Authentication across 2 way External Forest Trust - SCOM
Posted on 2011-02-11
Having real troubles getting my SCOM server to discover and manage a server on a different forest.
The situation is a little complicated so let me explain.
We have two forests which have a two way trust, everything resolves via pings etc, DNS conditional forwarders have been setup and are correct.
We have Forest ABC which contains one domain called Domain-A
We have Forest B which contains a forest root domain called SYSROOT.LOCAL and a TREE domain called CORE.LOCAL.
SCOM is in the CORE.LOCAL domain.
I have created a service account for scom call "servscom" and this account is in the core.local tree domain. I have created a group called "Cross forest Admins" which is in the forest root called sysroot.local. Servscom is a member of Cross_forest_admins.
Cross_forest_admins has been added to "Administrators" in the other forest. Therefore as far as i can see i should have access to do a discovery and install a scom agent on a machine in the other forest.
Can anyone see why discovery fails on scom? or if its easier to explain, can anyone advise me on what rights a scom server requires on another machine to be able to manage it?
thankyou in advance