Forum Discussion
AD FS Role installs but configuration fails with timeout error
I am attempting to install the Active Directory Federation Services role on a Server 2019 VM. The initial configuration wizard fails when installing ADFS (GUI OR PowerShell - same outcome). All che...
Increase Service Timeout for AD FS Configuration:
The AD FS configuration wizard might have a hardcoded timeout. However, you can attempt to extend the service start timeout by manually configuring the AD FS service after the initial failure. This involves:
Manually Completing the AD FS Configuration:
After the initial failure, the database is already created, and the service is started. You can manually complete the configuration using PowerShell by running the following command:
Install-AdfsFarm -CertificateThumbprint "<Thumbprint>" -FederationServiceName "<YourFederationServiceName>" -ServiceAccountCredential (Get-Credential)
Verify the Configuration:
After running the above command, verify that the AD FS farm is correctly configured by opening the AD FS Management console.
2. Increase Startup Timeout in the Windows Registry:
You can attempt to increase the service startup timeout value for Windows services in the registry, which may help prevent the timeout issue:
Open Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
Create or modify the ServicesPipeTimeout DWORD value.
Set the value to a higher timeout, such as 120000 (120 seconds).
Reboot the server and try running the configuration again.
3. Analyze and Optimize Service Startup:
Since the AD FS service is taking a long time to start, it's essential to analyze why this is happening. Some potential causes include:
Certificate Revocation List (CRL) Checks: Ensure that the server has access to the internet to validate the CRL. If access is restricted, this can significantly delay the service startup.
Dependency Services: Check if any other services on which AD FS depends are also slow to start.
4. Use SQL Server Instead of WID:
If you are using Windows Internal Database (WID) and still face issues, consider using a full SQL Server for the AD FS configuration. SQL Server may handle the configuration more efficiently and avoid some of the limitations or delays associated with WID.
5. Manually Create IIS Application Pools:
If the installation wizard fails to create the necessary IIS application pools, you can manually create them:
Open IIS Manager and create the required application pools manually, ensuring they match the expected configurations for AD FS.
Re-run the AD FS configuration using PowerShell or attempt the GUI wizard again.
By applying these workarounds, you should be able to bypass the timeout issue and successfully configure AD FS on your Server 2019 VM.
The AD FS configuration wizard might have a hardcoded timeout. However, you can attempt to extend the service start timeout by manually configuring the AD FS service after the initial failure. This involves:
Manually Completing the AD FS Configuration:
After the initial failure, the database is already created, and the service is started. You can manually complete the configuration using PowerShell by running the following command:
Install-AdfsFarm -CertificateThumbprint "<Thumbprint>" -FederationServiceName "<YourFederationServiceName>" -ServiceAccountCredential (Get-Credential)
Verify the Configuration:
After running the above command, verify that the AD FS farm is correctly configured by opening the AD FS Management console.
2. Increase Startup Timeout in the Windows Registry:
You can attempt to increase the service startup timeout value for Windows services in the registry, which may help prevent the timeout issue:
Open Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
Create or modify the ServicesPipeTimeout DWORD value.
Set the value to a higher timeout, such as 120000 (120 seconds).
Reboot the server and try running the configuration again.
3. Analyze and Optimize Service Startup:
Since the AD FS service is taking a long time to start, it's essential to analyze why this is happening. Some potential causes include:
Certificate Revocation List (CRL) Checks: Ensure that the server has access to the internet to validate the CRL. If access is restricted, this can significantly delay the service startup.
Dependency Services: Check if any other services on which AD FS depends are also slow to start.
4. Use SQL Server Instead of WID:
If you are using Windows Internal Database (WID) and still face issues, consider using a full SQL Server for the AD FS configuration. SQL Server may handle the configuration more efficiently and avoid some of the limitations or delays associated with WID.
5. Manually Create IIS Application Pools:
If the installation wizard fails to create the necessary IIS application pools, you can manually create them:
Open IIS Manager and create the required application pools manually, ensuring they match the expected configurations for AD FS.
Re-run the AD FS configuration using PowerShell or attempt the GUI wizard again.
By applying these workarounds, you should be able to bypass the timeout issue and successfully configure AD FS on your Server 2019 VM.
