ADFS Error 1297, Event ID 7000, Event ID 352 The Active Directory Federation Services service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration

ad+1

Issue

The Active Directory Federation Services service failed to start due to the following error and cannot be started with the following error -

Windows Could not start the Active Directory Federation Services on Local Computer. 

Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.





In the event viewer, this may accompany the Event ID 7000, Event ID 220 and Event ID 352.


Cause

This can be caused after installation of Security Patches or Windows Updates on the ADFS Server, change of  ADFS Service Account, changed permissions to the service account in the local computer or in the Active Directory, Changes to Group Policy etc.

Solution

Check if the ADFS Service account has Generate Security Audits Permission on the local Computer. 

  • On Run Type "Gpedit.msc" or launch Local Group Policies MMC Console.
  • Go to Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.
  • From Right Pane, Select Generate security audits.


  • Add your ADFS Service Account here.


  • Exit Local Group Policies MMC Console.
  • Open Command Prompt "CMD" and type "GPUPDATE /FORCE"
  • Set the ADFS Service to Run as the ADFS Service Account.

















  • Restart ADFS Service





Happy Single Sign-On!

0 comments:

I welcome you to write your comments here..