I get error "SAMR connection to machine NT_STATUS_ACCESS_DENIED failed" trying to synchronize passwords.

Article Id: 129145
Status: Published
Updated On: 15-03-2019 03:25
Products:
CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)
Issue/Introduction:

When I try to synchronize the password on a MS Windows computer, the operation fails and I get the following error message in tomcat log file (catalina.out):

WARNING: Updating credential for account <username> on server <hostname> by OWN account with net rpc didn't succeed.
Reason: [SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was <hostname>, but LANMAN password changes are disabled]. Use rwin to do this operation again.

Cause:

The remote MS Windows computer security policy has the remote account changes disabled.

Environment:

Any PAM server version.

Resolution:

You might need to check the local security policy > security options of the affected MS Windows host.
Probably the remote account changes may be inhibited.

Additional Information:

See also: Using "smbpasswd" (Samba) to change Windows passwords over LAN.