Hi All,
New poster here so apologies if I miss anything. I built an SCCM environment about 6 months ago to support two independent active directory forests. The SCCM Infrastructure all exists in Forest 1 (across 3 servers - SQL, SUP/FSP, MP/DP) up until now everything has been operating without issue clients from both forests have been able to communicate via PKI (certs are issued be CA's unique to each forests). At the end of last month we started seeing devices in forest 2 unable to connect and new devices in this forest clients are failing ccmsetup. Devices in forest 1 are perfectly fine, and new devices in this forest are able to install without issue.
- Have confirmed that clients are up to date
- Have confirmed with our network team that the network firewalls aren't blocking anything to any of our SCCM servers
- Have scrolled through logs with no definite answer in them
Here are some of my observations however
1 - it appears that the devices in forest 2 have stopped using certificates to connect to SCCM - reason I say this is under Control Panel > Configuraiton Management it no longer shows PKI.
2 - the devices in forest 2 are all receiving 403 forbidden when attempting to access anything in the SCCM IIS structure.
Any ideas on the next steps?
New poster here so apologies if I miss anything. I built an SCCM environment about 6 months ago to support two independent active directory forests. The SCCM Infrastructure all exists in Forest 1 (across 3 servers - SQL, SUP/FSP, MP/DP) up until now everything has been operating without issue clients from both forests have been able to communicate via PKI (certs are issued be CA's unique to each forests). At the end of last month we started seeing devices in forest 2 unable to connect and new devices in this forest clients are failing ccmsetup. Devices in forest 1 are perfectly fine, and new devices in this forest are able to install without issue.
- Have confirmed that clients are up to date
- Have confirmed with our network team that the network firewalls aren't blocking anything to any of our SCCM servers
- Have scrolled through logs with no definite answer in them
Here are some of my observations however
1 - it appears that the devices in forest 2 have stopped using certificates to connect to SCCM - reason I say this is under Control Panel > Configuraiton Management it no longer shows PKI.
2 - the devices in forest 2 are all receiving 403 forbidden when attempting to access anything in the SCCM IIS structure.
Any ideas on the next steps?
