Auditing of AD FS events

Occasional Contributor

I've tried to install the newest MDI sensor on one of my AD FS servers but under the installation if reports that auditing is not configured correctly - see attached image.


It's possible to click Next and proceed with the installation.


I've verified that the auditing is in place and configured according to the guide. I can even see the audit events in the security log.


What am I missing here?


Just for your information, then the service wont start after the installation - I'll start another discussion about that issue :)

12 Replies

@Bjarne Abraham 
Can  you run on this machine from powershell this command and share the full output?



best response confirmed by Bjarne Abraham (Occasional Contributor)

@Bjarne Abraham 


Just got another similar case,  that was resolved by running the setup elevated.

Can you try that and let me know if the warning is gone ?

@Eli Ofek running the installation elevated solved the issue. Then it doesn't raise an alert about issue regarding auditing on the ADFS server. Thanks.

@Bjarne Abraham It was a success on one of the AD FS servers but not on the others :(


I've checked the audit level and requirements and they are exact the same.


Any good ideas? :)

@Bjarne Abraham 
Can you share the output of


from the working and non working server? 

PS C:\Windows\system32> (Get-AdfsProperties).LogLevel

It's only possible to execute the command on the primary AD FS node as it's a farm setting.

@Bjarne Abraham 

In this case the non working machine is not a primary ?

Can you share the output of this command when running on the non primary machine (even if it returns an error) ?

PS C:\Windows\system32> (Get-AdfsProperties).LogLevel
Get-AdfsProperties : PS0033: This cmdlet cannot be executed from a secondary server in a local database farm. The prim
ary server is presently: server.domain.tld. To execute management cmdlets, either log onto the primary server or conn
ect using PowerShell remoting. For more information see
At line:1 char:2
+ (Get-AdfsProperties).LogLevel
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Get-AdfsProperties], InvalidOperationException
+ FullyQualifiedErrorId : PS0033,Microsoft.IdentityServer.Management.Commands.GetServicePropertiesCommand

@Bjarne Abraham 
Thanks! I will open a bug for it.

You can ignore the warning during setup for now, it will work fine.

Great, hereby installed and working :)

@Eli Ofek FYI running setup elevated solved the issue for us too.

Would be nice to either see docs updated or the install file changed.


The docs actually says that already:


"Run Azure ATP sensor setup.exe with elevated privileges (Run as administrator) and follow the setup wizard."


As for changing the exe to auto prompt a UAC dialog, there is currently a technical limitation preventing us from doing so due to the installer infra we use that intentionally block it, but we are working on it to work like that. it will take some time though, as it is going to be incorporated with some other features that will make the deployment a breeze. stay tuned on this topic....