FIM Sync Engine Connecting to AD Forest over 636 RRS feed

  • Question

  • Hi All,

    I'm new to FIM and Active Directory/PKI in general.

    I'm doing a project where my FIM 2010 R2 Sync Engine server is joined to a Forest called Prod.NET

    But I'm creating 2x management agents to import AD data from the following forests.



    There is no trust relationship set between the two forests. However, there is also no firewall between these FIM and the domain controllers of these forests. My requirement is to select this option:

    When I click on NEXT, I'm presented with this error:

    I only get this error for DEV.NET. When I do this for Prod.NET, it works fine.

    What is required so I can get the DEV.NET management agent working for the SSL option?

    • Edited by gtrivedi1980 Tuesday, July 21, 2015 10:21 AM Image upload problem
    Tuesday, July 21, 2015 10:11 AM

All replies

  • Hello,

    Screenshots are still broken on my site, but I would assume Problem is because of certificate trust.

    Since the FIM Server don't trusts certs of Dev.Net the SSL Connection is refused.

    You can Export the certificate of the Destination DC an Import (and) trust them in your FIM Server.
    If you have an CA installed in DEV.Net you could also Import the CA cert to trust all certs from that forest.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Tuesday, July 21, 2015 10:49 AM
  • Although I cannot see the images, I assume you are trying to create the MA using the FQDN If so, you cannot do that.  You would have to use its IP address instead, provided you can ping it, and then it will be fine.

    Nosh Mernacaj, Identity Management Specialist

    • Proposed as answer by Nosh Mernacaj Tuesday, July 21, 2015 5:46 PM
    Tuesday, July 21, 2015 4:16 PM