Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others

Audience

Everyone

When you try to configure InRelease to connect to your Team Foundation Server 2013 Team Project Collection you get an error message saying that you are unable to connect because you need to be able to requires make requests on behalf of others.

image
Figure: Unable to connect to Team Foundation Server

If you check the event log you get:

Timestamp: 7/11/2013 10:09:16 AM
Message: Unable to connect to this Team Foundation Server: http://caprica:8080/tfs/Tfs01-Scrum/.

Possible reasons for failure include:
- The name, port number, or protocol for the Team Foundation Server is incorrect.
- The Team Foundation Server is offline.
- The password has expired or is incorrect.

Technical information (for administrator):
Access Denied: Martin Hinshelwood needs the following permission(s) to perform this action: Make requests on behalf of others.
Category: General
Priority: -1
EventId: 0
Severity: Error
Title:
Machine: CAPRICA
Application Domain: InCycle.InRelease.Console.exe
Process Id: 1468
Process Name: C:Program Files (x86)InCycle SoftwareInReleasebinInCycle.InRelease.Console.exe
Win32 Thread Id: 5904
Thread Name: 
Extended Properties: 

Applies to

  • InRelease 3
  • Team Foundation Server 2013

Findings

Just like the TFS Integration Platform if you have a service that requires the “Make requests on behalf of others” then the accounts that it runs under need to be part of the “Team Foundation Service Accounts” group on the Collection. I would think that

image
Figure: You can’t edit Team Foundation Service Accounts Group

Unfortunately this group is not editable in the UI as a security precaution and in keeping with TFS tradition those things are relegated to the command line so that it scares off those for whom its not really that important.

Now while in a real server you should have a service account my TFS Server runs under network service and you can’t pick network service in InRelease.

Solution

Whatever account that you want to run InRelease under you need to add it to the Team Foundation Service accounts group to get the “make requests on behalf of others” capability.

image
Figure: Add permission with TFSSercurity command

tfssecurity /g+ "Team Foundation Service Accounts" n:nakedalmTfInRelease ALLOW /server:http://caprica:8080/tfs

When you execute the command TFS will go off and add the account to the group. You could do this per collection, but I am just giving it access to every collection on the server.

image
Figure: Green tick for account that now has make requests on behalf of others

I could have given explicit permission to that account or even created a special group with just that permission but this is the recommended option to solving the problem.

Create a conversation around this article

Share on Facebook
Share on Twitter
Share on Linkdin

Read more

Martin Hinshelwood
The Boards in Azure DevOps are a powerful tool that your teams can leverage to enable transparent visualization of the current state of value delivery.  However, the inclusion of Blocked columns can stealthily erode the very foundations of efficiency these boards are meant to uphold. By obfuscating the state of …
Martin Hinshelwood
This week, I participated in a Scrum.org Webinar hosted by Sabrina Love (Scrum.org Product Owner) as well as my colleagues, Joanna Płaskonka, Ph.D. and Alex Ballarin 🇺🇦 to discuss the state of learning and how immersive learning is the future of training. You can watch the video below to hear …
Martin Hinshelwood
Business Leaders face a key challenge when scaling their organisations effectively while maintaining the distinctiveness that made us successful in the first place. Many frameworks and methodologies, such as Scaled Agile Framework (SAFe) or the Spotify Model, promise a structured approach to scaling, but do they genuinely fit our unique …
Martin Hinshelwood
As we inch further into the dynamic landscape of the 21st century, our long-established Alpha organisations stand on shaky ground. The organisations whose DNA is infused with strict command and control, woven into the fabric of every process, are feeling the tremors of a rapidly evolving, technologically charged market. Not …