After applying recent Microsoft Security Patches for Windows to the Password Manager server, users are no longer able to change their passwords during a "managed my password" operation. The Password Manager server also displays errors within the event viewer.
How does this affect Password Manager?
After applying the following Microsoft Security Patches for Windows to Password Manager servers, users are unable to reset their passwords:
When a user attempts to reset their password via Password Manager, the following error displays on the client computer:
“Some errors occurred while changing password”
Also, within the event log of the Password Manager server the following error is displayed:
“The system cannot contact a domain controller to service the authentication request. Please try again later. (Exception from HRESULT:0x0800704f1)' with system <>"
This results in a failed password change.
The following Microsoft articles can be consulted for more details regarding the Microsoft patches:
“This security update disables the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations.
Currently, the ability to change the passwords of disabled or locked-out accounts is supported only by NTLM. It is not supported by the Kerberos protocol. This security update prevents the Negotiate process from falling back to NTLM for password change operations when Kerberos authentication fails. Therefore, you will no longer be able to change the password for disabled or locked-out accounts after you install this security update. It is not secure to change disabled or locked-out user account passwords by using NTLM. This is why the ability of Negotiate to fall back to NTLM is disabled by this security update.
Note Even though you can no longer change the password for disabled or locked accounts, you can set the password by using Active Directory-based tools.”
To resolve the issues impacting Password Manager, after installing the Microsoft Security patches mentioned in this article, please install the associated Password Manager hotfix for the installed version located here:
Questions or comments