Basically the problem comes down to open a remote powershell session. So if this succeeds when logged in to the company domain build agent computer and you connect to srv.mydmz.de being the target server in the dmz-domain:
Enter-PSSession
-ComputerName "srv.mydmz.de"
-Credential mydmz\username
then your build / release Task "Run Powershell on Remote Machine" should succeed as well. This is useful for testing purposes because you do not need to create a release definition upfront and create a release every time you try to get things up and running.
I found the steps to solve my problem in a blog post from Christopher Hunt, but I want to stress out on thing that I got wrong from many other blog posts providing the same solution.
The solution is rather simple. On the build agent computer and on the target DMZ computer run:
WinRM Quickconfig
Then, log in to the build agent computer and run this from an elevated command prompt:
Set-Item wsman:\localhost\Client\TrustedHosts -value "srv.mydmz.de"
This adds the target server located in the DMZ as trusted host on the company domain joined build agent computer. Then the above command to open a remote powershell succeeded for me where it formerly failed. So a release definition like this should work then if the build agent computer is configured as stated above:
 |
| Release Definition executing a powershell across domains |
So, call me dumb, but here is the thing I always got wrong until now: you have to add the DMZ-Server as trusted host on the company domain joined server, not the other way round.
To me it appeared more logical that the computer being called (the DMZ-server), i. e. where the remote powershell executes stuff, should trust the computer calling it (the company domain joined server). So I repeatedly tried the Set-Item-Command on the DMZ-Server setting the domain joined build agent computer as the trusted host.
Now that my incompetence in this case is revealed, maybe it might save others some time :-)
