I am trying to manage our DMZ (separate domain) and one way trust (DMZ trust production).  We use PKI and so we installed a SubCA in the DMZ to get the all DMZ server certificate. We also extended DMZ AD to publish SCCM as we are follow this configuration:

http://blogs.technet.com/b/neilp/archive/2012/08/21/cross-forest-support-in-configmgr-2012-part-2-forest-discovery-publishing-and-client-push-installation.aspx

Now wen we try to push the client we get:

"Failed to receive ccm message response. Status code = 403 ccmsetup 7/16/2013 1:52:00 PM 3036 (0x0BDC)
GetDPLocations failed with error 0x80004005 ccmsetup 7/16/2013 1:52:00 PM 3036 (0x0BDC)
Failed to get DP locations as the expected version from MP 'https://Production.local. Error 0x80004005 ccmsetup 7/16/2013 1:52:00 PM 3036 (0x0BDC)" and no install of the client.

when we manually install the client it installs somewhat.  Client has Assigned MP, connection type=always intranet, site code=SMS:001, Version=5.00.7804.1000 but Client certificate=none.  So no other configuration happens only two actions "machine and user cycle"

location log we are getting:

Failed to send management point list Location Request Message to MP.local LocationServices 7/16/2013 2:01:13 PM 1064 (0x0428).

not sure what is next we can do to get these server managed.

Just a single line from a logfile does not help too much ... please provide some more lines from LocationServices.log (upload it to Skydrive)