Hi all,
I am trying to get internet based client management working but struggling with a few things.
Here's what I have achieved so far:
Single AD, Single Forest (2008 R2)
1 x Primary Server (primary.contoso.com)
2 x Distribution Points (newark.contoso.com & boston.contoso.com)
1 x IBCM Server (ibcm.contoso.com)
1 x Enterprise Certificate Server
Domain name created with external DNS provider (sccmagent.contoso.com)
Firewall NAT Rule forwards port 443 from sccmagent.contoso.com to ibcm.contoso.com
Firewall Access Rule allows port 443 inbound from any WAN to LAN ibcm.contoso.com
==========
There are no domain controllers within the DMZ and due to various internal issues, DMZ will not be used for this solution. Therefore the IBCM server has been installed directly onto the LAN and will be secured with a sonicwall firewall (microsofts
third best practice option).
Certificates have been created and deployed. Client agents have the certificates already installed and display PKI infrastructure. The network settings tab on the agent have been updated to include the external FQDN of the IBCM server (sccmagent.contoso.com).
Primary sites components all look to be in good health, management point and distribution point roles for IBCM look good.
My problem is that when I take my test laptop home and connect to the internet, I do not believe it's communicating with the IBCM server. I've checked the port 443 is open which it is. When I visit
https://sccmagent.contoso.com//sms_mp/.sms_aut?mplist
I get the following error page:
"The site's security certificate is not trusted! You attempted to reach sccmagent.contoso.com, but the server presented a certificate issued by an entity that is not
trusted by your computer's operating system."
Every guide I have read tells me that I have done everything correctly, so what am I missing? The certificates I created were all set to ibcm.contoso.com as the
guides suggest and not sccmagent.contoso.com
Thanks!!!!!
-
Edited by
GlenHarrison
Monday, July 21, 2014 11:06 AM