Tuesday, 11 December 2012

AD FS Service fails to start when configuring AD FS on Windows 2008 SP2

In a recent deployment of AD FS on a small VM instance on Windows Azure I got the following error when configuring AD FS:

"Windows could not start the AD FS 2.0 Windows Service service on Local Computer - Error 1053"



I am not sure if it was due to the fact that I was using VM role on Azure or it was AD FS. Also I was extending an ADFS farm from on-premises which was based on a SQL database, so that's another thing that may have something to do with it. Although However here is how I fixed it:

1. Navigate to C:\Program Files\Active Directory Federation Services 2.0
2. Find and open Microsoft.IdentityServer.Servicehost.exe.config file
3. Modify it as follows:
under <runtime> tag, add this line:
<generatePublisherEvidence enabled="false"/>

So it would look like this:
I come across some blogs when I was investigating this issue which were suggesting to add a DWORD value "ServicesPipeTimeout" under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control and set the value to 60000. I tried this but it didn't resolve the issue. I suggest you try editing the XML file first, and if it doesn't work for you then modify the registry key.
And no need to thank me, just buy me a beer next time you see me ...