Just to confirm. I have been having similar issues enlisting targets and subsequently pushing master jobs to the targets.
When adding the service account for the target to the master server logins, the documentation seems to indicate all it needs is Connect SQL and membership in the "targetserversrole" in the master server msdb database.
This does not seem to be the case.
I can only enlist targets if I make the target server service account a sysadmin on the master server instance.
Also, I can seemingly only push new jobs to the target if the targer server service accoutn is a sysadmin on the master server instance.
I tried just granting view server state instead of full sysadmin, but that does not work. There must be a few more perms necessary. I hope someone at MS can eventually clarify what rights are needed by the target service account so that we do not have to keep adding the target server service accounts as sysadmin on the critical master server.