Tuesday, June 12, 2012

Recovering from WinRM Authentication Lockout

If like me you’re silly enough to lock yourself out of WinRM by removing Kerberos and Negotiate authentication from the WinRM client, you’ll find it a bit difficult to reset the WinRM configuration, because WinRM uses itself to modify the configuration and reset itself (winrm invoke restore).

I wasn’t particularly interested in performing a restore on my laptop, so I went hunting for the registry location for WinRM’s client configuration. The best TechNet could provide me with was “The configuration information is stored in the registry” which is pretty crap, even by Microsoft’s standards.

Resorting to a registry search – thankfully I had added the remote end to the TrustedHosts list – I came up with the registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client

Setting auth_kerberos and auth_negotiate to 1

Setting auth_kerberos and auth_negotiate to 1

and restarting the Windows Remote Management (WS-Management) service got me up and going again.

7 comments:

Chrisdadswell said...

Many thanks for this! I also was stupid enough to lock myself out.

Chrisdadswell said...

Cheers for this. I was also stupid enough to lock myself out.

Thanks,
Chris.

Anonymous said...

After two hours of searching google, this was the site that answered my question. Thanks!

Anonymous said...

very good!!!!

Thanks!

Anonymous said...

Wow! That saved a lot of work! Thanks a lot!

Anonymous said...

Ha, ha, ha!
I'm also stupid too!
Thank you so much!

Anonymous said...

Saved my day! Thanks so much!