ADFS FBL Raise Fail

Lim Chong Sun 531 Reputation points
2021-06-11T11:14:50.627+00:00

I tried to raise the ADFS FBL with Test-AdfsFarmBehaviorLevelRaise

Test-AdfsFarmBehaviorLevelRaise : Database upgrade cannot be performed on xxx Error: Connecting to remote server xxx failed with the following error message : WinRM cannot process the request. The following error with errorcode
0x8009030e occurred while using Kerberos authentication: A specified logon session does not exist. It may already have been terminated.

I checked that Windows Remote Manager service is running.
I checked that TCP 5985 is not blocked.

I am running the command on the primary server and it is a single node farm. I have checked the ADFS service is in good health before I run this command.

Any advice on how I can raise the FBL?
I am using a local admin account to raise the FBL. Is it that problem? If I can only use a local admin account, do I need to add certain permissions?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,244 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pierre Audonnet - MSFT 10,181 Reputation points Microsoft Employee
    2021-06-11T13:10:32.707+00:00

    When you say you are using a local admin account, you mean a local account which is admin? Or a domain account which is a member of the local administrators group?
    The error message suggests a Kerberos authentication erreur. So that you used a local account. There's no Kerberos authentication possible when using a local account.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.