-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MMC - Must be executed with ADFS Administration rights granted for the current user! #167
Comments
Hi @skofild007 Yes, PowerShell Cmdlets and MMC are verifing the the current user have the Administration Rights assigned. Please check the Installation part, and if your previous version is old Upgrade from previous versions If, all is OK, you can restart the MFA service Restart-Service mfanotifhub regards |
Thanks |
I have this same issue after upgrading my version. @skofild007 what did you do to resolve your issue? |
Hi, @crpeters2000 You can try the same as what was recommended at @skofild007. Check the rights given to your administrators 01 Installation Then delete the System.db files (in programFiles \ MFA \ Config) or restart the mfanotifhub service. The System.db file, contains the ACLs for the rights,, it will be recreated if necessary, and if everything is correct it will contain the correct ACLs. regards |
Hi, i am also having the same issue. Cheers |
Hi, @mpn-peter-smith Just being a Domain Administrator is not enough. regards |
Hi @redhook62 I have added my account to the local administrators group but i dont understand what you mean by ADFS Administrators group Thanks |
Hi @mpn-peter-smith With ADFS 2016 or 2019, you can define an administration group "ADFS" aka "Delegated Administration Group", This is done in the ADFS administration console, in the ADFS Properties. You can indicate any Domain Group . regards |
Hi @redhook62 Its working now ! Thanks, i didn't realise in the newer ADFS versions that you could specify a Delegated Admin Group. Cheers |
Good, very good However if you change the properties of ADFS regarding rights (such as a new group value for Delegated Admin Group. regards |
Hi, ш just run the installer as a local admin of the host and it worked well for me. |
Hi, @skofild007 Just being a Domain Administrator is not enough. regards |
I was a member of the local admins group on the host (via domain user) + ADFS admin but that didn't work for me. When I started from the account of the native local administrator on the host - everything worked for me :) |
Hi, @skofild007 Yes, your users or your selected Domain Group must be explicitely members of the Local Administrators group (Installation and Configuration Options) or be member of the Deledated Administration Group (Configuration Options / Some Cmdlets or operations in MMC are not allowed) see : PowerShell Commands regards don't forget that if you are modifying the rights (ex adding a user to a group) you must close and reopen the user session |
I have the Problem that there is no system.db File. I always get the same Message as above. The User ist the Domain Admin woh is member of the local Admin Group. the Server is a Win 2019 Server. Iam upgrading from 3.0.0.2. In unistalled the MSI and installed the new one. Is this wrong? Iam not sure, if the steps upgrade from 2.x also also needed from 3.0.0.2? |
It is clear that your version is very old. Then if you want help. please send your configuration details. Number of servers (Proxies included), your Operating System, configuration of ADFS and MFA services (accounts used), etc... In addition, check by restarting the MFA service that this system.db file appears (this file is re-created each time the service is started), if not, check the ACLs of the directory. The cache is primarily useful for performance issues, but also in the context of ADFS/WID configuration for "secondary" servers. Regardless, always check the eventlog to provide as much information about the problem as possible. In detail, the 3.0.0.2 configuration file is automatically migrated to the latest version, once you make a backup (MMC or PS) let us know ! regards |
@redhook62 Its is Server 2019 and the ADFS service is running with a service account. In Eventlog I got Event Id 900: Fehler beim Laden der Konfigurationsdatei: Ans Also things like: evertything is like in the update guide, local System is granted to administer the ADFS. I dont know whats wrong. |
Hi @jojobgl OK, loading the configuration "crashes", there is an enumeration cast which is causing the problem. So, we will move forward step by step. You will send me your configuration by email (address indicated in the source codes). To do this, you need to go to your main ADFS server and open a PowerShell command prompt in administrator mode. Export-AdfsAuthenticationProviderConfigurationData -Name "MultifactorAuthenticationProvider" -FilePath "C:\temp\config.xml". If you have plaintext passwords inside the generated file, replace the value with a placeholder. Zip this xml file and send it to me by email, or in issue 167 as an attachment (it will be deleted quickly) regards |
Hello Redhook, I send you an Email. I hopde you recieved it? |
Hello, ihave problem with newest version, after install him and run, i get windows with error: Must be executed with ADFS Administration rights granted for the current user! what i do it wrong?
P.S. I have Administrative right in this host and run as administrator MFA :)
The text was updated successfully, but these errors were encountered: