Untrusted Domain Connectivity in Release Management For Visual Studio 2013


This article explains how to configure RM to work across untrusted domains using ghost or shadow accounts. Ghost accounts are local user accounts with the same user name and word in two machines. Here you will install RM in one machine and Deployment Agent in another without any domain trust.

Step 1: Create user in target server

Create a user in the target server where you want to deploy the application. A word should be created with never expire policy.

Assign the user to the member of Administrators group.

Step 2: Microsoft deployment agent 2013 installation

Install Microsoft deployment agent 2013, there are only a few simple steps to install this as shown below.

If you click on the Launch button, a screen will be shown with a text box to provide the RM server URL and credentials to connect with the RM server. We will do it later.

Step 3: Create user in the RM server machine

Create a user with the same user name and word (Step 1) in the RM server machine, that we call as the ghost or shadow account.

Create the RM server shadow account as a new user in the RM client and grant both “Service User” and “Release Manager” permissions. In the following screen, the Release Manager should be "Yes".


Add the deployment agent's shadow account to the RM client and grant “Service User” and “Release Manager” permissions. This “Release Manager”permission can be reverted once this connection is established successfully.

For example: If the deployment agent machine name is Machine2 then two users should be created in the RM client, "user name" as described earlier in this step and Machin2.

Step 4: Configure Microsoft Deployment Agent

Now login to the deployment agent machine using the Ghost account and open Microsoft Deployment Agent 2013. A configuration window will be opened, there you must provide the RM server URL and account to connect. You should provide the ghost account and click on Apply Settings. If your configuration is successful, the following window will be shown.

NB: In case of any error in the preceding step, verify the earlier steps and ensure that you have followed each instruction correctly.

Step 5 Register server with RM

Open the Servers tab under Configure Paths in RM client. The Registered servers will be listed there as shown in the following screen. Click on Scan For New.

A pop-up will be displayed with unregistered server details. Your newly configured server should display in that list and you can register that server by double-clicking on it or click the register button, as shown in the following screen.

Your server is successfully registered with RM and you can deploy to this server the same as any server in the same domain.


RM gives the ability to automate and manage your release process. I hope this article will help you to configure and design your release without the barrier of domain trust. If you are new to RM, you can make use of my article http://www.msdevtips.com/2014/05/release-management-for-visual-studio.html to understand and configure RM.
Enjoy your releases with Release Management for Visual Studio 2013. 
Thank you for reading.