Suddenly local account can't log in anymore

Product: PowerShell Universal
Version: 5.0.16

I do have an odd problem.
I have SAML2 set up and a few local accounts.
SAML2 works fine.
I have one local account with administrator role.
This used to work just fine.
Today I could not log in anymore. (bad password)
So I used another account to log in, and verified that the user account and password are correct. I even reset the password. But no luck.
Then I tried to delete that account and got an error.
I created yet another account with administrator role, no problems.
Attached the error when I try to delete the account.
The logs didn’t help me.
I am the only person fumbling with admin rights on that box.

I had a similar error in a previous release that had a bug related to tokens (which it looks like your error is also related to), but the bug I had hit has been resolved. Do you have any token(s) associated with the local account(s) you’re attempting to delete? If so, try deleting the token(s) and then attempting to delete the account(s) again. You may also want to try editing the database with something like https://sqlitebrowser.org/ or whichever tool is relevant to the type of DB you’re using in your setup, to see if you can remove the account and any related references to it that way, but do that at your own risk (and make backups first).

1 Like

You are right, there was a token attached to that account.
However “deletion” actually just revokes the token, but it still stays there and the account cannot be deleted.

Better option would be anyway to understand why that account can’t be used anymore. (and why that happened at all)
Even when a new password is set.

Sure. Well, you may have to resort to the DB editing I mentioned, to delete the token(s) and then the account.

I’m not sure why the account wouldn’t be usable in the first place, though. Likely nothing more than a bug, if I’m guessing.

1 Like

I have the same issue. No token for that account.
Actually. it’s just when trying to delete an identity. I have 2 that does that.

2 Likes

so it just happened out of the blue?
you then tried to change the pw and no luck?

I just noticed that my local dev system has the same issue.
The admin account does no longer accept the password.
(I am a keepass junkie, I have all passwords documented, so no accidental change)

Unfortunately I do not have any other accounts on that system.
I tried to break in by creating an authentication.ps1 and just return $true, but no luck.

I got in and my account works again.

see:

I changed authentication.ps1 to what Adam posted back then.

I was able to get in again with the local account.
Then I added the lines for SAML again.
All good.

1 Like

Interesting that such an old bug is still actively causing issues.