“Device Registration Service is not in a valid configuration state”

After running AdfsDeviceRegistration you might encounter this error:

PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration
Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account
CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration
Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service
account is granted all rights except Write DACL, Write owner, and Extended write, and try again.


This can be fixed by running the following cmdlet:


After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly.
Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.


If this helped you, please consider leaving a reply – thanks!

Comments (7)

  1. Byron Wright says:

    Yes, that helped. The process changed between prerelease in Windows Server 2012 R2 and RTM. Note that I'm doing this for AD FS, but the process is the same.

  2. Taparshi says:

    Sorry no go for me 🙁 Is it mandatory to use gMSA ? are there any SPN requirements ?

  3. NvB says:

    Thanks that worked! Worth noting that the Managed Service Account is created with a $ appended to the name you specify when installing ADFS

  4. Michael Hoenow says:

    Taparshi – Try running the powershell "As administrator"

  5. Elton says:

    Thanks! works

  6. Muhammad Qasim says:

    Great. Thanks. It helped me alot.

  7. Mario P. says:

    This Helped us ! Thanks so much we had to type in the user with the domain to get it going.

    But we’re still unable to join the Windows 10 machine :S

Skip to main content