"An attached device is not working properly" when changing password

Question

We have one domain controller and serveral RDSH servers and since a couple of months the users can't change their password anymore on the servers. When they are trying to change their password, they get this error (in Dutch) "Een apparaat dat op het systeem is aangesloten, werkt niet". Translated it means "A device connected to the system doesn't work".

We tested changing the password on the domain controller itself via ALT + CTRL + DELETE, but this doens't work either. It gives us the same error.

We have checked several things like:

• nltest /domain_trusts This all looks ok
• w32tm /query /status This all looks ok
• klist We see several cached tickets
• Dcdiag /v /c /d /e /s:dc-01 >c:\dcdiag.txt all passes except for failed test DFSREvent Replication has stopped on the folder with local path C:\Windows\SYSVOL\domain failed test SystemLog We do see this error here and after trying to change our password The digitally signed PAC (Privilege Attribute Certificate) certificate that contains the authorization information for client admin in realm DOMAIN.LOCAL cannot be verified. This error is usually caused by domain trust failures. Contact the system administrator.

But we can't find how to solve these errors, anyone familiour with this error and any idea what to do to solve this?

Answer 1

Hello Jos,

Thank you for posting in Q&A forum.

Based on the description, I understand you have one forest with one single domain and one Domain Controller, am I right?

Please check if the all the domain users have such problem.
Please check if the problem occurs on all the domain machines (if you change the password on another domain machine and check the result).

Please try the two possible solutions in the similar thread below.

*
The issue has been solved at least in my case.*

The Group Policy for the Default Domain Controller Policy was missing the setting for Users group

• Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> "Access the computer from the Network"

By adding Users to this setting , users of the system are able to change their password at first login. Remove users and the error message "A device attached to the system is not functioning".

Or

Please check the functional level by running commands below:
(Get-ADForest).ForestMode
(Get-ADDomain).DomainMode

Please try to raise forest functional level and/or domain functional level, then check the result.

Please note:
1.Ensure that all domain functional levels are equal to or higher than the forest functional level.

2.Ensure that all domain controller operating systems are equal to or higher than the domain functional level.

Similar thread:

https://learn.microsoft.com/en-us/answers/questions/53022/a-device-attached-to-the-system-is-not-functioning

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 2

Thanks for the quick response, we have tried what you mentioned, but without luck. This is how it is configured currently.

We are still getting this error