Re: Configuring a certificate server across different forests

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 10/12/02 

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Sat, 12 Oct 2002 08:03:19 -0700

both forests must trust the root CA cert and be able to build a chain.

That is the most common problem. 

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
<alvinsmith@broadviewnet.com> wrote in message
news:66d77a56.0210091226.5fc6c7f4@posting.google.com...
> I either can't browse the AD via SSL when I can do it fine over port
> 389 and 3268. Or if I try to install a root and subordinate in
> different forests I can't get them to trust each other.
>
> "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:<eN#2u#vbCHA.1808@tkmsftngp10>...
> > I am slightly confused on "what does not work".  Can explain what is
> > failing?
> >
> > --
> >
> > David B. Cross [MS]
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> >
> > <alent1234@hotmail.com> wrote in message
> > news:552c89f9.0210080852.780bc45f@posting.google.com...
> > > I have a very unique problem. I'm working on a project to migrate our
> > > customer database from another LDAP server and SQL to AD. We're are
> > > looking at having a separate forest with a one way trust from our
> > > corporate domain to hold the customers. We need certificate services
> > > so our Java based CRM app can update AD via SSL.
> > >
> > > I tried setting up an enterprise and stand alone CA's with subs and no
> > > subs with no luck. And I tried switching the root and subs between the
> > > different forests without them getting to trust each other. Has anyone
> > > done anything similar that can help me?

Relevant Pages

  • Re: Trusted domains
    ... any questions should be posted in the NewsGroup ... This posting is provided "AS IS" with no warranties, ... forests into the one. ... or two way trust. ...
    (microsoft.public.windows.server.active_directory)
  • Similar forest names
    ... If I have two forests that have the same ad root, say 'AD', and I ... create a trust between the two what will I see when I try to log into ... Dave ...
    (microsoft.public.windows.server.active_directory)
  • Re: Help with Zone tranfers keep breaking
    ... only updates with new records if the SOA is online ... Between the 2 forests there is a Forest trust (Note: ... -The Secondary Zone SOA is pointing to DC1 on ForestA. ...
    (microsoft.public.windows.server.dns)
  • Re: cross-forrests trusts on routed networks with NAT
    ... "Rup And" wrote in message ... So you can put a trust between the 2 forest root domains of your 2 forests - ... > One forrest build on Windows2000 and one forrst build on Windows 2003 ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem Establishing Trust between Production and Development AD E
    ... The easiest thing to do would be to move the test dns domain to your ... establish the trust without any other modifications. ... > setup a trust between our production and development AD forests in order ... > trust between the production ICM domain and ORT? ...
    (microsoft.public.windows.server.active_directory)