ADFS Service Login Failures and a Simple Fix

If you find on restarting your ADFS server that you get the following event IDs in System event log, 7038, 7034 and 7000 that read as the following:

The adfssrv service was unable to log on as DOMAIN\adfssvc$ with the currently configured password due to the following error:
The user name or password is incorrect.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

and

The Active Directory Federation Services service terminated unexpectedly.  It has done this x time(s).

and

The Active Directory Federation Services service failed to start due to the following error:
The service did not start due to a logon failure.

and you find that installations of integrated services like the MFA adapter for ADFS fail (if enabled) with errors such as “The configuration service URL ‘net.tcp://localhost:1500/policy’ may be incorrect or the AD FS Windows Service is not running” – though this might just be down to what I was doing when I found ADFS was not running, then the obvious answer really is that the password is wrong.

Though what if you are using a gMSA (Group Managed Service Account) – surely the password should never be wrong as the system manages it for you. Well that was also my case, and maybe that is where MFA comes into it, as MFA with ADFS requires changes to the service account.

So how do you get ADFS restarted.

This is so easy its shocking! You open the services management tool, open the properties for the Active Directory Federation Services service and delete the password in the Log On box. That’s right – just blank it out. Click OK and start the service. The computer will set it for you correctly!

11 comments

  1. I’ve run into this same issue but the Logon properties are grayed out. I tried to use sc.exe but this did not help.

    Any ideas?

  2. Hi Brian,
    I did the same thing as mentioned by you but the error is still there.
    Can you please help me in this?

    1. Follow up — the fix still works, but I have to manually clear the password every time I reboot the server. Any thoughts on how to make this a permanent fix?

      1. @Christopher Hinkle This has worked for me for months on an unruly server where I’d have to clear the password on every restart found on another site by Michael April 4th 2019 having the same problem with SQL Service

        Here’s his solution

        Hello,
        I also ran in the problem when my SQL Service did not start after reboot using managed service accounts.
        I solved the problem when I modified the following registry value (maybe the key difffers according to your instance name or the key might be missing entirely):
        Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLSERVER
        Value: ServiceAccountManaged
        Datatype: REG_BINARY
        On one working machine the content of this key was
        01 00 00 00
        The other machine which was NOT working had its value set to
        00 00 00 00
        Note: You have to reboot your OS after you modified the registry value.
        I don’t know why this happened, but I tried several reboots and every time the SQL Server Service starts fine even without configuring any service dependencies.
        Hope this helps!
        Kind Regards,
        Michael


        I changed the key to services\adfssrv and it worked like a champ.

Leave a Reply to Tom K Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.