I am really struggling with this one. I installed ADFS 4 on 2019 (yes, 2019 forest and domain levels), topology is one back-end federation server for the farm, one database server (SQL, not WID). Haven't even setup the WAP yet...was playing with Device Registration and deleted the OOTB Device Registration Service RP Trust. Now, no matter what I do I cannot get it to come back. To make it worse, when I go into Device Registration in ADFS, now it says "Device registration is not configured. You must upgrade your AD FS Farm before you can configured device registration".
Uninstalled reinstalled the ADFS services, done the initialize-ad and add-adfsdevice blah blah...nothing...that RP just will not come back and it keeps telling me the Farm needs to be upgraded. On top of that, I have a test AD instance and tried bringing up new there...it's a slightly different config and no internet access and using WID....can't get the RP for Device Registration to show up there either, but it at least doesn't say my Farm needs to be upgraded. How do I get this RP back - and more importantly, why isn't it naturally showing up on a new install... How do I get the AD FS Farm upgrade status to change from amber back to green? And for some lite rhetorical... Why is there no real documentation for this stuff? It's like MS is making this stuff up as we go along...VERY little documentation and I can't find any super-verbose logging to turn on to see if something is silently failing...end rhetorical.
I'm going crazy!
Quick update, I uninstalled, ADFS and removed the existing databases from SQL and reinstalled/reconfigured, and now it says Device Reg is enabled and configured, and it's green. But I still don't have a Relying Party Trust. Strange thing is that when I run Initialize-ADDeviceRegistration it doesn't error out anymore about not being able to set the mfa access control policy to Device Registration Relying Party trust... It just completes successfully without warning - yet there is no RP trust...