The use of certificates to authenticate computers in an untrusted domain RRS feed

  • Question

  • Hello,

    I have a question about the use of certificates to authenticate computers in an untrusted domain with DPM2012 R2 (4.2.1292).

    We have a primary forest (domain level 2008r2) where we have a DPM2012 R2(4.2.1292) server running on Windows 2012R2. We also have a second forest (domain level 2012) running in a separate network. These networks are not connected, they share no DNS, and there are no trust relations. Currently we use client protection with NTLM authentication to back-up data in the second forest to our DPM2012 server in our primary forest. We want to replace the NTLM authentication with certificate authentication. To achieve this we used the following guide:
    The network traffic between the DPM server, the CA and the servers in de second forest is allowed and the FQDN’s are placed in the host files. The CA (enterprise) server is installed on a 2008R2 DC with default settings, web enrollment is used. If we follow the guide within the primary forest and use a Windows 2008 server DPM target then everything works directly and smoothly. If we try to run the procedure on a Windows 2012 R2 server in the second forest then we get an error when we run (phase 4) Attach-ProductionServerWithCertificate.ps1 on the DPM2012 server with the error:
    There is failure while attaching production server with certificates C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\bin\Attach-ProductionServerWithCertificate.ps1 : DPM CPWrapper Service on the servername.LOCAL computer has encountered a failure and may be in an unusable state. Exception Message = The socket connection was aborted

    Is there any advice you can offer, and can someone confirm this is a supported scenario.

    Thanks in advance for your time.

    Friday, April 17, 2015 1:37 PM