Problem: When attempting to rotate a locally managed account on a Windows system, it fails with "AccessDenied". The Windows machine is using Management Mode SMB and the logs show the following error:
2019-05-15 14:41:15,149 [94fee0c4bfa2454195a14c656d03ed94-WebRole_IN_4|02fbd07b06024ab99b2a9e0623b82ee6|991|ABC1234|user@domain|1296|DEBUG|(null)] CPSLocalAccount: AccountId = 9e441823-965a-4cac-9af1-ce379c6697d7, AccountName = localaccount: Exception in changing password. Retry count: 4 out of 40: Centrify.Server.Infrastructure.ChangePasswordException: Error changing password for user localaccount on machine 192.168.5.11: AccessDenied
Solution: If the Management Mode is switched from SMB to RPC over TCP the error in the GUI changes and shows the following:
The local users need to be added to this group policy or local policy to Allow remote calls to SAM.