Sysadminsblog.com Anything for sysadmins!

27Jun/110

ADFS Error: The AD FS auditing subsystem could not register itself with the system. The auditing privilege is not held.

This error might occur when the ADFS service account doesn’t have the audit permissions to log audit events.

To fix this error you have to grant the ADFS service account the permission in the local security policy of the server running ADFS, or when the server is a Domain Controller in the Default Domain Controller Policy.

Local Security Policy

  1. Start the Local Security Policy console
  2. Locate the User Rights Assignment container and select it (Security Settings\Local Policies\User Rights Assignment)
        
  3. Double-click the Generate security audits node
        
  4. Add the service account of ADFS to the list

Default Domain Controller Policy

  1. Start the Group Policy Management Console
  2. Edit the Default Domain Controllers Policy (<Forest>\Domains\<Domain>\Group Policy Objects\Default Domain Controllers Policy)
        
  3. Locate the User Rights Assignment container and select it (Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment)
        
  4. Double-click the Generate security audits node
        
  5. Add the service account of ADFS to the list
        

You might have to run gpupdate and restart the service to have the changes take effect.

Be Sociable, Share!

Posted by Mischa Oudhof

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.