Hi,

We have setup an enrollment point in DOMAINA where the Config. Manager server resides.  This DOMAINA has a certificate authority where we defined the certificate templates like Dist. Client Cert,  Web Server Cert, Workstation Cert, MAC client Cert and Mobile Device Cert.

The enrollment point proxy server is defined as CONFIGMGRServer.DOMAINA.local.

We have some MAC machines in a different trusted domain (DOMAINB).  

Can these machines enroll using the COnfig Manager enrollment point setup in DOMAINA or do we need to have a machine in DOMAINB that has a dedicated enrollment point role defined/setup.

If we are Managing Clients and distributing software to machines in DOMAINB, is it best to have a dedicated Distribution Point, Management Point, Sofware Update  and Enrollment Point setup on a machine in the trusted DOMAINB?

Thanks in ad

ConfigMgr doesn't really care about domains much for client management -- particularly when it comes to non-Windows systems so yes it's perfectly fine to have a single set of the client facing roles for all of your systems.

Also note that (based on your post title) the enrollment point has no part in managing *nix systems -- it is only used for legacy mobile device management and Macs (which are managed/treated like legacy mobile devices).

THanks Jason,   I appreciate the info

Should a MAC belonging to DOMAINB be able to use the enrollment point in DOMAINA without the MAC certificate template being in the CA for DOMAINB?

We are getting an error  (Unable to connect to enrollment server) when running   sudo ./cmenroll s ConfigManagerServer.DOMAINA.local ignorecertchaininvalidation u UserName

We are able to ping the server ConfigManagerServer.DOMAINA.local.

Here is our error when trying to enroll a mac in DOMAINA

sudo ./cmenroll -s configmanagerserver.domainA.local -ignorecertchainvalidation -u 'domainA\user'

Please enter your password.

System Center Configuration Manager Client for Mac OS X

Version: 5.00.7804.1202

Copyright Microsoft Corporation

Contacting Server: https://ConfigMgrServer.domainA.local/EnrollmentServer/DeviceEnrollmentWebService.svc

2014-02-21 09:57:57.520 cmenroll[4430:a07] Failed to initialize SSL connection.

Any ideas on what to check to see what the problem is?   Thanks in advance.

Also trying to find the SMS_DM.log file.

According to this document it should give me some clues on the communication between Mac's and the enrollment point.

http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_MDMLog

Anybody have any suggestions?

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.