To setup an Agent (build/release agent), in an untrusted domain, follow the below steps.
1. Create local user in TFS App Tier machine say rmshadowagent
5. Copy over the agent.zip downloaded to the untrusted domain machine (agent machine). This machine should have access to you tfs url. This can be achieved via exposing your TFS via www. Then a machine with internet connection having access to TFS url can be an agent. Create folder for your agent. Example – C:\DeployAgent\Web, and extract agent.zip to it.
8. In the agent machine create a user with the same user name say “rmshadowagent” and with the same password, you created in the TFS App Tier. (Add this user to Administrators group in agent machine to allow to perform any activity in the machine as a deployment agent).
9. Run a command prompt as administrator in the agent machine and change the directory to extracted agent folder. Then execute ConfigureAgent.cmd and provide the parameters to configure.
- Name for the agent
- TFS url – https://yourtfs/tfs
- Agent pool name
- Agent working directory path
- Install agent as service – y
- Instead of Network Service for the service user – provide .\rmshadowagent
- Provide the password for the rmshadowagent
10. Once click ok it gives below error. But the agent is configured and available to use in pool.
TF14045: The identity with type 'System.Security.Principal.WindowsIdentity' and
identifier 'S-1-5-21-1292816864-2021176197-253083057-1013' could not be found.