When you try to configure InRelease to connect to your Team Foundation Server 2013 Team Project Collection you get an error message saying that you are unable to connect because you need to be able to requires make requests on behalf of others.
![Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others](/blob/resources/blog/issue-tfs-2013-inrelease-account-requires-make-requests-on-behalf-of-others/images/image16-1-1.png)
Figure: Unable to connect to Team Foundation Server
If you check the event log you get:
1Timestamp: 7/11/2013 10:09:16 AM
2Message: Unable to connect to this Team Foundation Server: http://caprica:8080/tfs/Tfs01-Scrum/.
3
4Possible reasons for failure include:
5- The name, port number, or protocol for the Team Foundation Server is incorrect.
6- The Team Foundation Server is offline.
7- The password has expired or is incorrect.
8
9Technical information (for administrator):
10Access Denied: Martin Hinshelwood needs the following permission(s) to perform this action: Make requests on behalf of others.
11Category: General
12Priority: -1
13EventId: 0
14Severity: Error
15Title:
16Machine: CAPRICA
17Application Domain: InCycle.InRelease.Console.exe
18Process Id: 1468
19Process Name: C:Program Files (x86)InCycle SoftwareInReleasebinInCycle.InRelease.Console.exe
20Win32 Thread Id: 5904
21Thread Name:
22Extended Properties:
Just like the TFS Integration Platform if you have a service that requires the “Make requests on behalf of others” then the accounts that it runs under need to be part of the “Team Foundation Service Accounts” group on the Collection. I would think that
![Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others](/blob/resources/blog/issue-tfs-2013-inrelease-account-requires-make-requests-on-behalf-of-others/images/image17-2-2.png)
Figure: You can’t edit Team Foundation Service Accounts Group
Unfortunately this group is not editable in the UI as a security precaution and in keeping with TFS tradition those things are relegated to the command line so that it scares off those for whom its not really that important.
Now while in a real server you should have a service account my TFS Server runs under network service and you can’t pick network service in InRelease.
Whatever account that you want to run InRelease under you need to add it to the Team Foundation Service accounts group to get the “make requests on behalf of others” capability.
![Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others](/blob/resources/blog/issue-tfs-2013-inrelease-account-requires-make-requests-on-behalf-of-others/images/image18-3-3.png)
Figure: Add permission with TFSSercurity command
1tfssecurity /g+ "Team Foundation Service Accounts" n:nakedalmTfInRelease ALLOW /server:http://caprica:8080/tfs
When you execute the command TFS will go off and add the account to the group. You could do this per collection, but I am just giving it access to every collection on the server.
![Issue [ TFS 2013 ] InRelease account requires make requests on behalf of others](/blob/resources/blog/issue-tfs-2013-inrelease-account-requires-make-requests-on-behalf-of-others/images/image19-4-4.png)
Figure: Green tick for account that now has make requests on behalf of others
I could have given explicit permission to that account or even created a special group with just that permission but this is the recommended option to solving the problem.
No related videos found.
If you've made it this far, it's worth connecting with our principal consultant and coach, Martin Hinshelwood, for a 30-minute 'ask me anything' call.
We partner with businesses across diverse industries, including finance, insurance, healthcare, pharmaceuticals, technology, engineering, transportation, hospitality, entertainment, legal, government, and military sectors.
CR2
NIT A/S
