Cross-forest deployment problems

Question

We are attempting to deploy Endpoint to systems in another forest using a management server in a different forest.

There is a two way trust.

I can ping the test system from the management server (Win2K8R2).

I can ping the management server from the test system (Win2K8R2).

I can check the tasks running in the Task Scheduler on the test system from the management server.

Here's where it gets weird: I can create a task on the test system from the management server when I use the test system's IP, but when I use the hostname, or the FQDN, I get the "A security package specific error occured."

I can install the Sophos Endpoint client from the test system and it connects up to the ms with no issues.

We have confirmed that all the DNS entries are correct, and rdns is working.

Can this not be done?

This thread was automatically locked due to age.

QC · Accepted Answer

As for I can [...] when I use the test system's IP I think the explanation is somewhat hidden in Microsoft Negotiate : Currently, the Negotiate security package selects between Kerberos and NTLM . Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos. Guess the latter is the case if you specify an IP. Christian :48342