Configuring Release Management to work across untrusted domains

Roopesh Nair

There are times when you will want Release Management (RM) to interact with machines that are not part of the same domain. This post details the steps required to configure RM to work across untrusted domains. 

Configuring the Microsoft Deployment Agent

Follow these steps to configure the Release Management Server and the Deployment Agent on machines that run in different domains that do not have a two-way trust relationship.

1.       On each computer where you will install the RM Server or Deployment Agent, create a local user account that is a member of the Administrators group. Use the same account and password on each machine (i.e. Shadow Account).

2.       Add the RM Server’s Shadow Account to RM and grant both “Service User” and “Release Manager” permissions.

3.       Add the Deployment Agent’s Shadow Account to RM and grant “Service User” permission.

4.       Use the Shadow Account as the service account when you install and configure the Deployment Agent.


Note: When you add the local accounts to Release Management, include the name of the local machine where the account resides.

> For example, add the user account as or   >


Configuring the Release Management Client for Visual Studio 2013


In the case where it is your Release Management Client application is running in a different domain than where the Release Management Server is installed, configuring a Windows Credential in the Credential Manager of the client machine will enable the authentication to happen successfully. 


1.       Open the Credential Manager on a client machine.

2.       Click on Add a Windows credential.

3.       Enter the necessary information.



5.       Open the Release Management Client and it will now open correctly.

6.       These steps will need to be repeated for each client machine that needs access to Release Management.


Discussion is closed.

Feedback usabilla icon