I have an implementation of SCCM 2007 in forest "A" that manages hosts in that Windows 2008 forest. There is another forest/domain, "B", which I have no trust with that I need to manage hosts in as well. I don't need to push out clients from the SCCM console, I am going to install them manually. I just need the hosts in domain "B" to connect back to the forest/domain "A" for management purposes. To date, I have not added any AD objects to domain "B" for hosts to query for site, SLP or management point info.
I am installing the hosts with the command line:
ccmsetup.exe /mp:SCCM_Server
/site:mysite
SCCM_Server = FQDN of my sccm server (which is resolvable by the client)
There are no ACL's between the two servers.
From the logs, I can see the install complete and the client tries to query the local AD for the site info for "mysite" but it can't find it and it stops and never connects.
Can anyone give me some direction as to how this should be setup?
Best Answer
We have this setup for managing machines (mainly virtuals) in our development environment from our live environment's SCCM infrastructure. These are totally separate forests with a fairly stringent firewall between them. We mainly only use it for OS/app patching via SCCM Software Updates, and limited hardware/software inventory reporting.
Once we'd opened up the required ports in the firewall between the environments, all we needed was to use the correct command line when installing the SCCM client on the dev machines, we use this command line:
Obviously the fallback status point is optional (but highly recommended for troubleshooting, especially if you're currently having problems installing clients), and there's no need to specify the port if you're using the standard port.
We found that installs were failing to connect properly to the site until we properly specified the site code and SLP server in the install string.
Update See this new TechNet article Using ConfigMgr 2007 to Manage Clients in a Workgroup or Un-Trusted Domain