Unable to connect to TFS server 2017 from Jenkins

[CC]

Hi,

We have been facing an issue connecting to TFS  from Jenkins after we upgraded to TFS 2017. The new TFS server has https installed. When we try to connect to TFS from Jenkins using https://wiki.jenkins.io/display/JENKINS/Team+Foundation+Server+Plugin it fails ( connection resets)

We tried to debug the issue using Wireshark and it seems like SNI information is missing when Jenkins makes a request to TFS server and hence server is rejecting the connection.

Could you please help me in identifying how can Jenkins send SNI information? When I looked online few people faced similar issue with regards to maven-release-plugin ( eg.https://issues.jenkins-ci.org/browse/JENKINS-38738) . 

We are not using maven-release-plugin for this job though.

Could it be possible that TFS plugin has a bug?

Do I have to upgrade Jenkins to https so that it will send SNI (Server Name Indication) information ?

Thanks

CC

[Andreas Lunderhage]

I had the exact same problem.

My problem was that there was no default certificate set on the TFS host in case no SNI name was sent in the TLS handshake. Adding the same cert to "All Unassigned" IP-addresses for port 443 as for the hostname of the cert for the port binding solved the problem.

[CC]

Thank you so much for your reply.

Could you please elaborate more on how did you add cert to "All Unassigned" IP-addresses?

[CC]

I checked and we do have "All Unassigned" setting for port 443. However, we do have Require Server Name Indication checkbox checked. Our IT department is hesitant to remove that check.

so is this is bug in TFS plugin? I am trying to understand the issue so that I can convince IT department.

Thank you!