NEWOne SCCM Site with Multiple Domains (One Way Trust)

J

JasonMMoran

Member
14
0
1
Hello
I have recently set up another Microsoft AD Domain to be used as a Resource Domain and have taken a run at connecting Clients from the new domain in my original domain. The domains are in a One Way Trust with the new Domain trusting the original which has a working SCCM Environment. The current SCCM environment is using PKI and I have exported the Root Certs from each to each other's CA to the other's Trusted Root, Enterprise Trust as well as Personal.

I have tried requesting a Cert manually from two clients in the New Domain from the Original Domain's CA and I imported it into the Clients Certificates under Personal and even made the FQDN Url of the SCCM Server a Trusted URL in the Internet Control Panel.

The new domain will have a very limited number of clients so this is mainly to make patching easier.

I have added the Boundaries, both Active Directory Site and IP Range but I have not created the AD OU called "System Management" in the New Domain's System OU.

Below are some warning and errors I am getting, and I thing the Possible Cause and Solution is part of my problems but I am unsure of what to make of the Client Configuration Manager Setup Log.

As always, thank you in advance for any assistance and thoughts.

SMS_HIERARCHY_MANAGER Warning Message:
Configuration Manager could not locate the "System Management" container in Active Directory (new.domain). Nor could it create a default container. This will prevent Site Component Manager and Hierarchy Manager from updating or adding any objects to Active Directory.

Possible cause: The site server's machine account might not have the correct rights to update active directory.
Solution:Either give the Service Account rights to update the domain's System Container, or manually create the "System Management" container in this domain's Active Directory system container, and give the site server computer account full rights to that container (and all children objects.)

Client Configuration Manager Setup Log (snipit):
CCMSETUP bootstrap from Internet: 0 ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Current AD forest name is new.domain, domain name is new.domain LocationServices 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Domain joined client is in Intranet LocationServices 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Current AD site of machine is LEAFLAND LocationServices 8/24/2023 11:23:52 AM 3524 (0x0DC4)
DHCP entry points already initialized. ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
检查备用网络配置ccm开始setup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Finished checking Alternate Network Configuration ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
CcmGetLocationOverride LocationServices 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Sending message body '
< AssignedSite SiteCode="P02"/>


< ADSite Name = " LEAFLAND " / >




' ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Sending location request to 'sccmserver.olddomain.corp' with payload '
< AssignedSite SiteCode="P02"/>


< ADSite Name = " LEAFLAND " / >




' ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Client is on internet ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Client is set to use webproxy if available. ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
ccmsetup: Host=sccmserver.olddomain.corp, Path=/ccm_system/request, Port=80, Protocol=http, CcmTokenAuth=0, Flags=0x54301, Options=0xe0 ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Created connection on port 80 ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)
Trying without proxy. ccmsetup 8/24/2023 11:23:52 AM 3524 (0x0DC4)

Forum statistics

Threads
5,756
Messages
22,442
Members
12,603
Latest member
deanshotton