Hi All,

There are two domains in different forest. Domain A and Domain B are connected with Forest trust.

TMG is joined to Domain A. Cert Server is joined to Doman A and issuing certificates for computers in Domain A and Domain B.

SSL Client Authentication on TMG is working for computers from Domain A but not working for computers from Domain B.

Does TMG support SSL Client Authentication in cross forest scenario?

Thank you in advance.

Regards,

Hi,

>>SSL Client Authentication on TMG is working for computers from Domain A but not working for computers from Domain B.

Any error in TMG logs when you test SSL client authentication for the computers from domain B?

Best Regards,

Joyce

Hi,

No error logs on TMG. Just Anonymous in Client Username field in Logging for computers from Domain B. [TMG has access to DC in Domain A and B]

Biggest question of all is how TMG authenticate via SSL?

We do not publish client certificates to AD in domain A (TMG native) and Domain B so TMG cannot make any compare against any domain. What filed in client certificate is used by TMG to authenticate the workstation?

Regards,

Hi All,

I know that TMG is out of support but I really need this to work.

There is documentation for SSL Client Authentication but this documentation is for ISA. I followed instructions but results are the same: https://technet.microsoft.com/en-us/library/cc707697.aspx?f=255&MSPPError=-2147217396#B

Please help.

Regards,

Hi,

It seems you have resolved this problem.

[SCCM 2012 R2] - IBCM - Authenticate computers on TMG from another forest

https://social.technet.microsoft.com/Forums/en-US/13cdb6c6-f078-4f47-b892-5b0f583419eb/sccm-2012-r2-ibcm-authenticate-computers-on-tmg-from-another-forest?forum=configmanagergeneral

Best Regards,

Joyce