locked
Configure MS deploy Agent to work across untrusted domains RRS feed

  • Question

  • Hi,

    I was trying to configure RM to work across domains by going through the below link

    http://blogs.msdn.com/b/visualstudioalm/archive/2013/12/12/configuring-release-management-to-work-across-untrusted.aspx

    My Environment : I have RM Server and Client on DomainA and DeployAgent on DomainB and below are the steps I have completed so far

    1. I have created local user Account  DeployAgent which is a Member of Administrator group on both RM Server and Deployment Server(as below).

    2. Added the RM Server’s Shadow Account to RM and grant both “Service User” and “Release Manager” permission(as below)

    3. Add the Deployment Agent’s Shadow Account to RM and grant “Service User” permission.--I'm confused how can I add this to RM client as Step 2 is the same as this step.

    4. Use the Shadow Account as the service account when you install and configure the Deployment Agent.---When I proceed by skipping the step 3 it gives me the below error(as in 1st reply).

    Please let me know how can I achieve step 3 and continue with Configuration. Also do I need to add Windows Credentials on Deployment Server or its not needed in my case (as RM Server and client are on same Server box and same domain), thanks

    Regards,

    Rahman.

    Thursday, February 12, 2015 5:15 AM

Answers

  • Hi Rahman,

    In my environment I actually created 2 local users (ServerUser & DeployUser)

    In Release Management Client added ServerUser as ".\ServiceUser" and gave Release Manager & Service User role

    In Release Management Client added DeployUser as "DeployUser" and gave Service User role

    And in the deployment configuration screen entered "DeployUser"

    I got the same error (The requested name is valid but no data....) like you are experiencing, when I had deployment agent server on different network.

    Like I mentioned in my blog just make sure you are able to access the release management server resources (may be a shared folder) from your deployment server. The deployment server doesn't have to be in the same domain but should be in the same network as release management server. At the end of the blog I have listed various issues I encountered and fix for those problems. 


    Regards, Bharath

    LinkedIn:

    Saturday, February 14, 2015 11:40 PM

All replies

  • Step4 ( Image)
    Thursday, February 12, 2015 5:16 AM
  • I have similar step up and this is what I did

    1. Create RMServer local user on both DomainA\RMServer & DomainB\Client machines. Add the users to administrators group

    2. Create DeployAgent local user on both DomainA\RMServer & DomainB\Client machines. Add the users to administrators group

    3. From Release Management client add .\RMServer account and grant both "Service User" and "Release Manager"permissions (please note on windows account test box don't use machinename\user, just add .\user)

    4. From Release Management client add .\DeployAgent account and grant "Service User"

    5. Install the Deployment Agent on DomainB\Client as DeployAgent user 

    Hope this works for you. 

    note: I don't see a point of creating RMServer shadow account on client machine but in my environment this is how it is and it works. May be at some point I will remove it and see how it works. 


    Regards, Bharath

    LinkedIn:

    Thursday, February 12, 2015 10:38 AM
  • Thanks for the reply Bharath. I planned to have RM server and RM client(using only one client as of now) on same domain A and same server. I have  Deployment Agent  on a different Domain B.

    For me steps 1 and 2 is the single step  as I have RM Server and Client on same box and for Steps 3 and 4---I have added DeployAgent(user account I have used)  to RM client  as RMServerName\DeployAgent with ServiceUser and Release Manager permission.

    Also do I need to add another user account to RM server something like DeployAgentServerName\DeployAgent and grant  Service user permissions.

    Please correct me if I'm missing anything here, thanks

    Regards,

    Rahman.

    Thursday, February 12, 2015 4:30 PM
  • Hi Rahman,

    In my last post when I mentioned the DomianB\Client I meant Deployment server. That said, have you done step 2 from my post

    2. Create DeployAgent local user on both DomainA\RMServer & DomainB\DeploymentAgentServer machines. Add the users to administrators group

    After installing the Deployment agent on your DeploymentAgentServer (using DeployAgent local account created as mentioned above)

    While configuring the deployment agent (On your step 4 Image) in the account enter .\DeployAgent instead of just DeployAgent.



    Regards, Bharath

    LinkedIn:

    Friday, February 13, 2015 12:29 AM
  • Hi Rahman,  

    Thanks for your post.

    Please ensure you created the same shadow account with same password both on your RM Server machine and Deployment Agent machine, please refer to the solution information in this KB: https://support.microsoft.com/kb/2905742?wa=wsignin1.0. 


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, February 13, 2015 10:49 AM
    Moderator
  • Hi Rahman,

    Not sure if you have managed to sort out the issue. I was able to recreate the issue you are experiencing. I have documented the step and solution in the below link. Hope it helps.

    http://bharathsundaresan.com/2015/02/configuring-release-management-deployment-agent-non-domain-server/



    Regards, Bharath

    LinkedIn:

    Friday, February 13, 2015 10:34 PM
  • Thanks Bharath. Total how many user Accounts I need to create?. This is what I did 

    1. One RM server local account(DeployAgent1) on Domain A --added as Admin and same local user Account(DeployAgent1) on deployment server on Domain B (as below).

    2. Added deployAgent1 account to RM client as below

    3. Installed Deployment agent(using Deployagent1 account).

    4. Configured the Deploy Agent as you said (using .\deployAgent1) but still throws me the same error(see image below) . Please let me know, Thanks 

    Friday, February 13, 2015 10:45 PM
  • Friday, February 13, 2015 10:45 PM
  • Cool, I will give it out a try and let you know, thanks
    Friday, February 13, 2015 10:48 PM
  • Hi Rahman,

    In my environment I actually created 2 local users (ServerUser & DeployUser)

    In Release Management Client added ServerUser as ".\ServiceUser" and gave Release Manager & Service User role

    In Release Management Client added DeployUser as "DeployUser" and gave Service User role

    And in the deployment configuration screen entered "DeployUser"

    I got the same error (The requested name is valid but no data....) like you are experiencing, when I had deployment agent server on different network.

    Like I mentioned in my blog just make sure you are able to access the release management server resources (may be a shared folder) from your deployment server. The deployment server doesn't have to be in the same domain but should be in the same network as release management server. At the end of the blog I have listed various issues I encountered and fix for those problems. 


    Regards, Bharath

    LinkedIn:

    Saturday, February 14, 2015 11:40 PM