问题
I am receiving the above error when attempting to trigger a release from my build. The build works on its own, and the release works on its own, but I cannot trigger the release.
My problem is that there is no such thing as a system user in Release Management. There is a Service User, and the above user is set as a Service User. It's also set as a Release Manager.
It is also in the Project Collection Administrators group in TFS and has the "Make requests on behalf of others" permission. I've done everything I think I need to do in order to get this to work.
The only thing I can think of is that Release Management is installed on a different server to TFS (although it is on the same server as the build agent), and perhaps it is using a "different" NETWORK SERVICE user, since I believe the NETWORK SERVICE user is local (although I'm not sure).
I've tried everything I can find. Other people are receiving this error, but it always seems to be resolved by setting the Service User permission in Release Management.
Is there anything else I need to set up to get this to work?
Thanks.
回答1:
You are correct about the Network Service account being local to each machine. And that appears to be your issue. When a process running as a local NetworkService tries to authenticate with a remote system, it does so as domain\machinename$.
So to fix your issue, try to add your TFS build service computer name in the appropriate local security groups of your release management server by using domain\{YOURTFSMACHINENAME}$ as the account for your TFS build service.
回答2:
The best option when you are using a distributed installation is to use explicit domain service accounts. While you can make network service work it is far easier to use an account.
I would recommend that you create a domain\tfsrm account and use that for communication.
回答3:
I've received the very same error, but in my case the culprit was that the RM client must not only be installed on TFS-RM server, but also minimally configured with the RM server address. Otherwise, on a single-server deployment, using Network Service as TFS and build agent service accounts works just fine.
来源:https://stackoverflow.com/questions/26313455/the-account-running-the-tfs-build-service-nt-authority-network-service-needs-t