Yesterday I upgraded our production 2012.2 TFS server to update 3. All seemed to go OK and it completed with no errors, it was so much easier now that the update supports the use of SQL 2012 Availability Groups within the update process, no need to remove the DBs from the availability group prior to the update.
However, though there were no errors it did reported a warning, and on a quick check users could not connects to the upgraded server on our usually https URL.
On checking the update log I saw
[Warning@09:06:13.578] TF401145: The Team Foundation Server web application was previously configured with one or more bindings that have ports that are currently unavailable. See the log for detailed information.
[Info @09:06:13.578]
[Info @09:06:13.578] +-+-+-+-+-| The following previously configured ports are not currently available… |+-+-+-+-+-
[Info @09:06:13.584]
[Info @09:06:13.584] 1 - Protocol : https
[Info @09:06:13.584] - Host : tfs.blackmarble.co.uk
[Info @09:06:13.584] - Port : 443
[Info @09:06:13.584] port: 443
[Info @09:06:13.585] authMode: Windows
[Info @09:06:13.585] authenticationProvider: Ntlm
The issue appears if you use host headers, as we do for our HTTPS bindings. The TFS configuration tool does not understand these, so sees more than one binding in our case on 443 (our TFS server VM also hosts as a nuget server on https 443, we use host headers to separate the traffic) . As the tool does not know what to do with host headers, it just deletes the bindings it does no understand.
Anyway the fix was to manually reconfigured the HTTPS bindings in IIS and all was OK.
On checking with Microsoft it seems this is a know issue, and on their radar to sort out in future.