If you find on restarting your ADFS server that you get the following event IDs in System event log, 7038, 7034 and 7000 that read as the following:
The adfssrv service was unable to log on as DOMAIN\adfssvc$ with the currently configured password due to the following error:
The user name or password is incorrect.To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
and
The Active Directory Federation Services service terminated unexpectedly. It has done this x time(s).
and
The Active Directory Federation Services service failed to start due to the following error:
The service did not start due to a logon failure.
and you find that installations of integrated services like the MFA adapter for ADFS fail (if enabled) with errors such as “The configuration service URL ‘net.tcp://localhost:1500/policy’ may be incorrect or the AD FS Windows Service is not running” – though this might just be down to what I was doing when I found ADFS was not running, then the obvious answer really is that the password is wrong.
Though what if you are using a gMSA (Group Managed Service Account) – surely the password should never be wrong as the system manages it for you. Well that was also my case, and maybe that is where MFA comes into it, as MFA with ADFS requires changes to the service account.
So how do you get ADFS restarted.
This is so easy its shocking! You open the services management tool, open the properties for the Active Directory Federation Services service and delete the password in the Log On box. That’s right – just blank it out. Click OK and start the service. The computer will set it for you correctly!
Leave a Reply