“Device Registration Service is not in a valid configuration state”


After running AdfsDeviceRegistration you might encounter this error:

PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration
Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account
CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration
Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service
account is granted all rights except Write DACL, Write owner, and Extended write, and try again.

image

This can be fixed by running the following cmdlet:

Initialize-ADDeviceRegistration

After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly.
Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.

image

If this helped you, please consider leaving a reply – thanks!


Comments (7)

  1. Byron Wright says:

    Yes, that helped. The process changed between prerelease in Windows Server 2012 R2 and RTM. Note that I'm doing this for AD FS, but the process is the same.

  2. Anonymous says:

    My role has previously primarily focused on Microsoft Intune, nowadays it’s more towards our whole Enterprise

  3. Taparshi says:

    Sorry no go for me 🙁 Is it mandatory to use gMSA ? are there any SPN requirements ?

  4. NvB says:

    Thanks that worked! Worth noting that the Managed Service Account is created with a $ appended to the name you specify when installing ADFS

  5. Michael Hoenow says:

    Taparshi – Try running the powershell "As administrator"

  6. Elton says:

    Thanks! works

  7. Muhammad Qasim says:

    Great. Thanks. It helped me alot.