Hey all.
So we have a pretty unique scenario, but can't be that unique. This is our layout.
SCCM Primary Standalone in Domain A.
Site Server deployed and talking in the DMZ, with MP,DP and SUP.
CA currently on SCCM server (Yes I know, it was supposed to be more of a test than anything). It is handing out certificates properly to Domain A computers. I've added the Domain A, (CA) to the trusted root authority of other domain (B,C,D,E). I've added
Domain computers into the "Config Manager Auto enroll Certificate" and they automatically request and add certificates to all client computers. I deployed this via
this article. And worked well after running the PKISync.ps1 script.
I have lots of logs, mostly all relating to certificate not being valid for the ICBM.DOMAINA.com. There is an article
here that states that there is a CA needed in each domain, which I thought I could get away with cross forest trust (I have been able to issue certs for all domain computers in all domains) but it seems like only the domain certs are valid for the IBCM
point.
Any first hand information would be appreciated!
Thanks Guys
