You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the following log file, an error message that resembles the following is logged:
99
+
In the following log file, an error message that resembles the following entry is logged:
100
100
101
101
**LocationServices.log**
102
102
@@ -137,15 +137,15 @@ This issue occurs if one or more of the following conditions are true:
137
137
138
138
If you're using a PKI server authentication certificate, follow these steps:
139
139
140
-
1. Make sure that the certificate presented to the client has the expected CMG name. If you're using third-party services that use certificate pinning and modify the presented certificate, the clients can't validate the server certificate.
140
+
1. Make sure that the certificate presented to the client has the expected CMG name. If you're using non-Microsoft services that use certificate pinning and modify the presented certificate, the clients can't validate the server certificate.
141
141
142
142
To verify which certificate is presented, open the following URL in the web browser:
Replace the `<CMGFQDN>` placeholder with your CMG public FQDN name.
146
+
Replace the `<CMGFQDN>` placeholder with your CMG public fully qualified domain name (FQDN) name.
147
147
148
-
2. Make sure that the client has the certificate in the Trusted Root Certification Authorities certificate store locally. Otherwise, the client doesn't trust the CMG, even when using Microsoft Entra or token-based authentication. This modern authentication method is only available for the CMG to validate the server authentication, but not in the responses sent from the CMG to the client. When you use a third-party certificate for the authentication, the client is typically able to validate the public Root CA over the Internet.
148
+
2. Make sure that the client has the certificate in the Trusted Root Certification Authorities certificate store locally. Otherwise, the client doesn't trust the CMG, even when using Microsoft Entra or token-based authentication. This modern authentication method is only available for the CMG to validate the server authentication, but not in the responses sent from the CMG to the client. When you use a non-Microsoft certificate for the authentication, the client is typically able to validate the public Root CA over the Internet.
149
149
150
150
3. If the CRL isn't published on the Internet, make sure that the site doesn't enforce clients to validate the CRL and disable CRL checking for clients:
151
151
@@ -164,7 +164,7 @@ If you're using a PKI server authentication certificate, follow these steps:
164
164
165
165
## Error code 401 (CMGService_Invalid_Token)
166
166
167
-
The client hasn't communicated with the site (via CMG or MP) for over 30 days, or the `CCMSetup` command is attempting to use an expired token with the `/regtoken` parameter. In the following log files, error messages that resemble the following are logged:
167
+
The client hasn't communicated with the site (via CMG or MP) for more than 30 days, or the `CCMSetup` command is attempting to use an expired token with the `/regtoken` parameter. In the following log files, error messages that resemble the following entries are logged:
0 commit comments