Blog Detail

Untrusted domain connectivity in Release Management for Visual Studio 2013

30 Jul 14
No Comments


The scenario is to deploy your web application to a machine, where there is no domain trust between your RM (Release Management) environment and that target machine.
This post explains the steps to configure RM to work across untrusted domains using ghost/shadow accounts. Ghost accounts are local user accounts with same user name and password in two machines. Here you will install RM in one machine and Deployment Agent in another with out any domain trust.

Step 1(Create user in target server):

Create a user in the target server where you want to deploy the application. Password should be created with never expire policy.

Assign the user to the member of Administrators group.

Step 2(Microsoft deployment agent 2013 installation):

Install Microsoft deployment agent 2013, there are only few simple steps to install this as showing below.

If you click on the Launch button, a screen will be shown with a text box to provide RM server url and credentials to connect with RM server. We will do it later.

Step 3(Create user in the RM server machine)

Create a user with same user name and password(step 1) in the RM server machine, which we call it as ghost/shadow account.
Create the RM server shadow account as a new user in RM client and grant both “Service User” and “Release Manager” permissions. In the below screen, Release Manager should be “Yes”.

Add deployment agent’s shadow account to RM client and grant “Service User” and “Release Manager” permissions. This  “Release Manager”permission can be reverted once this connection established successfully.
Ex: If deployment agent machine name is Machine2, two user should be created in RM client, ie “user name” with as describe earlier in this step and Machin2/

Step 4 (Configure Microsoft Deployment Agent)

Now login to deployment agent machine using Ghost account  and open Microsoft Deployment Agent 2013. A configuration window will be opened, there you have to provide RM server url and account to connect. You should provide ghost account and click on Apply Settings. If your configuration is successful, following window will be shown.


NB: Incase of any error in the above step, verify earlier steps and make sure that you have followed each instruction correctly.

Step 5

Open Servers tab under Configure Paths in RM client. Registered servers will be listed there as showing in the below screen. Click on Scan For New.
A pop up will be displayed with unregistered server details. Your newly configured server should display in that list and you can register that server by double clicking on it or click register button, as showing in the below screen.


RM gives the flexibility to automate and manage your release process. I hope this article will help you to configure and design your release with out the barrier of domain trust.
If you are new to RM, you can make use of my post to understand and configure RM.
Enjoy your releases with Release Management for Visual Studio 2013. 
Thank you for reading.

Leave A Comment