Share via


Unable to Configure Device Registration Service 2012 R2

During the deployment when trying to enable the DRS Service issues occur for the very initial set up.

Getting the error on the very first step i.e. while initializing the DRS Service:

Initialize-ADDeviceRegistration : Unable to configure Device Registration Service ACLs. DeviceRegistrationService

At line:1 char:1

+ Initialize-ADDeviceRegistration -ServiceAccountName reversevision\svc_adfs -Devi ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : NotSpecified: (:) [Initialize-ADDeviceRegistration], DisplayableArgumentException

+ FullyQualifiedErrorId : DeploymentTask,Microsoft.IdentityServer.Deployment.Commands.InitializeDeviceRegistration

Command

Message                                 Context                                                                  Status

-------                                 -------                                                                  ------

Unable to install Device Registratio... DeploymentTask                                                            Error

 

Go to the core process that what all changes are made in the active directory when we initialize the Device Registration Service.

Gp to the domain controller and navigate to the below mentioned location (Since when we enable the DRS Service an object is created in AD):

CN=Device Registration Service DKM,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=domain,DC=com.

CN=DeviceRegistrationService,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=domain,DC=com.

And then we removed the objects which were created by the DRS Service for unsuccessful attempt. Then I had to provide the ACL permissions as well which were not getting configured automatically (a probable reason for the same may be for User right assignment policy configured at custom level). Find below the details of the ACL Permissions configured:

We gave full permission to ADFS Service Account on following location.

CN=Device Registration Service DKM,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=domain,DC=com.

CN=DeviceRegistrationService,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=domain,DC=com.

CN=RegisteredDevices,DC=reversevision,DC=com

And then we were able to initialize and enable the service successfully.