Forum Discussion

christian31's avatar
christian31
Brass Contributor
Nov 18, 2020

Cross Forest certificate Enrollment problem

Hi,

 

I have a two forest setup with two way trust(ForestA and ForestB). in ForestB there is a child domain(ForestBchild)

I have successfully setup Cross forest enrollment in both forest. CA is on ForestA and forestB don't have CA.

I tested issuing workstation authentication template with security settings domain computers auto enroll, enroll and read for all forest and child domain.

In ForestB(parent domain) computers are deployed by the certificate but in the child some were failed error "Denied by Policy Module 0x8007202b, The requester's Active Directory object is not in the current forest. Cross forest enrollment is not enabled"

 

What must be the problem with my setup?

Resources