"An attached device is not working properly" when changing password

Jos 106 Reputation points

We have one domain controller and serveral RDSH servers and since a couple of months the users can't change their password anymore on the servers. When they are trying to change their password, they get this error (in Dutch) "Een apparaat dat op het systeem is aangesloten, werkt niet". Translated it means "A device connected to the system doesn't work".

User's image

We tested changing the password on the domain controller itself via ALT + CTRL + DELETE, but this doens't work either. It gives us the same error.

We have checked several things like:

  • nltest /domain_trusts This all looks ok
  • w32tm /query /status This all looks ok
  • klist We see several cached tickets
  • Dcdiag /v /c /d /e /s:dc-01 >c:\dcdiag.txt all passes except for failed test DFSREvent Replication has stopped on the folder with local path C:\Windows\SYSVOL\domain failed test SystemLog We do see this error here and after trying to change our password The digitally signed PAC (Privilege Attribute Certificate) certificate that contains the authorization information for client admin in realm DOMAIN.LOCAL cannot be verified. This error is usually caused by domain trust failures. Contact the system administrator.

But we can't find how to solve these errors, anyone familiour with this error and any idea what to do to solve this?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,114 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,844 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Daisy Zhou 18,701 Reputation points Microsoft Vendor

    Hello Jos,

    Thank you for posting in Q&A forum.

    Based on the description, I understand you have one forest with one single domain and one Domain Controller, am I right?

    Please check if the all the domain users have such problem.
    Please check if the problem occurs on all the domain machines (if you change the password on another domain machine and check the result).

    Please try the two possible solutions in the similar thread below.

    User's image

    The issue has been solved at least in my case.*

    The Group Policy for the Default Domain Controller Policy was missing the setting for Users group

    • Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> "Access the computer from the Network"

    By adding Users to this setting , users of the system are able to change their password at first login. Remove users and the error message "A device attached to the system is not functioning".

    User's image

    Please check the functional level by running commands below:

    Please try to raise forest functional level and/or domain functional level, then check the result.

    Please note:
    1.Ensure that all domain functional levels are equal to or higher than the forest functional level.

    2.Ensure that all domain controller operating systems are equal to or higher than the domain functional level.

    Similar thread:


    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Jos 106 Reputation points

    Thanks for the quick response, we have tried what you mentioned, but without luck. This is how it is configured currently.

    User's image

    User's image

    We are still getting this error

    User's image

    0 comments No comments