Always On VPN and multiple domains

Kernel Panic 41 Reputation points

Hello all,

I've been tasked by my organisation to create an Always On VPN infrastructure. My organisation has two domains (DOM-A & DOM-B) that are in a trust relationship, but the plan is for it to be 'domain-agnostic' - the user at home will connect to a cloud loadbalancer and this can send their connection to the RRAS / Network Policy server infrastructure in either domain.

The part I am unsure about is the certificates; if a DOM-A user that has user and machine certificates signed by the DOM-A PKI infrastructure gets their connection sent to DOM-B by the cloud loadbalancer, then presumably the connection will fail - is that right?

Can anyone give me a pointer to achieve the above, or is it simply not supported?

Thanks for any help.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
2,202 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
1,941 questions
No comments
{count} votes

Accepted answer
  1. Candy Luo 12,451 Reputation points

    Hi ,

    Due to limited environment, we are not able to test such scheme in our lab. But you might try to put the root certs in each other's trusted root certification. Then see if it works.

    Best Regards,


0 additional answers

Sort by: Most helpful