Team Foundation Server setup experiences…

During the last couple of days, I've been busy completing an installation of Team Foundation Server on a fresh Windows 2003 Enterprise Edition install and make it accessible through the internet. While doing so, I ran into a few challanges for which I though they might be useful to remember the next time you try something similar. 

• Before you start doing anything, make sure you download the most recent versions of the installation and the administration guides!
• While going through the pages and pages of the installation guide, you'll eventually end up at the SQL Server 2005 setup wizard. I have already installed SQL Server a few times in my life, but I never bothered digging in the mysteries behind those collation settings. Unfortunately, accepting the default settings did not make TFS very happy. After searching through several articles and newsgroup discussions, I finally discovered that choosing Latin1_General with Accent Sensitive is the best option.
• After installing Service Pack 1, I started receiving TD30059 errors while connecting to the TFS server. Fortunately, ThinkTecture's Neno Loje already discovered this little flaw in the sp1 installation and found a solution. 
• A very well known issue when accessing TFS from outside the domain realm, is that the Documents and Reports appear in the Team Explorer with a red cross. Usually this is caused by the fact that the corresponding URLs include the NETBIOS name of the server instead of the fully qualified domain name. You can fix that using the following article.
• By default, TFS uses port 80 (or 443 if you use SSL) for the Windows Sharepoint Services website and the SQL Server Reporting Services, and it uses port 8080 (8081) for the TFS web services. Although we do want to allow access to our TFS server from the Internet, we prefer not to open up port 8080 or 8081. So with the help of this article and the administration guide, I've tried to assign two different DNS names both using port 80. However, whatever I tried, I could not get that scenario to work. I've been Googling my ..ss off, but none helped me with that problem. Officially, Microsoft does not support this scenario until the next installment of TFS (part of codename "Orcas").
• One of the pains of administering a TFS installation is that adding/removing groups and users involves making subtle changes to TFS, Windows Sharepoint Services and SQL Reporting Services. Some of that pain can be resolved with cleverly chosen AD groups, but nothing can compare with the ease introduced by the newest Visual Studio PowerToy: the TFS Administration Tool. Simple assign a TFS role to a (newly added) user and changes are applied to all three platforms. The only requirements is that the system from which you are making changes is part of the same domain as the TFS installation.
• In pre-service pack 1 versions of TFS, the only way to allow access to your TFS installation from the internet is to allow Windows Authentication through your firewall. Since sp1, TFS also supports basic and digest authentication. Well, basic authentication combined with SSL works like a charm! Check the latest version of the administration guide to find out how to get things configured correctly.