Microsoft Security | Active Directory Federation Services
Federated identity management using Active Directory Federation Services
Error configuring AD FS on windows 2016 server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 15%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Janus Bariñan
1,126
Reputation points
I get an error when configuring ADFS for the first time. I search the internet and found only little information about this so I am posting for help here.
Microsoft Security | Active Directory Federation Services
{count} votes
-
Manu Philip 20,651 Reputation points MVP Volunteer Moderator2020-05-20T04:28:22.077+00:00 Hello,
We need more details to troubleshoot the issue further like the steps you performed, logs, event viewer messages etc.. Meantime, check it again by disabling Windows Firewall
Thanks, Manu
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,641 Reputation points Microsoft Employee Moderator2020-05-20T04:31:57.98+00:00 Could you please provide complete error and any events during this configuration?
-
Janus Bariñan 1,126 Reputation points
2020-05-20T04:47:17.057+00:00 Normal steps in configuring via Server Manager console. At the end of the configuration steps it says The server is not operational.
These are from event logs.
-
Manu Philip 20,651 Reputation points MVP Volunteer Moderator
2020-05-20T05:05:33.687+00:00 Hello,
Although it reports a certificate issue, the root cause can be a permission also. So, first make sure that the certificate is fine. If you check event log, you may see messages like 'AD FS detected that all the service certificates have appropriate access given to the AD FS service account.'. This shows that certificate is fine.
Have you tried to install ADFS by domain account? Try installing with Local System Administrator account also and see if you are able to succeed
Thanks,
Manu -
Janus Bariñan 1,126 Reputation points
2020-05-20T09:08:41.417+00:00 I See no logs pertaining to 'AD FS detected that all the service certificates have appropriate access given to the AD FS service account.' I tried installing using domain admin account and still same error. Also tried with account that is a member of the local admin of the server. I tried re-installing several times and I always get this error on MSSQL event ID 9645 (screenshot from the thread). Something about the sql broker. I'm confused since I am not using SQL. I am using WID.
-
Janus Bariñan 1,126 Reputation points
2020-05-20T09:19:15.593+00:00 already replied above.
-
Manu Philip 20,651 Reputation points MVP Volunteer Moderator
2020-05-20T15:47:37.947+00:00 Hello @Janus Bariñan ,
Have you tried the Microsoft solution here: https://support.microsoft.com/en-us/help/2832204/mssql-microsoft-wid-service-was-unable-to-log-on-as-nt-service-mssql-m
Thanks,
Manu -
Janus Bariñan 1,126 Reputation points
2020-05-21T01:17:29.837+00:00 Yes already did that. Even added both NT SERVICE\MSSQL$MICROSOFT##WID and NT SERVICE\ALL SERVICES and still get "The server is not operational"
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 17%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Michael Guenzel 0 Reputation points2023-10-02T20:12:47.44+00:00 I get an error close to the OP...
I am logged into the server under the domain admin account, I install ADFS and go to configure it, and error out with one of two errors... Nor can I always reproduce the same errors...
This is my most common one...
You do not have sufficient privileges to create a container in Active Directory at location CN=b068000d-5ee5-4d86-9fc2-ab9823eae29e,CN=ADFS,CN=Microsoft,CN=Program Data,DC=____,DC=com for use with sharing certificates. Verify that you are logged on as a Domain Admin or have sufficient privileges to create this container, and try again.
I already have a folder structure for ADFS THOUGH it is now what shows above, it has it under the DC=, CN=Program Data, CN=MICROSOFT, CN=ADFS, and then a bunch of sub folders
Sign in to comment
Sign in to answer