS-CSCVE1KANOH2" />
<Selection>
<Roles>
<Role>
<Name>ApplicationServer</Name>
</Role>
<Role>
<Name>ASPNetState</Name>
</Role>
<Role>
<Name>File</Name>
</Role>
<Role>
<Name>FTPServer</Name>
</Role>
<Role>
<Name>MiddleTier</Name>
</Role>
<Role>
<Name>SMTP</Name>
</Role>
<Role>
<Name>Web</Name>
</Role>
<Role>
<Name>AutoUpdate</Name>
</Role>
<Role>
<Name>DHCPClient</Name>
</Role>
<Role>
<Name>DNSClient</Name>
</Role>
<Role>
<Name>DynamicDNS</Name>
</Role>
<Role>
<Name>MSClient</Name>
</Role>
</Roles>
<Tasks>
<Task>
<Name>BackupHardware</Name>
</Task>
<Task>
<Name>Backup</Name>
</Task>
<Task>
<Name>Install</Name>
</Task>
<Task>
<Name>PerfMonCollector</Name>
</Task>
<Task>
<Name>RemoteWindowsAdministration</Name>
</Task>
<Task>
<Name>TimeSync</Name>
</Task>
<Task>
<Name>Timewarp</Name>
</Task>
<Task>
<Name>TSRDA</Name>
</Task>
<Task>
<Name>WUDF</Name>
</Task>
</Tasks>
<Unknown>
<Services>
<Service>
<Name>clr_optimization_v2.0.50727_32</Name>
</Service>
</Services>
</Unknown>
</Selection>
<UnspecifiedService CheckBox="True" />
<Unselection>
<Tasks>
<Task>
<Name>ICF</Name>
</Task>
</Tasks>
</Unselection>
<UncheckPorts>
<Port Name="FTPDataPASV" />
<Port Name="clr_optimization_v2.0.50727_32" />
</UncheckPorts>
<UserAddedPorts />
<OptionalPorts />
<RegistryPageCheckBox>
<SMBPage CheckBox="0" />
<LDAPage CheckBox="-1" />
<OutboundPage CheckBox="3" />
<OutboundDomainPage CheckBox="1" />
<OutboundLocalPage CheckBox="1" />
<InboundPage CheckBox="-1" />
</RegistryPageCheckBox>
<DefaultAuditTemplate CheckBox="False" />
</Extension>
</PolicyAuthoringData>
</SecurityPolicy>