hi,
I am trying to implement cross-forest certificate enrollment with win2008r2 and have been following the steps outline in http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx and have gotten everything to work. the final step is setting up the sync of PKI objects whenever there are changes detect on the CA side.
so I setup a task (running as target forest domain admin) from source forest CA based on CA event log triggers
but the task always fails with:
"Logon failure: the user has not been granted the requested logon type at this computer"
if I try to run the task as source forest domain admin, I get access denied as the script runs.
can anyone help?
I am trying to implement cross-forest certificate enrollment with win2008r2 and have been following the steps outline in http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx and have gotten everything to work. the final step is setting up the sync of PKI objects whenever there are changes detect on the CA side.
so I setup a task (running as target forest domain admin) from source forest CA based on CA event log triggers
but the task always fails with:
"Logon failure: the user has not been granted the requested logon type at this computer"
if I try to run the task as source forest domain admin, I get access denied as the script runs.
can anyone help?