Hi, We have two forests, Forest A and Forest B. There is a Two way trust between these two forests. In Forest A - we have abc.com In Forest B - We have xyz.com We have a SCCM Primary Site server in forest A Primary.abc.com; with all roles enabled. We want to manage clients in xyz.com domain, we have installed SCCM Client with command line and all the clients are now reporting to Primary.abc.com Site Server. For Clients in xyz.com domain we wanted to create a Distribution Point We got a Server DPServer.xyz.com and we enabled the Distribution point with a server Share option \\DPServer\FolderName, but this is not working, we are getting errors; The operating system reported error 2147942405: Access is denied. I have enabled the NAL logging and found below errors in Distmgr.log Attempting to add or update a package on a distribution point. for ["Display=\\DPServer\"]MSWNET:["SMS_SITE=ABC"]\\DPServer\, machine account is to be used NAL[1] - ERROR: failed to get connection status. This network connection does not exist. NAL[1] - ERROR: failed to make the network connection. Access is denied. NAL[1] - ERROR: failed to obtain access. Access is denied. NAL[1] - The server is inaccessible. Access is denied. Cannot establish connection to ["Display=\\DPServer\"]MSWNET:["SMS_SITE=ABC"]\\DPServer\ Below are the Security Rights i have granted: Added Primary Site Server account in to the Local Administrators Group on DPServer.xyz.com Created FolderName and shared with Full access to Local Administrators Group, SYSTEM Account, Primary Site Server Account, Readonly Access to Everyone Security Rights for FolderName - Full access to Local Administrators Groups, SYSTEM Account, Primary Site Server Account, Read&Execute to Everyone When i try to access \\DPServer\Foldername from my primary site server, i am able to Access the share. I have even tried at <Time> /Interactive CMD ; i am able to create a network share but unable to create any files or folder in that Network Drive; it gives me ACESS DENIED Error. Please help me to resolve this issue... Regards, SB

That scenario is not supported: http://technet.microsoft.com/en-us/library/bb694003.aspx (see "Communications Across Forest Trusts Within a Configuration Manager Site").

Thanks Replying, i did a small change configured the DP to run with Windows Account i.e xyz.com\SccmSvcAccount and it worked, i am able to update the newly created Distribution point. Will check tomorrow if client are able to pickup the packages from this DP. Thanks again, SB

As Torsten suggests this is not going to work. You can't have a DP in a remote forest. As a matter fact for simplicity I suggest you add a primary site in the remote forest, otherwise it's like managing workgroup clients which is a pain. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Hi John, Thanks for the suggestion, we will be moving the clients to the Primary site in xyz.com domain, we have a Project plan scheduled for this. But in the mean time we have some urgent deployments to go, for which i was looking. Do you think, there will be any issues with client picking the packages from these distribution points. Regards, SB

Do you think, there will be any issues with client picking the packages from these distribution points. I suspect the clients won't find the DP in the remote forest because having that DP as a remote site system from a site in the other forest is unsupported. John Marcum | http://myitforum.com/cs2/blogs/jmarcum |

Hi John, Thought to share the result...... Today we tested Software Distribution to the clients in remote forest, the test was successful. Client were receiving packages from the newly created DP in Remote Forest. Thanks & Regards, SB