Anyone out there doing SCEP enrollment from an MDM? We have it working but my concern is the SCEP URL on the onboard CA is bound to the hostname of the appliance, NOT the VIP FQDN. We have two appliances clustered and setup for standby publisher failover. In the event of a failover to the standby publisher, the hostname will be different for the SCEP URL. Is the onboard CA smart enough to account for the change or is there a way to reference the VIP FQDN instead?
Example:
VIP FQDN: cpvip.domain.com
Clustered Host1: cp1.domain.com (publisher)
Clustered Host2: cp2.domain.com (standby publisher)
SCEP URL cannot be edited and is cp1.domain.com/guest/mdps_scep.php/2
If we failover and promote cp2.domain.com to the publisher, it seems that scep enrollment would fail, so how do we make sure we point the scep request to the actual live publisher since it does not use the vip fqdn?