You try to change a password using the IISADMPWD Replacement Tool and receive the following error:
An error occurred during the change password operation: Error Message: The system cannot contact a domain controller to service the authentication request. Please try again later.
We’ve found this error can be avoided by using a service account for IISADMPWD and setting it up correctly in the administrative settings. For information about how to do this, please see:
As you can see here, after you’ve created the service account, make sure when you tell IISADMPWD Replacement about it in it’s administrative settings that you provide the full UPN (userPrincipalName) of the service account per this screen shot:
Note the full UPN here is: “firstname.lastname@example.org”– the UPN of the service account.
The possibility of this error was introduced when Microsoft introduced the following patches for Windows:
As of October 11th, 2016 Microsoft has updated this article: https://support.microsoft.com/en-us/kb/3177108 . Here they have given us problems created by the original “fixes” as well as some tips for working with Kerberos and self-service password reset.
As of October 11, 2016 Microsoft re-released the patches associated with https://technet.microsoft.com/en-us/library/security/ms16-101.aspx to resolve issues caused by the original updates (which you can read in https://support.microsoft.com/en-us/kb/3177108 including the fact that you could no longer change passwords on local accounts).
We recommend you install these updates.
If you’re using the software to change local passwords, Microsoft has acknowledged they initially created a problem with their Windows Updates with regard to this situation.
See: https://support.microsoft.com/en-us/kb/3177108 (known issue #3). As of October 11, 2016 Microsoft re-released the patches associated with https://technet.microsoft.com/en-us/library/security/ms16-101.aspx on October 11th, 2016 and we have verified that this resolves these issues.