NEW SCCM server on untrusted domain

[sguerreiro]

Hello all,

I already have a SCCM infrastructure with 1 CAS and 2 primary sites. Now, we need to add a client infrastructure on an untrusted domain.
Since there is no trust, my thought was to point clt servers to Primary SCCM servers, and from there, we can manage the clt’s, but the clt don’t authorize that.
So, my second option, is the creation of a Primary SCCM on clt infrastructure and then link to CAS, but, I’m getting this error and cannot find much info to understand the reason


Anyone knows what are the prerequisites to perform this? (users, dns config, etc …)

Tks

 

[Garth]

You want to avoid adding primary to a CAS. For that matter unless you have over 150K devices, you shouldn't have a CAS.

Assign the clients to one of your primary sites. Only three ports are required for them to work "correctly".

 

[sguerreiro]

Hi Garth,

Tks for your answer.
I cannot point the clt's from the untrusted domain directly to my SCCM infrastructure.
My option is to create a Primary on the untrusted domain and linked to the CAS.

The other option is to create a stand-alone SCCM, what I don't want to do, due to the lack of flexibility.

 

[Garth]

Why can't you point clients to Primary?

If you add a another Primary It will require that it talks to CAS on MORE ports that all of the clients need. Adding a CAS has a lot of overhead and comes with it own set of problems. Thay should be avoided at all costs.

Why can't you point your client to a CMG, instead of a primary?