Hello 
I've following situation:
Two separate forest connected with two-way trust.
Forest A wit only one domain A.COM:
SCCM 2012 installed in domain A.COM and configured for https with pki implemented and running - clients connects only via HTTPS
Certificate Authority (CAA) installed in domain A.COM
Forest B with only one domain B.COM
No SCCM installed
CertificateAuthority (CAB) installed in domain B.COM
Issue:
After migrating users and computers from domain A.COM do B.COM (via ADMT) clients looses connectivity to SCCM when certificate expires and they are not able to achieve new one because of autoenrollement does not work (other forest with own CA).
Question:
How to prevent this behavior and be able to retain functionality of SCCM clients that are already migrated to B.COM domain (forest B) after their certificates expires ?
Steps taken:
Reverting communication back to HTTP at SCCM (App catalog, MP, DP) - this however does not work for all clients and gives unpredicted results. Probably because I made it wrong way - changed only values from HTTPS to HTTP and not reinstalling MP, DP ?
Maybe You could provide me with better way to achieve my goal - maintaining HTTPS communication between clients and server is NOT IMPORTANT in this situation.
best regards
Marek
I've following situation:
Two separate forest connected with two-way trust.
Forest A wit only one domain A.COM:
SCCM 2012 installed in domain A.COM and configured for https with pki implemented and running - clients connects only via HTTPS
Certificate Authority (CAA) installed in domain A.COM
Forest B with only one domain B.COM
No SCCM installed
CertificateAuthority (CAB) installed in domain B.COM
Issue:
After migrating users and computers from domain A.COM do B.COM (via ADMT) clients looses connectivity to SCCM when certificate expires and they are not able to achieve new one because of autoenrollement does not work (other forest with own CA).
Question:
How to prevent this behavior and be able to retain functionality of SCCM clients that are already migrated to B.COM domain (forest B) after their certificates expires ?
Steps taken:
Reverting communication back to HTTP at SCCM (App catalog, MP, DP) - this however does not work for all clients and gives unpredicted results. Probably because I made it wrong way - changed only values from HTTPS to HTTP and not reinstalling MP, DP ?
Maybe You could provide me with better way to achieve my goal - maintaining HTTPS communication between clients and server is NOT IMPORTANT in this situation.
best regards
Marek
