This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 41%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hello all,
I've been tasked by my organisation to create an Always On VPN infrastructure. My organisation has two domains (DOM-A & DOM-B) that are in a trust relationship, but the plan is for it to be 'domain-agnostic' - the user at home will connect to a cloud loadbalancer and this can send their connection to the RRAS / Network Policy server infrastructure in either domain.
The part I am unsure about is the certificates; if a DOM-A user that has user and machine certificates signed by the DOM-A PKI infrastructure gets their connection sent to DOM-B by the cloud loadbalancer, then presumably the connection will fail - is that right?
Can anyone give me a pointer to achieve the above, or is it simply not supported?
Thanks for any help.
Hi ,
Due to limited environment, we are not able to test such scheme in our lab. But you might try to put the root certs in each other's trusted root certification. Then see if it works.
Best Regards,
Candy
Thankyou, in turns out that there is a policy on our doamisn to add the root certs of the other domains so I'll proceed to test with that.
I will wait for your good news. :)