gittfsgit-tfstls1.0

(git tfs fetch) TF400324: Team Foundation services are not available, The underlying connection was closed

I've been using git-tfs for almost 5 years, and then one day I got the following error when running git tfs fetch:

TF400324: Team Foundation services are not available from server https://tfs.company.com/tfs/foo.
Technical information (for administrator):
  The underlying connection was closed: An unexpected error occurred on a send.
The underlying connection was closed: An unexpected error occurred on a send.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host

I even opened Fiddler to see what was going on, and literally the TFS server disconnected the socket when my laptop attempted to connect.

After talking with one of our server admins I discovered that support for TLS 1.0 had been disabled on our TFS servers, and I think I've got my smoking gun. I think my laptop is attempting to connect to our servers using TLS 1.0, which of course causes the server to close the socket.

How can I change the version of TLS that git tfs uses when connecting to Team Foundation Services?

Solution

  • I figured it out, and as I suspected disabling TLS 1.0 on the Team Foundation Servers was the root of the problem. After googling git tfs tls 1.0 I stumbled across Enabling strong cryptography for all .Net applications, which led me to the fix. You need to enable strong encryption for .NET applications (duh, it says so in the title).

    1. Open up a PowerShell command prompt, running it with elevated privileges

    2. Run the following command for 64 bit applications:

      # set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    3. Run this command for 32 bit applications

      # set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

    4. Reboot.

    Now my machine is happily pulling down a hundred or so check-ins from TFS.