You want to install and run TFS Build Controller and Agent on a separate network/domain than your Team Foundation Server 2010.
According to Ruiz from the MSDN Subscriber Support in Forum this is not officially supported.
How to solve:
- Install Team Foundation Build 2010 from TFS media.
- Apply latest updates (e.g. Service Pack 1, Cumulative Update 1).
- Create user account (both locally on the Build server as well as your TFS AT) as the service account for Team Build (e.g. TFSBUILD)
- On TFS, add service account TFSBUILD to Project Collection Build Service Accounts security group (on the collection-level)
- Configure the Build Server: when asked leave the "team project collection" field blank.
- Choose any system account for now.
- After configuration has completed, open the Build Service properties and set the service account to your local account (e.g. ".\TFSBUILD")
- Done. You can now start the Build Service, define a Build Controller and Build Agents.
- Detailed steps, including a walk-through using screenshots, can be found at:
Team Foundation Server 2010 Build Agent not part of the domain
Additional note from Wes:
The other thing I should mention is we had to have the build agent hostname defined in the HOSTS file on the TFS Application Tier and the TFS Server hostname defined in the Build Agent HOSTS file. This assumes the DNS is not configured with the entries.