Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-16382: Password Rotation Fails with "AccessDenied" on Windows in SMB Management Mode

Privileged Access Service ,  

24 June,19 at 07:24 PM

Problem: When attempting to rotate a locally managed account on a Windows system, it fails with "AccessDenied". The Windows machine is using Management Mode SMB and the logs show the following error:
2019-05-15 14:41:15,149 [94fee0c4bfa2454195a14c656d03ed94-WebRole_IN_4|02fbd07b06024ab99b2a9e0623b82ee6|991|ABC1234|user@domain|1296|DEBUG|(null)] CPSLocalAccount: AccountId = 9e441823-965a-4cac-9af1-ce379c6697d7, AccountName = localaccount: Exception in changing password. Retry count: 4 out of 40: Centrify.Server.Infrastructure.ChangePasswordException: Error changing password for user localaccount on machine AccessDenied

Solution: If the Management Mode is switched from SMB to RPC over TCP the error in the GUI changes and shows the following: 
User-added image
The local users need to be added to this group policy or local policy to Allow remote calls to SAM.