PAM Admin can  successfully rotate a password in PAM, but when attempting to verify this account they get the error:

PAM-CM-1341: Failed to establish a communications channel to the remote host

On the local Linux (RH 7.8) server in the /var/log/secure file they were getting the error:

com.jcraft.jsch.jschexception auth fail {preauth}

Release : 4.0.x, 4.1.x all versions

Ultimately the client was using another account to successfully rotate the password.  However they weren't using this other account to verify the account.  The account in question was a "root" account and the reason we couldn't log in with this account and verify it is because in the /etc/ssh/sshd_config the PermitRootLogin was set to no.

Client can either update the /etc/ssh/sshd_config 

and set:

PermitRootLogin to yes

or also "Verify using other account's credentials"