“Device Registration Service is not in a valid configuration state”

After running AdfsDeviceRegistration you might encounter this error:

PS C:\Users\pieter.CONTOSO> Enable-AdfsDeviceRegistration
Enable-AdfsDeviceRegistration : Device Registration Service is not in a valid configuration state. Service account
CONTOSO\ADFSUserAccount$ does not have the required access on CN=DeviceRegistrationService,CN=Device Registration
Services,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=contoso,DC=com. Ensure that the service
account is granted all rights except Write DACL, Write owner, and Extended write, and try again.

This can be fixed by running the following cmdlet:

Initialize-ADDeviceRegistration

After entering the “Managed Service Account name” – in my case “ADFSUserAccount$” , the permissions will be configured correctly.
Afterwards you can run the “Enable-AdfsDeviceRegistration” cmdlet again.

If this helped you, please consider leaving a reply – thanks!

Comments

• Anonymous
  November 22, 2013
  Yes, that helped. The process changed between prerelease in Windows Server 2012 R2 and RTM. Note that I'm doing this for AD FS, but the process is the same.

• Anonymous
  November 22, 2014
  Sorry no go for me :( Is it mandatory to use gMSA ? are there any SPN requirements ?

• Anonymous
  May 07, 2015
  Thanks that worked! Worth noting that the Managed Service Account is created with a $ appended to the name you specify when installing ADFS

• Anonymous
  May 14, 2015
  Taparshi - Try running the powershell "As administrator"

• Anonymous
  June 02, 2015
  Thanks! works

• Anonymous
  June 26, 2015
  Great. Thanks. It helped me alot.

• Anonymous
  January 03, 2017
  This Helped us ! Thanks so much we had to type in the user with the domain to get it going.But we're still unable to join the Windows 10 machine :S