TFS 2017 error adding member to Project Collection Service Accounts with tfssecurity

4
votes

I'm using TFS 2017 and trying to add a member to Project Collection Service Accounts with the tfssecurity utility as follows:

tfssecurity /server:"<https://myserverurl>" /m "[MyCollection]\Project Collection Service Accounts" "mydomains\myaccount"

I'm getting this error:

Error: TF50621: The Team Foundation group that you wish to manage is not owned by service host TEAM FOUNDATION, it is owned by . Please target your request at the correct host.

Any ideas? I'm trying to add the service account that my build agents services are using.

The reason I'm trying to do this is that my agent shows idle but it not picking up queued jobs. This is a new deployment of TFS2017 and I'm doing the initial configuration of the server/agents/etc.

2
tfstfs-2017
I've done the initial configuration of build/release agents a number of times and never needed to do this. Usually adding my "TFSBuild" account to the correct security groups in the Web UI is enough to allow me to install them as a service. Is this the right question to ask, or would a question about how to setup agents be more appropriate?DaveShaw
I'm not sure @DaveShaw, I did configure the agent but it is not picking up the jobs. I had read that adding the service account to that group might fix that issue. I installed the agent as a service without any errors from the powershell prompt. I got messages back that suggested the agent was configured: Scanning tool for capabilities. Connecting to the server. Successfully added the agent. Testing agent connection. <nothing else after that>user7619310

2 Answers

1
votes

Apparently, you can't add users to the "Project Collection Services Accounts" group as currently specified in the docs for VSTS Sync Migrator. Instead you need to add your Migrator account to the "Team Foundation Services Accounts" group. Try using this command: 

tfssecurity /g+ "Team Foundation Service Accounts" n:<domain\account> /server:http://<tfs-server-uri>

For me, it looked like this:

tfssecurity /g+ "Team Foundation Service Accounts" n:TFSSetup /server:http://tfs-server:8080/tfs
0
votes

Actually, you can add users to individual TFS Collection Service Accounts by using this command instead:

tfssecurity /g+ "Project Collection Service Accounts" n:domain\user /collection:http://servername:8080/tfs/collectionname.

You don't have put the user in the Team Foundation Service Accounts group, so it's inherited if you don't want to.

I found the answer here.