Unable to run MMC with local admin; no System.db file

[ns3c]

Hey team,

I'm trying to install adfsmfa from the provided binary on Github.

I've gotten the response "Must be executed with ADFS Administration rights granted for the current user!"

I understand that the account must be a member of the local administrators group (it is, I have confirmed this, added additional users and tested, and relogged / restarted the server to make sure my user session has reset. I also understand the account can be a member of the Delegated Admins Group for ADFS; it is not, and I'm happy to test this as well. We didn't define a group for this in ADFS - would you happen to know the default?

When attempting to follow #167 and delete my system.db files, this does not work. Restarting the service doesn't create a system.db file; this file is only created when I try to open the MMC, which fails with the error, then creates the system.db file.

I was able to execute commands such as Register-MFASystem, but cannot use things like Get-MFAFarmInformation or open the MMC.

Any thoughts on how I can fix this permissions issue? My account does have local administrator, and we'd like to understand root cause if possible so we can use and support this internally.

[redhook62]

HI @ns3c

Indeed, this is a bug.
This happens when the ADFS adminstration group is not populated. Local administrators receive this error.
In the meantime, you can assign an AD group to ADFS administrators.
Wait a bit, we will provide a fix quickly.

regards

[redhook62]

Hi @ns3c

New version 3.1.2106.2

regards