0

We use Visual Studio for development and Team Foundation Server for source control.

I save my Active Directory account credentials in publish profiles of my web application projects.

Could this be the reason why my AD account keeps getting locked? For instance maybe VS or TFS are trying to communicate using saved credentials? Has anyone faced this issue?

EDIT 1: We use ADFS for SSO. All TFS as well as publish profile authentication goes through ADFS. ADFS logs show something tries my account with bad password 10 times in 5 minutes or once every 30 seconds. Does that sound about right for Team Explorer within Visual Studio? Does that sound right for publish profile within Visual Studio? Only VS team can tell I guess?

joym8
  • 4,014
  • 3
  • 50
  • 93
  • Yes it can, if is is caching an old password. Seen this problem with many different types of development tools which cache credentials. – T-Heron Mar 08 '21 at 01:30
  • Could you elaborate "AD account keeps getting locked"? If you close all VS instances on your client and build server machines, will the AD account get unlocked? – Cece Dong - MSFT Mar 08 '21 at 07:54
  • How's your issue going? If you close all VS instances on your client and build server machines, will the AD account get unlocked? – Cece Dong - MSFT Mar 11 '21 at 09:36
  • Thanks for checking. Issue is not resolved. I have not tried your recommendation yet. Reading through this SO post https://stackoverflow.com/questions/12685111/error-tf30063-you-are-not-authorized-to-access-defaultcollection – joym8 Mar 11 '21 at 15:12
  • @joym8 Does that post help you? – Cece Dong - MSFT Mar 12 '21 at 10:02
  • @CeceDong-MSFT That post helped me for a different error. My AD password was autoexpiring in few days. TFS was prompting me to reenter my credentials. When I entered current credentials, it said I am not authorized to view my solutions. I could use VS, but could not checkin/checkout code. After changing my AD password, and updating credentials in Windows Credentials Manager (using that SO post), TFS error went away. Not sure if this will help with AD account lockout issue also. I will give it a few days to see if my account gets locked again . If not, that was it! – joym8 Mar 12 '21 at 15:02
  • Looking forward to your update. – Cece Dong - MSFT Mar 15 '21 at 10:07
  • AD account again locked today. I have noticed it only gets locked when I VPN to work from home, not while I'm physically present in office and using office desktop. I checked credentials manager on my work laptop that I use at home. And sure enough it also had my credentials for domain account from work stored under Credentials Manager > Windows Credentials. Earlier I had updated these credentials from office desktop only. The creds stored on laptop could be the root cause. – joym8 Mar 18 '21 at 02:18
  • My account is again locked after unlocking about 30 minutes ago. So no, cached credentials in Credentials Manager on work laptop was not the root cause. It's really puzzling what could be causing this. – joym8 Mar 18 '21 at 02:53
  • Did you connect to DevOps on your laptop? You could try to 1. Close all Visual Studio instances, delete %LOCALAPPDATA%\.IdentityService. 2. Clear TFS caches %LOCALAPPDATA%\Microsoft\Team Foundation\x.0\Cache. – Cece Dong - MSFT Mar 18 '21 at 09:56
  • Yes my laptop is one of the repositories. It has happened after restarts - both office PC and work laptop, meaning VS instances were closed. – joym8 Mar 19 '21 at 18:40
  • @joym8 Do you mean even close VS instances, you still have this issue? Have you tried clearing the cache I mentioned above? – Cece Dong - MSFT Mar 23 '21 at 09:56

0 Answers0