' a device attached to the system is not functioning error message

jim hickey
jim hickey used Ask the Experts™
on
I am running a domain with over 1000 users on 3 domain controllers running windows server 2012. My domain consists of Windows 8 and windows 10 computers. When users try to change their password, they receive the following message ' a device attached to the system is not functioning".  and the system will not allow them to change their password. The same applies to creating new accounts if the option 'user must change password upon next login". If I unselect this option, users can log into he system. Also, if users get the message that your password has expired and they must select a new password, the users get the same message. Right now I am having to users contact me to change their passord on the server since they cannot. I have tried recreating the user account and even removing computers from the domain, the problem still persists. Anyone have any ideas on fixing this? Yes my active directory is replicating  and runningcorrectly
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Take a clean machine, put it in a test OU after joinng it to the domain - block inheritance on that OU and do a GPupdate on that machine from an elevated command prompt. Now retry and it will most probably work. If so, add one policy after the other, one additional software after the other to find out what is interfering. You will definitely succeed that way.

Author

Commented:
I have tried this process but still getting the same results, domain user cannot change their passwords once logged onto domain computers, still getting 'a device attached to the system is not functioning. Does not appear to be a group policy issue, problem started in mid February
Distinguished Expert 2018

Commented:
Ok, did you test with a user that is also free of GPOs applied to him? You need to. If that does not make a difference, please use a clean installation of windows for further tests.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
yes, I created a new user and stood up a new PC free of GPO's. When I stood up the new PC with no GPO and logged in while on the domain with the newly created user , I received the same message. I am thinking there is something in active directory

I
Distinguished Expert 2018

Commented:
At the server side? No, I don't think so. But feel free to use a different mechanism to set the password, a command line tool. Please share its output. Syntax:
passwd oldpass newpass

Open in new window

https://web.archive.org/web/20070314031623/http://wwwthep.physik.uni-mainz.de/~frink/passwd.zip

Author

Commented:
This will not work. because of this error message, 'a device attached to the system is not functioning' my users (over 1000)cannot change their passwords on the domain before or after it expires from their computer , using a third party tool would not be productive as once a password has expired, how could they change it.sorry but this is unhelpful
Distinguished Expert 2018

Commented:
Jim, you got me wrong. I am trying to analyze with you what is behind this error message. That is why I asked you for a test. That download is the only tool to give you another means of changing the password and will eventually give us a different error message (if at all), one we can work with to discover what is wrong.

Author

Commented:
My Apologies...I did manage to successfully change the password from a command line as well (majority users do not know this) as by using a 3rd party tool (which is why I said this would be unhelpful as to many users) to change the password.  From a stand alone perspective without joining the domain, I can change the password locally, however once I join the domain, I get the error. I think this is either a AD or GPO issue but when I tested a win 10 machine earlier with a different OU and no GPO applied, still got the same message which is why I am at a loss
Distinguished Expert 2018

Commented:
Ok, please use that tool now. Please note that what you might have used (using the command net user somename /domain newpassword?) might not have changed the password but only have reset the password (a huge technical difference). The tool from my link can actually change the password
Distinguished Expert 2018

Commented:
Jim, you need to come back. Abandoning is frustrating for helpers.
Sorry for the delay in responding to the problem I had posted as I have been on travel and the problem was assigned to a colleague.
Anyway the solution that was provided did not work and did not solve the initial problem in that domain users were unable to change their password. I had also contacted Microsoft on this issue and they were totally incompetent and useless as they had been working on this problem for nearly 2 months and could find the source of the problem. All my group policy and active directory as well as DNS settings were correct. That being said, I did manage to find the solution to the problem myself. In the ADSI editor, the attributes for the password policy were set to complex and mininuim expiration was set for 30 days. I reset both these attributes to 0 and upon a restart of the primary domain controller, users were able to change their password. I appreciate the help that was provided from this site but NOT from Microsoft as the 'engineers' who were working this issue (of which their were three of them based out of the Phillipines) were totally stupid

Author

Commented:
Sorry for the delay in responding to the problem I had posted as I have been on travel and the problem was assigned to a colleague.
Anyway the solution that was provided did not work and did not solve the initial problem in that domain users were unable to change their password. I had also contacted Microsoft on this issue and they were totally incompetent and useless as they had been working on this problem for nearly 2 months and could find the source of the problem. All my group policy and active directory as well as DNS settings were correct. That being said, I did manage to find the solution to the problem myself. In the ADSI editor, the attributes for the password policy were set to complex and mininuim expiration was set for 30 days. I reset both these attributes to 0 and upon a restart of the primary domain controller, users were able to change their password. I appreciate the help that was provided from this site but NOT from Microsoft as the 'engineers' who were working this issue (of which their were three of them based out of the Phillipines) were totally stupid . This matter is now resoloved and closed

Author

Commented:
resetting the mininuim expiration attributes and the password complexity attributes under the ADSI editor for the domain container and restarting the domain controller containing the FSMO rules resolved this issue

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial