Search the Community

I am currently managing 2 companies that have a 2 way domain trust. These companies are sister companies but have separated infrastructure. They each have their own network; physical and logical, domain controllers, etc. I installed SCCM on Domain A and currently do not have infrastructure setup to install SCCM on Domain B so initially I setup SCCM with HTTP but moved to PKI/HTTPS last week. Everything on Domain A is going well but today all systems in Domain B have become unmanageable which I found out when troubleshooting installing the SCCM client on a VM in Azure on Domain B. I need help on how to get Domain B to be managed via SCCM from Domain A. I have setup PKI on both domains but I am getting errors related to Certs/IIS. Well from what I have researched it is but all the solutions in my research only apply to SCCM on 1 domain, not multi-domains. The 2 domains can traverse over the network to access other network resources like a file share for an example. Therefor I know connectivity is there between the 2. Now this is where my ignorance kicks in. I setup SCCM with Trusted Root Certificate Authorities on the Communication Security tab in Administration>Site Configuration>Sites>Properties. I specified Domain A CA and created Certificate profiles in Assets and Compliance. I have since removed them to see if that resolved my issue but it has not so I am debating if I configure this again or not. I decided I will review that at a later date. I have attached the log from ccmsetup.exe that failed on the VM on Domain B. If anyone could help, I would greatly appreciate it as I am trying to manage all systems in both domains remotely because of Covid-19. In an ideal world I would prefer to have infrastructure in place for me to have SCCM on both domains, installed and disregard the cross-forest/domain setup but there are no more money trees to pick from. Thank you in advance!! If you need further information from me, please let me know. ccmsetup.log

I was wondering if it's possible to use SCCM 2012 in a multidomain environment? We have several domains each in their own forests but with the possibility of network connectivity. Would it be sufficient to set serveral Active-Directory Forests, with their own set of credentials + their own Boundaries and Boundary Groups? How is this done best-practice-wise? The idea is to use SCCM2012 as a tool for keeping servers up to date via WSUS. Would that be doable? Are there issues we could run in to by using this? What would one have to do in the domain beeing added? (Which doesn't contain the sccm2012 server(s)) Edit: What requirements are there when it comes to trusts when doing this? In my lab I'm now running a one-way trust, allowing the SCCM2012 server full access to the "System" container in forest number 2. Would this be correct?