After running AdfsDeviceRegistration you might encounter this error:
PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service account is granted all rights except Write DACL, Write owner, and Extended write, and try again.
This can be fixed by running the following cmdlet:
Initialize-ADDeviceRegistration
After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly. Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.
If this helped you, please consider leaving a reply – thanks!
Yes, that helped. The process changed between prerelease in Windows Server 2012 R2 and RTM. Note that I'm doing this for AD FS, but the process is the same.
Sorry no go for me :( Is it mandatory to use gMSA ? are there any SPN requirements ?