Get-AdfsProperties Error ADMIN0120


The below is an issue which caused this week’s customer a little stress.  They wanted to review the current AD FS configuration, but were not able to successfully run the Get-AdfsPropeties cmdlet.

The Get-AdfsProperties cmdlet would generate the error below.

ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy

For make most glorious benefit of search engines:
Get-AdfsProperties : ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy. The client process must be ru
At line:1 char:1
+ Get-AdfsProperties
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (:) [Get-AdfsProperties], StorageAuthorizationException
+ FullyQualifiedErrorId : ADMIN0120,Microsoft.IdentityServer.Management.Commands.GetServicePropertiesCommand

 

They focused on the localhost:1500/policy portion of the message, and thought that the AD FS service was not running.  It was.  So what was up?

Part of the issue was that the PowerShell result text was truncated.  If the window was resized, does the below shine additional light?

ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy. The client process must be run with service administrative privileges

Get-AdfsProperties : ADMIN0120: The client is not authorized to access the endpoint net.tcp://localhost:1500/policy. The client process must be run with service administrative privileges.
At line:1 char:1
+ Get-AdfsProperties
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OpenError: (:) [Get-AdfsProperties], StorageAuthorizationException
+ FullyQualifiedErrorId : ADMIN0120,Microsoft.IdentityServer.Management.Commands.GetServicePropertiesCommand

 

Bootnote

This was classic case of not elevating the cmd prompt or PowerShell instance.

See this post for an easy way to elevate.

 

Cheers,

Rhoderick

Comments (0)

Skip to main content