Answered by:
Site Recommendation untrusted forest

Question
-
I'm in the middle of implementing SCCM2012 in our environment.
I have one Primary Site which is located at headquarter, 2 secondary site and 2 distributionpoint accross the world.
We have also a subsidiary in China. For security reason there is a Primary Site SCCM2007, this which will be uninstalled and it is planned to install a secondary site sccm2012 there.
The china clients should only talk to the site secondary site and secondary site only to the primary site at headquarter.
Is it possible to restrict the clients talking only to the secondary site in china? If not, is it possible to use another port instead of port 80 for client communication?
Will OS, SW and SUP Deployment still work?
Sunday, September 23, 2012 7:56 AM
Answers
-
1) all sites must have a forest trust otherwise they can't communicate. If a forest trust to China is not an option then you can't deploy any child sites there.
Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals
- Marked as answer by Tony Fernandes Tuesday, September 25, 2012 3:53 PM
Sunday, September 23, 2012 8:30 AM
All replies
-
1) all sites must have a forest trust otherwise they can't communicate. If a forest trust to China is not an option then you can't deploy any child sites there.
Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals
- Marked as answer by Tony Fernandes Tuesday, September 25, 2012 3:53 PM
Sunday, September 23, 2012 8:30 AM -
Hi Kent
So which option would recommend?
Waiting for SP1 and install a CAS where then I have 2 Primary Site, the second one in China?
Sunday, September 23, 2012 8:40 AM -
SP1 will not help you, a forest trust is still required if the site in China have to added to the same hierarchy. Either install China as a standalone site or manage the clients from one of the other sites (which most likely is a NO-GO).
Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals
Sunday, September 23, 2012 8:42 AM -
And what about the options which you described in your blog
http://blog.coretech.dk/kea/multi-forest-support-in-configmgr-2012-part-iithere-can-be-only-oneor/
Sunday, September 23, 2012 8:59 AM -
Those are site system roles belonging to the primary site, they are not installed on a child site.
Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals
Sunday, September 23, 2012 9:00 AM -
I would to manage from only one adminconsole all the sites. Stand alone Primary is actually not a option for me.
What do you mean "manage the clients from one of the other sites" ?
Sunday, September 23, 2012 9:26 AM -
Why is a standalone primary not an option? How many clients at each location are we talking about?
Torsten Meringer | http://www.mssccmfaq.de
Monday, September 24, 2012 5:52 PM