vanderaatje Posted March 21, 2013 Report post Posted March 21, 2013 I hope someone can help me I followed the following documentation: http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx I have extended the schemaI have created the System Management folder in adsiedit I gave full control on the System Management folder for the servername of the system that I want to use as DP/MP On the untrusted domain I have opened on the firewall ports for ldap and dns In the SCCM console I do Add Forest Domain suffix I fill in the name external IPTick Discover sites ......and select specific account (domain admin account of de untrusted domain) At publishing tab tick My Site P01 I see the site information in the untrusted domain in de System Management I can browse the domain with ldap tool When I use the same information in SCCM I see "Failed to connect using specified account" at Discovery Status Publishing status is saying "Succeeded" in the adsysdis.log I see: ERROR: Failed to bind to 'LDAP://DC=BLABLA,DC=LOCAL' (0x8007054B) Quote Share this post Link to post Share on other sites More sharing options...
vanderaatje Posted March 23, 2013 Report post Posted March 23, 2013 Can't get it to work maybe I forgot something This is the information that I have for the untrusted domain: the domain suffix: domain2.localan external IPI tried creating a external dns record to the server sccm.domain.nl I used the domain2\admin account to connect to the forrestI opened port 389 tcp/udp on the firewall (router)for testing I disabled the windows firewalls on the trusted domain and the untrusted domain I created the System Management folder in adsieditI run the extend schema succesful I delegated the full control on the System Management folder When I do add forest I use the following information: domain suffix = domain2.local selected Discover sites and subnetsad forest account = domain2\administrator On the publishing tabI selected my site P01 Add specify domain or server I have added my external IP address When I do okay after a few seconds I see at publishing status: succeeded (and I see that there are files and folders created in the System Management folder in the untrusted domain But after a few minutes the status of Discovery status is showing: Failed to connect using specified account I also tried to add the untrusted domain in my DNS this is working I see all the dns records of the untrusted domain but I still receive the failed to connect using specified account The untrusted domain is a windows 2012 domain controller (with windows 2012 level) Am I missing a firewall port or something??? I really have no I idee how to fix this In Adforestdisc.log I see: ERROR: [ForestDiscoveryAgent]: Failed to connect to forest domain2.local. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted. Quote Share this post Link to post Share on other sites More sharing options...
vanderaatje Posted March 31, 2013 Report post Posted March 31, 2013 I configured on both domains in dns conditional forwarders I can do a ping from all systems and see the internal ip of the systems in the untrusted domain I extended the schema in both domains/forrests I created the System Management folder and delegated full control rights to the user account I use in the add forrest options When I add the external ip of the server in "Specify a domain or server" then I get a succes at publishing status If I try it without the external IP I receive the error Cannot connect to the LDAP server In all documents and webpages I read that it shouldn't be nessary to use the option Specify a domain or server Windows firewall on all systems are off for testing On the router firewalls I opened all the ports I could found about connections for SCCM Hope someone can help me! Quote Share this post Link to post Share on other sites More sharing options...
MattS Posted May 15, 2013 Report post Posted May 15, 2013 On the publishing tab I have "Specify a domain or server." ticked Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted May 15, 2013 Report post Posted May 15, 2013 This, the Pre-configuration paragraph, is how I did it for configuring Client Push to an untrusted forest: http://www.petervanderwoude.nl/post/using-client-push-installation-on-untrusted-forest-systems-with-configmgr-2012/ Quote Share this post Link to post Share on other sites More sharing options...
vanderaatje Posted May 18, 2013 Report post Posted May 18, 2013 Hi Peter, Thanks for the reply I'm still wondering how you did it I have managed to get it working for a customer but this site is set up with vpn tunnels What I have: I have 2 domains with external IP the only connection between each other is the internet connection at this moment How can I manage the untrusted domain from the primary site What ports do I have to open (on server and router) And what option do you use for DNS to resolve the names from the other location Conditional Forwarder or other options? Hope you can let me know how you did it Quote Share this post Link to post Share on other sites More sharing options...
Stonelion Posted July 2, 2014 Report post Posted July 2, 2014 Thank you Peter, that was very useful. Quote Share this post Link to post Share on other sites More sharing options...