If you find on restarting your ADFS server that you get the following event IDs in System event log, 7038, 7034 and 7000 that read as the following:
The adfssrv service was unable to log on as DOMAIN\adfssvc$ with the currently configured password due to the following error:
The user name or password is incorrect.To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
and
The Active Directory Federation Services service terminated unexpectedly. It has done this x time(s).
and
The Active Directory Federation Services service failed to start due to the following error:
The service did not start due to a logon failure.
and you find that installations of integrated services like the MFA adapter for ADFS fail (if enabled) with errors such as “The configuration service URL ‘net.tcp://localhost:1500/policy’ may be incorrect or the AD FS Windows Service is not running” – though this might just be down to what I was doing when I found ADFS was not running, then the obvious answer really is that the password is wrong.
Though what if you are using a gMSA (Group Managed Service Account) – surely the password should never be wrong as the system manages it for you. Well that was also my case, and maybe that is where MFA comes into it, as MFA with ADFS requires changes to the service account.
So how do you get ADFS restarted.
This is so easy its shocking! You open the services management tool, open the properties for the Active Directory Federation Services service and delete the password in the Log On box. That’s right – just blank it out. Click OK and start the service. The computer will set it for you correctly!
11 responses to “ADFS Service Login Failures and a Simple Fix”
I had this in a non-MFA deployment as well. Weird / thanks for the tip!
I’ve run into this same issue but the Logon properties are grayed out. I tried to use sc.exe but this did not help.
Any ideas?
Are you logged in as an admin on the box? Greyed out settings here usually indicate running with non-elevated permissions
i have the same problem.. greyed out settings . i can’t change the password fields
Are you logged in as an admin on the box? Greyed out settings here usually indicate running with non-elevated permissions
Hi Brian,
I did the same thing as mentioned by you but the error is still there.
Can you please help me in this?
I need to see what error you get please?
Worked Like a Charm. Thanks!
Thank you — this worked perfectly on a Windows 2019 AD FS deployment, not including MFA.
Follow up — the fix still works, but I have to manually clear the password every time I reboot the server. Any thoughts on how to make this a permanent fix?
@Christopher Hinkle This has worked for me for months on an unruly server where I’d have to clear the password on every restart found on another site by Michael April 4th 2019 having the same problem with SQL Service
Here’s his solution
”
Hello,
I also ran in the problem when my SQL Service did not start after reboot using managed service accounts.
I solved the problem when I modified the following registry value (maybe the key difffers according to your instance name or the key might be missing entirely):
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLSERVER
Value: ServiceAccountManaged
Datatype: REG_BINARY
On one working machine the content of this key was
01 00 00 00
The other machine which was NOT working had its value set to
00 00 00 00
Note: You have to reboot your OS after you modified the registry value.
I don’t know why this happened, but I tried several reboots and every time the SQL Server Service starts fine even without configuring any service dependencies.
Hope this helps!
Kind Regards,
Michael
”
I changed the key to services\adfssrv and it worked like a champ.