Tuesday, June 12, 2012

Recovering from WinRM Authentication Lockout

If like me you’re silly enough to lock yourself out of WinRM by removing Kerberos and Negotiate authentication from the WinRM client, you’ll find it a bit difficult to reset the WinRM configuration, because WinRM uses itself to modify the configuration and reset itself (winrm invoke restore).

I wasn’t particularly interested in performing a restore on my laptop, so I went hunting for the registry location for WinRM’s client configuration. The best TechNet could provide me with was “The configuration information is stored in the registry” which is pretty crap, even by Microsoft’s standards.

Resorting to a registry search – thankfully I had added the remote end to the TrustedHosts list – I came up with the registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client

Setting auth_kerberos and auth_negotiate to 1

Setting auth_kerberos and auth_negotiate to 1

and restarting the Windows Remote Management (WS-Management) service got me up and going again.

10 comments:

Chrisdadswell said...

Many thanks for this! I also was stupid enough to lock myself out.

Chrisdadswell said...

Cheers for this. I was also stupid enough to lock myself out.

Thanks,
Chris.

Anonymous said...

After two hours of searching google, this was the site that answered my question. Thanks!

Anonymous said...

very good!!!!

Thanks!

Anonymous said...

Wow! That saved a lot of work! Thanks a lot!

Anonymous said...

Ha, ha, ha!
I'm also stupid too!
Thank you so much!

Anonymous said...

Saved my day! Thanks so much!

Anonymous said...

Thank you thank you thank you. My first real registry adventure.

Anonymous said...

This did not enable authentication on my instance of WIN 2012 R2.

Douglas Menger said...

Friend!

Thank you very much for sharing the knowledge.

I had the same problem when using Hyper-V Server 2012 R2 and after many hours searching I got the solution to look for here.

In my case I had to access the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Services key to only change auth_negoctiate (1)

Success!