Due to the Russian invasion of Ukraine, we have paused all purchases and training from Russia.  Read Statement from Scrum.org

Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others


No items found

Table of Contents

When you try to configure InRelease to connect to your Team Foundation Server 2013 Team Project Collection you get an error message saying that you are unable to connect because you need to be able to requires make requests on behalf of others.

Figure: Unable to connect to Team Foundation Server

If you check the event log you get:

Timestamp: 7/11/2013 10:09:16 AM
Message: Unable to connect to this Team Foundation Server: http://caprica:8080/tfs/Tfs01-Scrum/.

Possible reasons for failure include:
- The name, port number, or protocol for the Team Foundation Server is incorrect.
- The Team Foundation Server is offline.
- The password has expired or is incorrect.

Technical information (for administrator):
Access Denied: Martin Hinshelwood needs the following permission(s) to perform this action: Make requests on behalf of others.
Category: General
Priority: -1
EventId: 0
Severity: Error
Machine: CAPRICA
Application Domain: InCycle.InRelease.Console.exe
Process Id: 1468
Process Name: C:Program Files (x86)InCycle SoftwareInReleasebinInCycle.InRelease.Console.exe
Win32 Thread Id: 5904
Thread Name: 
Extended Properties: 

Applies to

  • InRelease 3
  • Team Foundation Server 2013


Just like the TFS Integration Platform if you have a service that requires the “Make requests on behalf of others” then the accounts that it runs under need to be part of the “Team Foundation Service Accounts” group on the Collection. I would think that

Figure: You can’t edit Team Foundation Service Accounts Group

Unfortunately this group is not editable in the UI as a security precaution and in keeping with TFS tradition those things are relegated to the command line so that it scares off those for whom its not really that important.

Now while in a real server you should have a service account my TFS Server runs under network service and you can’t pick network service in InRelease.


Whatever account that you want to run InRelease under you need to add it to the Team Foundation Service accounts group to get the “make requests on behalf of others” capability.

Figure: Add permission with TFSSercurity command

tfssecurity /g+ "Team Foundation Service Accounts" n:nakedalmTfInRelease ALLOW /server:http://caprica:8080/tfs

When you execute the command TFS will go off and add the account to the group. You could do this per collection, but I am just giving it access to every collection on the server.

Figure: Green tick for account that now has make requests on behalf of others

I could have given explicit permission to that account or even created a special group with just that permission but this is the recommended option to solving the problem.

Create a conversation around this article

Share on Facebook
Share on Twitter
Share on Linkdin

Want to learn more?

Check out the many training classes that we have.

No items found

Want to read more?


We believe that every company deserves high quality software delivered on a regular cadence that meets its customers needs. Our goal is to help you reduce your cycle time, improve your time to market, and minimise any organisational friction in achieving your goals.

naked Agility Limited is a professional company that offers training, coaching, mentoring, and facilitation to help people and teams evolve, integrate, and continuously improve.

We recognise the positive impact that a happy AND motivated workforce, that has purpose, has on client experience. We help change mindsets towards a people-first culture where everyone encourages others to learn and grow. The resulting divergent thinking leads to many different ideas and opportunities for the success of the organisation.