Unable to retrieve AD forest domain membership error 0x8007054b

hello,

we have SCCM v2010 and I am trying to provide updates at the clients which are connected through VPN but it doenst seem to work.

I have the boundaries defined and specifically the IP range of the VPN which is 192.168.150.5 - 192.168.150.254.

when I look at my computer (connected through VPN) at the locationservices.log I see the below:

Updating portal certificates LocationServices 12/17/2020 9:13:55 AM 3892 (0x0F34)
There are no certificates available to install LocationServices 12/17/2020 9:13:55 AM 3892 (0x0F34)
1 assigned MP errors in the last 10 minutes, threshold is 5. LocationServices 12/17/2020 9:15:44 AM 16572 (0x40BC)
Unable to retrieve AD site membership LocationServices 12/17/2020 9:28:56 AM 5092 (0x13E4)
Unable to retrieve AD site membership LocationServices 12/17/2020 9:28:56 AM 5092 (0x13E4)
Reset assigned MP error count LocationServices 12/17/2020 9:28:56 AM 6408 (0x1908)
Received reply of type PortalCertificateReply LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
The reply from location manager contains 0 certificates LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
Updating portal certificates LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)
There are no certificates available to install LocationServices 12/17/2020 9:28:56 AM 9964 (0x26EC)

Worth to say that when on corporate network then it works like a charm.

any ideas of what I need to check/ do?

thank you

• Remove From My Forums

• Question

• I have a number of computers that, for all other intents and purposes, work, but I cannot deploy software to them.  From the user's perspective these computers are completely functional.  From an ConfigMgr perspective they appear to be working clients; They're performing hardware and software inventories.  I just cannot deploy software to them.

  As I find these clients, I've been removing them from AD and re-adding them.  I'm hoping to find a method that is less disruptive to the user.  These systems are a tiny minority of my client base, but there are still several of them.

  Here's an excerpt from LocationServices.log:

  Received reply of type PortalCertificateReply
  The reply from location manager contains 0 certificates
  Updating portal certificates
  There are no certificates available to install
  Unable to retrieve AD site membership
  Unable to retrieve AD site membership
  Client is not in any boundary group and ConfigMgr is no longer managing WindowsDO GPO. Set WindowsDO GPO to default values. Mode = LAN. GroupID = empty	
  The number of discovered DPs(including Branch DP and Multicast) is 0	
  

  
  

Answers

• I've had this issue on a number of computers.  The computer that prompted me to post, it turns out, DID have a problem with its AD membership.  I discovered that it had not changed its AD password in over two months.  I removed the computer from the domain, and re-added it.  I was then able to deploy software to it.

  • Marked as answer by Thursday, November 15, 2018 1:06 PM

We have had SCCM up and running for a few months now. Very few problems, ultimately it is excellent (especially in comparison to LANDesk which we found to be dreadful and utterly unreliable - steer clear!!!).

We are in the process of setting up AD sites so that we can more effectively handle the differences in bandwidth available over the different links (until now we have had to apply differetn BITS settings by OU, but that has its obvious limitations when roaming laptop users).

However, since creating our first site (using a subnet), the SCCM client will not install using WSUS with the error message listed in the log below. The only boundary we have setup is Default-First-Site-Name (if that makes any difference), but the PC we are testing the client installation is not in the new site.

1. What have we not configure correctly?

2. Can you not tell WSUS to use an MP in the command line?

A typical succcessful log

==========[ ccmsetup started in process 2336 ]==========

Version: 4.0.6487.2000

GetAdaptersAddressess entry point is supported.

DhcpGetOriginalSubnetMask entry point not supported.

Adapter {97300C4F-87EF-4EB5-A7C5-F4FE06CF6620} is DHCP enabled. Checking quarantine status.

Current AD site of machine is Default-First-Site-Name

Attempting to query AD for assigned site code

Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=174336851)(MSSMSRangedIPHigh>=174336851))))

Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.100.43.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))

LSGetAssignedSiteFromAD : Trying to Assign to the Site

The MP name retrieved is 'columbus.ad.lancscc.net' with version '6487l' and capabilities ''

Retrieving client operational settings from AD.

ClientOperationalSettings search filter is '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=S02))'

Command line: "C:\WINDOWS\SoftwareDistribution\Download\Install\ccmsetup.exe"

UNSUCCESSFUL INSTALLATION LOG

==========[ ccmsetup started in process 2776 ]==========

Version: 4.0.6487.2000

GetAdaptersAddressess entry point is supported.

DhcpGetOriginalSubnetMask entry point not supported.

Adapter {AD57F1FD-7260-4877-AA76-071695B8CC46} is DHCP enabled. Checking quarantine status.

Unable to retrieve AD site membership

Attempting to query AD for assigned site code

Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=174336897)(MSSMSRangedIPHigh>=174336897))))

Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.100.43.0)))

Command line: "C:\WINDOWS\SoftwareDistribution\Download\Install\ccmsetup.exe"

Ccmsetup was run without any user parameters specified. Assume AUTO sitecode and run without registering ccmsetup as a service.

CCMHTTPPORT: 80

CCMHTTPSPORT: 443

CCMHTTPSSTATE: 2147483648

CCMHTTPSCERTNAME:

FSP:

No MP or source location has been explicitly specified. Trying to discover a valid content location...

Current directory is not a valid source location.

Looking for an MP source through SLP...

IPv6 entry points already initialized.

DHCP entry points already initialized.

Adapter {AD57F1FD-7260-4877-AA76-071695B8CC46} is DHCP enabled. Checking quarantine status.

Unable to retrieve AD site membership

Attempting to query AD for assigned site code

Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=174336897)(MSSMSRangedIPHigh>=174336897))))

Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.100.43.0)))

Couldn't find an MP source through SLP.

No valid source or MP locations could be indentified to download content from.Ccmsetup.exe cannot continue.

Invalid ccmsetup command line: "C:\WINDOWS\SoftwareDistribution\Download\Install\ccmsetup.exe"

A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.

A Fallback Status Point has not been specified. Message with STATEID='307' will not be sent.