HI,
We have setup AD/CA/NPS that certificate authentication works fine with our domain computers. Now we would like to extend this 1x authentication to laptops from another separate ad domain. We have a two way forest trust between the two ad domains.
I'm a bit confused about the certificates and who needs to trust what and what are the client and nps settings for this combination. I tried some combinations of client and NPS settings, but couldn't get this to work. Authentication attempts do show in NPS event log, but i couldn't find anything with those errors.
Computers in both domain have both CA root certs installed. All computers have a client certificate from their own domain CA.
Does anyone here know how to make this happen as seamless as possible, so the users wouldn't have to enter any credentials?
Thanks,
Petrus