I have been reading up on CES information that I can find, but i'm still not getting a clear picture of how I should implement my setup.
I have a 2 tier CA setup in a root forest that has about 5 child domains. this setup is fine. I can get servers to autoenroll certificates. I set up a 3rd server to host the CES/CEPS so that delegation wouldn't be an issue.
I have about 20 domains that do not have a trust with the domain the CA is in. Yes about 20 from acquisitions, etc. I need to have servers autoenroll to receive a server certificate on the computer account. Installing other CA's is not an option. CES is
supposed to be my answer. I would like to use Kerberos only (windows authentication), but Its not working for me. Maybe this isn't recommended for my situation.
Microsoft only gives examples of external facing without trusts (so via internet, outside your network) and then intranet, with trusts between domains/forests.
is anyone out there with a setup of no trusts, using CES with windows authentication, and its working? I'm mainly looking for detailed steps in implementing because I think i'm missing something but i cant tell where exactly. Maybe its with delegation, maybe its access on IIS. I'm really not sure yet.