SharePoint 2010 & TFS 2010 Integration

Be careful when changing web application authentication methods. Upon switching to Kerberos we had several issues crop up on our TFS web app. For example, we had disabled anonymous access in CA, however, this doesn’t alway propogate to IIS. So, it was manually disabled. Upon switching authentication providers, it reset the Anonymous to enabled causing the creation of project portals to fail. In addition, depending on how many AD groups a user is included in, Domains etc, the header for hte kerb ticket can be so large that you get 400 errors. Kerberos, rather than session based, is currently authenticating each object on the page, actually adding more overhead. There’s a fix for the size of the header by adding a reg key, but my advice, switch back to NTLM if you can and lose the headache!