Hi, I have a single SCCM 2012 SP1 CU1 primary site which has three SUP's. Two are in the same forest/domain and share the susdb database. I have a third SUP installed in an untrusted forest which is firewalled from our network and only the primary site server has firewall access on the required ports.
The setup above is all working fine. I am now trying to integrate three additional untrusted forests into the single primary site. These forests only have 5-10 clients at this stage so I don't want to setup additional SUP's in each of these forests.
So I have extended these forests schema for SCCM and are publishing into these forests so the MP's are created in the System Management container. I've also setup additional client installation accounts so that we can install the sccm client via client push. This is working and the clients can download packages using the network access account.
What isn't working is software updates and hence SCEP definition updates. Looking in the wuahandler.log I can see the client using the SUP in the other untrusted forest which is behind a firewall and hence inaccessible.
From my understanding this is fine, as the clients will fail over to an alternative SUP after multiple attempts - the other two SUPS are accessible. But after 5 days of monitoring the logs, these clients still haven't failed over to another SUP. Some of the clients are actually working and these are the ones that originally connected to one of the two SUPS that are on the same network.
Is anyone else experiencing this and is there a way to force the client to use an alternative SUP?
Thanks for your help.
Carl