{"id":2123,"date":"2013-12-12T00:21:28","date_gmt":"2013-12-12T00:21:28","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/visualstudioalm\/2013\/12\/12\/configuring-release-management-to-work-across-untrusted-domains\/"},"modified":"2022-07-18T06:25:54","modified_gmt":"2022-07-18T14:25:54","slug":"configuring-release-management-to-work-across-untrusted-domains","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/configuring-release-management-to-work-across-untrusted-domains\/","title":{"rendered":"Configuring Release Management to work across untrusted domains"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <span lang=\"EN\"><font face=\"Segoe UI\"><\/font><font color=\"#333333\" size=\"2\">There are times when you will want Release Management (RM) to interact with machines that are not part of the same domain. This post details the steps required to configure RM to work across untrusted domains.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0<\/font><\/span>\n<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <b><span><font face=\"Segoe UI\"><\/font><font style=\"font-size: 14pt\"> <br \/>Configuring the Microsoft Deployment Agent<\/font><\/span><\/b><span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0<\/font><\/span>\n<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <span lang=\"EN\"><font face=\"Segoe UI\"><\/font><font style=\"font-size: 9.5pt\" color=\"#333333\"> <br \/><\/font><font size=\"2\">Follow these steps to configure the Release Management Server and the Deployment Agent on machines that run in different domains that do not have a two-way trust relationship.<\/font><\/span><span><font size=\"2\" face=\"Times New Roman\">\u00a0<\/font><\/span>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">1.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">On each computer where you will install the RM Server or Deployment Agent, create a local user account that is a member of the <b>Administrators<\/b> group. Use the same account and password on each machine (i.e. Shadow Account). <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">2.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Add the RM Server\u2019s Shadow Account to RM and grant both \u201cService User\u201d and \u201cRelease Manager\u201d permissions. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">3.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Add the Deployment Agent\u2019s Shadow Account to RM and grant \u201cService User\u201d permission. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">4.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Use the Shadow Account as the service account when you install and configure the Deployment Agent. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <span><font face=\"Times New Roman\">\u00a0<\/font><\/span>\n<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <font size=\"2\"><b><span><font face=\"Segoe UI\">Note:<\/font><\/span><\/b><b><span><font face=\"Times New Roman\"> <\/font><\/span><\/b><span><font color=\"#404040\" face=\"Segoe UI\">When you add the local accounts to Release Management, include the name of the local machine where the account resides. <\/font><\/span><\/font>\n<\/p>\n<blockquote>\n<\/blockquote>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n>   <span><font color=\"#404040\" size=\"2\" face=\"Segoe UI\">For example, add the user account as <Release Management Server machine name><username> or <Deployment Server machine name<username><\/font><\/span><span><font face=\"Times New Roman\">\u00a0<\/font><\/span><span><\/span>\n> <\/p>\n<p>**<span><font face=\"Segoe UI\"><\/font><font style=\"font-size: 14pt\"><\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">Configuring the Release Management Client for Visual Studio 2013\n<\/p>\n<p><\/font><\/span><\/p>\n<p><span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0<\/font><\/span>**<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <span lang=\"EN\"><font face=\"Segoe UI\"><\/font><font color=\"#333333\" size=\"2\">In the case where it is your Release Management Client application is running in a different domain than where the Release Management Server is installed, configuring a Windows Credential in the Credential Manager of the client machine will enable the authentication to happen successfully.<\/font><\/span><span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0 <\/p>\n<p><\/font><\/span>\n<\/p>\n<p class=\"MsoNormal\" style=\"margin: 0in 0in 8pt;line-height: 12pt\">\n  <span><span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><\/span><a><span><span><\/span><\/span><\/a><a href=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2013\/12\/0458.clip_image0016_thumb_669E9FEC.png\"><img decoding=\"async\" title=\"clip_image001[6]\" style=\"border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px\" border=\"0\" alt=\"clip_image001[6]\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2013\/12\/0458.clip_image0016_thumb_669E9FEC.png\" width=\"586\" height=\"240\" \/><\/a> <\/p>\n<p><span><\/span>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 0.55in;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">1.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Open the Credential Manager on a client machine. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 0.55in;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">2.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Click on Add a Windows credential. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 0.55in;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">3.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><\/font><span><font face=\"Segoe UI\"><\/font><font size=\"2\">Enter the necessary information.<\/font> <\/span><span><\/span>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <span><span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><\/span><a><span><span><\/span><\/span><\/a><a href=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2013\/12\/8204.clip_image00210_thumb_555059B8.png\"><img decoding=\"async\" title=\"clip_image002[10]\" style=\"border-left-width: 0px;border-right-width: 0px;border-bottom-width: 0px;padding-top: 0px;padding-left: 0px;padding-right: 0px;border-top-width: 0px\" border=\"0\" alt=\"clip_image002[10]\" src=\"https:\/\/devblogs.microsoft.com\/devops\/wp-content\/uploads\/sites\/6\/2013\/12\/8204.clip_image00210_thumb_555059B8.png\" width=\"595\" height=\"199\" \/><\/a> <\/p>\n<p><span><\/span>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 39.75pt;line-height: normal;text-indent: -0.25in\">\n  <span><font face=\"Times New Roman\"><\/font><font style=\"font-size: 12pt\">\u00a0<\/font><\/span>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 0.55in;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">5.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><span><font face=\"Segoe UI\">Open the Release Management Client and it will now open correctly. <\/font><\/span><span><\/span><\/font>\n<\/p>\n<p class=\"MsoNormalCxSpMiddle\" style=\"margin-left: 0.55in;line-height: normal;text-indent: -0.25in\">\n  <font size=\"2\"><span><font face=\"Segoe UI\">6.<\/font><\/span><span><font face=\"Times New Roman\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/font><\/span><\/font><span><font face=\"Segoe UI\"><\/font><font size=\"2\">These steps will need to be repeated for each client machine that needs access to Release Management.<\/font> <\/span><span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are times when you will want Release Management (RM) to interact with machines that are not part of the same domain. This post details the steps required to configure RM to work across untrusted domains.\u00a0 Configuring the Microsoft Deployment Agent\u00a0 Follow these steps to configure the Release Management Server and the Deployment Agent on [&hellip;]<\/p>\n","protected":false},"author":62,"featured_media":45953,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[226,1],"tags":[],"class_list":["post-2123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ci","category-devops"],"acf":[],"blog_post_summary":"<p>There are times when you will want Release Management (RM) to interact with machines that are not part of the same domain. This post details the steps required to configure RM to work across untrusted domains.\u00a0 Configuring the Microsoft Deployment Agent\u00a0 Follow these steps to configure the Release Management Server and the Deployment Agent on [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/2123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=2123"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/2123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/45953"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=2123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=2123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=2123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}