A device attached to the system is not functioning - User changing password

Question

I have set up windows Server 2016 Standard with GUI and installed AD DS and promoted to a Domain controller ,
I have created a TestUser1 account and unchecked :User must change password at next login
I have created a TestUser2 account and checked :User must change password at next login

I have a windows 10 2019 LTSC machine which has joined the Domain.

I login with TestUser1 and i can login to windows 10.
I login with TestUser2 and I am informed to change password.

TestUser2 I change password and the error appears "A device attached to the system is not functioning " password is not changed and i cant login.
Login with TestUser1 and using Ct Alt Del change password, add a new password
It fails "A device attached to the system is not functioning "

What is this cryptic "device" that is not functioning ? Anyone know how to solve or what the real reason behind this is ?

Answer 1

The issue has been solved at least in my case.

The Group Policy for the Default Domain Controller Policy was missing the setting for Users group

• Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> User Rights Assignment --> "Access the computer from the Network"

By adding Users to this setting , users of the system are able to change their password at first login. Remove users and the error message "A device attached to the system is not functioning"

Answer 2

"a device attached to the system is not functioning"

Might take a look for bangs in Device Management. Also check the chipset has been installed. The chipset allows the operating system to find and use devices integrated into the mother board.

--please don't forget to Accept as answer if the reply is helpful--

Answer 3

Hi,

Thank you so much for your feedback. So sorry for missing our response.

After checking DCDiag outout, there is the error message:

Error: 1355 (The specified domain either does not exist or could not be contacted.)

It is suggested that we could try to solve this issue first and then check whether user could change password successfully. To troubleshoot Error 1355, we could try the below:
1, Check the network connectivity.
2, Check the DNS setting on Domain Controller is correctly configured. This Domain Controller is also DNS server? If so, the preferred DNS server should point to itself.
3, When we run netdom query fsmo, what is the output?

4, Run nslookup to check whether the domain could be successfully resolved.
5, Run Ping IP address of DNS server and FQDN to check whether it could connect to DNS.
6, Run Ping domain name to check whether it could connect to the domain.

For any question, please feel free to contact us.

Best regards,
Hannah Xiong

Answer 4

i had the same issue and increasing the domain function level solved the problem for me

Answer 5

I had this problem for many months. It seemed to me a MS update caused it but I could never pinpoint exactly which updates as our passwords expire every 90 days. Every single instance of this error message mentioned on the internet had NO working solution for me.

Well I finally solved it.

MS pushed AES for Kerberos onto everyone. Anyone who had legacy servers found themselves unable to properly communicate with those servers. This forced us to DENY AES and only enable RC4 org wide. That action right there is what broke password changes. Apparently AES with Kerberos is required to change passwords. I re-enabled AES with RC4 over a weekend to test and just like magic, I was able to change passwords again.

So you can either talk to legacy servers or be able to change passwords, not both. Hopefully this helps all those people with this error message on all those many forums where no solution ever worked for them.