This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 8%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
hello,
we have SCCM v2010 and I am trying to provide updates at the clients which are connected through VPN but it doenst seem to work.
I have the boundaries defined and specifically the IP range of the VPN which is 192.168.150.5 - 192.168.150.254.
when I look at my computer (connected through VPN) at the locationservices.log I see the below:
Updating portal certificates LocationServices 12/17/2020 9:13:55 AM 3892 (0x0F34)*
There are no certificates available to install LocationServices 12/17/2020 9:13:55 AM 3892 (0x0F34)
1 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 12/17/2020 9:15:44 AM 16572 (0x40BC)
Unable to retrieve AD site membership LocationServices 12/17/2020 9:28:56 AM 5092 (0x13E4)
Unable to retrieve AD site membership LocationServices 12/17/2020 9:28:56 AM 5092 (0x13E4)
Reset assigned MP error count LocationServices 12/17/2020 9:28:56 AM 6408 (0x1908)
Received reply of type PortalCertificateReply LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
The reply from location manager contains 0 certificates LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
Updating portal certificates LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
There are no certificates available to install LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)*
Worth to say that when on corporate network then it works like a charm.
any ideas of what I need to check/ do?
thank you
Hi,
Are you using PKI certificate to communicate with the MP?
Make sure that all necessary ports are allowed on your network firewall between your VPN Clients <> Domain controller / Site server / DP / SUP etc.
Regards,
Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** for useful answers, thank you!
@Constantine J. Koulis
Thank you for posting in Microsoft Q&A forum.
Did you add your VPN boundary to your boundary group that has a DP assigned?
Also, more detailed log could be more useful.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
hello @AllenLiu-MSFT
yes I believe I have added correctly the VPN
1) I first created a new boundary with the IP 192.168.150.0-19.168.150.254
2) and then I went to my existing group called (CHICAGO) and I added the above boundary as a member.
below is the log for "LocationServices.log" after restarting the "ccmexec" service at my laptop which is connected through VPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters: DynamicSiteName. Is there an AD site listed there or is it blank?
Is it possible to retire the impacted machine from domain and re-added it?
Regards,
Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** for useful answers, thank you!
hello @Youssef Saad
there is no entry at the regedit, see below
about taking the laptop out of the domain and rejoining it i dont really want to do that since i am remotely and i dont want to have any issues...
let me know your thoughts.
Have you added the VPN IP subnet under Active Directory Sites & Services with a dedicated domain controller?
Regards,
Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** for useful answers, thank you!
no @Youssef Saad I don't believe I have done that, can you assist me on how is that done?
On your domain controller, open Active Directory Sites & Services, go under Subnets and add new one for VPN clients then assign it to his specific site.
More details: https://easycentercorp-practicemanager.com/setting-up-active-directory-sites-subnets-site-links/
Regards,
Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** for useful answers, thank you!