• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

Microsoft Forefront Deploying Policy Error

I have a forefront server that is a member of domaina.com and I'm attempting to deploy its policy in domainb.com and I'm getting an error.  I believe all networking communication is fine but it is giving me the error below.
forefront-error.jpg
0
LrdKanien
Asked:
LrdKanien
  • 4
  • 3
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
Three questions.
Is the second domain part of the same forest that the first domain is in so they are using the same credentials?
Second, are the security credentials being used valid - at administrator level - for the second domain or is there a trust in place?

What oS, service packs and AD level are each of the domains in question?
0
 
LrdKanienAuthor Commented:
1.  second domain is part of the same forest as the root domain.  I'm logged in as myself with the FCS MMC up under Policy Management attempting to deploy to an OU in the 2nd domain.

2.  I am a member of enterprise admins in the root forest domain.

3.  the domain is server 2008 with domain functioning level of 2003 because I have 1 2003 Domain Controller.
0
 
Keith AlabasterEnterprise ArchitectCommented:
If you try and use administrator account credentials from the domain you are now trying to deploy to, does it make a difference? I have had some disturbing results when using the Enterprise Admin on some product installs. A similar situation occured recently when deploying System Center Operations Manager clients and, despite the implicit trust, we ended up having to use certificates  :(
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LrdKanienAuthor Commented:
I'm not sure how you want me to proceed with that advice.  I'm using the FCS mmc to deploy the policy.  How would I deploy it with another users credentials?

I'd prefer the solution to be that I grant necessary access in the 2nd domain for the FCS to be able to deploy its policy there.
0
 
Keith AlabasterEnterprise ArchitectCommented:
just log on as the administrator of the other domain on the same machine you are using now and fire up the mmc. You may well get the solution you would 'like' but we can quickly prove if it is viable.
0
 
LrdKanienAuthor Commented:
was networking issue.  basically needed every port open as if it were on that same domain, 88, 445, 135 etc.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Sweet
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now