Closed 5TimeGrandpa closed 3 years ago
redhook62
commented
3 years ago H @5TimeGrandpa
The system.db file is created by the Windows "MFA Notification Hub" service. This service is responsible for all security-related tasks. it runs under the system account. Local System Administration must be enabled on your ADFS configuration, this is a prerequisite
regards
5TimeGrandpa
commented
3 years ago 
H @5TimeGrandpa
The system.db file is created by the Windows "MFA Notification Hub" service. This service is responsible for all security-related tasks. it runs under the system account. Local System Administration must be enabled on your ADFS configuration, this is a prerequisite
regards
I never seem to get a system.db file no matter what. I have checked to make sure the MFA Notification Hub is running as Local System, and open up Program Files\MFA\Config folder. All that is ever there is threatconfig.db. I can restart the service, and still no system.db. As for the Local System Administration , are you referring to the checkbox on Federation Services Properties for "Allow Local System account for service administration"? If so, it is checked, as is every other possible option (Delegation and Local Administrators Group). I've tried all combinations of options... also tried installing as local admin, domain admin, and a regular domain account. All have the same issue and still give me the "Must be executed with ADFS Administration rights" error.
redhook62
commented
3 years ago Hi @5TimeGrandpa
It seems that all of these points are correct. However, the config.db file is not present.
I have a big doubt, have you registered the component?
This is the first thing you must do for a new configuration !
Log on to powershell on your server as an administrator.
type
Register-MFASystem
Please carefully follow all points described in the documentation. https://github.com/neos-sdi/adfsmfa/wiki/01-Installation
regards
5TimeGrandpa
commented
3 years ago Hi @5TimeGrandpa
It seems that all of these points are correct. However, the config.db file is not present.
I have a big doubt, have you registered the component?
This is the first thing you must do for a new configuration ! Log on to powershell on your server as an administrator. type
Register-MFASystemPlease carefully follow all points described in the documentation. https://github.com/neos-sdi/adfsmfa/wiki/01-Installation
regards
Ack! You were right. I forgot that I had rolled back to a VM snapshot from before I had registered the component. All is well! Thanks!
I have followed the assistance in #167 and #182, but continue to get the above error when trying to run MMC after a new install. I get the same error if trying to use Cmdlets like Get-MFAConfig. I have verified that Delegated Administration on ADFS is set to an AD group I created, and put both the domain admin account I am using for the install and the ADFS managed service account into. both of these accounts are also local administrators on the ADFS server. I have restarted everything several times, tried uninstalling and reinstalling, etc. I never get a system.db file at all. I am using version 3.1.2107.0. I should note that this ADFS server is using SQL and not WID. Do I need to do something special because of that before attempting to use the MMC plug-in?