Cross Forest certificate Auto Enrollment Concern RRS feed

  • Question

  • Hi!

    Currently we have two forest with child domains: Forest A and Forest B(with child domain C). i have successfully configure cross forest certificate enrollment. CA is on Forest A and we will be deploying workstation certificates to domain C  and on the parent domain in forest B. i have encountered two issues:

    1. Some computers have failed request: "Denied by Policy Module 0x8007202b, The requester's Active Directory object is not in the current forest. Cross forest enrollment is not enabled"

    2. When using certutil -ping -config "<FQDN of domain>\<CA name>" i get RPC server unavailable. but when i try to ping the server or check ports using portqry tool for tcp 135 it push through the server

    is there anything wrong with my setup? i have been stuck troubleshooting for awhile now.

    Thursday, November 19, 2020 7:40 AM