Locked Out of Admin console

I spun up PowerShell Universal on a Windows Server 2022 server yesterday and have a temp license for testing.

I have not integrated any auth yet, so I am only using the one local admin account. This morning, I am unable to login with the account - “bad username and password.” I documented the exact username and password and logged into the admin console multiple times yesterday. In the DB, the password last set was when I installed PS Universal.

I tried resetting the admin account with the system environment variable, and I was unable to get to the login page (it kept looping).

I then tried via the psu cli, which did create a new “admin” account which I can see in the database. Link: psu Command Line Tool | PowerShell Universal

Now when I login with the new admin account, I receive this error:

“Data at the root level is invalid. Line 1, position 1.”

Is there any way to actually reset the admin account, or am I dead in the water? Here is the full system log error:

2025-07-09 10:20:48.023 -05:00 [ERR][Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware] An unhandled exception has occurred while executing the request.
System.Xml.XmlException: Data at the root level is invalid. Line 1, position 1.
at System.Xml.XmlTextReaderImpl.Throw(Exception e)
at System.Xml.XmlTextReaderImpl.Throw(String res, String arg)
at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Management.Automation.Deserializer.Start()
at System.Management.Automation.Deserializer..ctor(XmlReader reader, DeserializationContext context)
at System.Management.Automation.Deserializer..ctor(XmlReader reader)
at System.Management.Automation.PSSerializer.DeserializeAsList(String source)
at System.Management.Automation.PSSerializer.Deserialize(String source)
at PowerShellUniversal.Secrets.SecretManagerService.GetDatabaseSecret[T](String name) in D:\a\universal\universal\src\PowerShellUniversal.Secrets\SecretManagerService.cs:line 260
at PowerShellUniversal.Secrets.SecretManagerService.GetSecret[T](String vault, String name) in D:\a\universal\universal\src\PowerShellUniversal.Secrets\SecretManagerService.cs:line 142
at PowerShellUniversal.Authentication.IdentityService.ValidatePassword(String userName, String password) in D:\a\universal\universal\src\PowerShellUniversal.Authentication\IdentityService.cs:line 292
at PowerShellUniversal.Authentication.FormsAuthenticationService.AuthenticateAsync(Credential credential) in D:\a\universal\universal\src\PowerShellUniversal.Authentication\FormsAuthenticationService.cs:line 42
at UniversalDashboard.Controllers.AuthenticationController.SignInForm(Credential credential, String returnUrl) in D:\a\universal\universal\src\Universal.Server\Controllers\AuthenticationController.cs:line 107
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Logged|12_1(ControllerActionInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
— End of stack trace from previous location —
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
— End of stack trace from previous location —
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|7_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at PowerShellUniversal.FeatureMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\FeatureMiddleware.cs:line 42
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at PowerShellUniversal.DisallowedModeMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\ModeMiddleware.cs:line 25
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at PowerShellUniversal.CspMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\CspMiddleware.cs:line 28
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at Universal.Server.Middleware.RoutingMiddleware.Invoke(HttpContext httpContext, IPolicyEvaluator policyEvaluator) in D:\a\universal\universal\src\Universal.Server\Middleware\RoutingMiddleware.cs:line 185
at PowerShellUniversal.PSUMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\PowerShellMiddleware.cs:line 15
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Universal.Server.Middleware.WindowsAuthMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\WindowsAuthMiddleware.cs:line 58
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at Universal.Server.Middleware.SwaggerAuthenticationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) in D:\a\universal\universal\src\Universal.Server\Middleware\SwaggerAuthMiddleware.cs:line 51
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.InterfaceMiddlewareBinder.<>c__DisplayClass2_0.<b__0>d.MoveNext()
— End of stack trace from previous location —
at AspNetCoreRateLimit.RateLimitMiddleware`1.Invoke(HttpContext context) in D:\a\universal\universal\src\AspNetCoreRateLimit\Middleware\RateLimitMiddleware.cs:line 109
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.g__Awaited|10_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
2025-07-09 10:20:48.025 -05:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 POST http://localhost:5000/api/v1/signin/form?returnurl= - 500 null text/plain 14.0526ms

Product: PowerShell Universal
Version:  5.5.4
1 Like

I was able to get by creating the authentication.ps1 file in the .universal folder with these contents:

Set-PSUAuthenticationMethod -Type “Form” -ScriptBlock {
param(
[PSCredential]$Credential
)

if ($Credential.UserName -eq ‘Admin’) {
New-PSUAuthenticationResult -Success -UserName ‘Admin’
}
else {
New-PSUAuthenticationResult -ErrorMessage ‘Bad username or password’
}
}

1 Like