This article describes an issue that occurs after you install security update 3126041 on Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7 Service Pack 1 (SP1), or Windows Server 2008 R2 SP1. You can fix this issue by using the update rollup that is discussed in this article.
When you change the domain account password by using a 32-bit application on a 64-bit operating system that calls the NetUserChangePassword API, the password change returns an error message that resembles the following:
Despite the error, your password is changed in Active Directory Domain Services. However, your logon session and cached credentials are not updated. This situation resembles the following:
You log on to two computers.
You change the password on the first computer.
You remain logged on to the second computer by using the old password.
In this situation, you may experience any of the following issues:
If you disconnect from the network, you can log on by using the old password only.
Your access to resources is denied.
You are prompted to enter your password when you access resources.
If an Account Lockout policy is active in the domain, the user account is locked out.
This issue persists until you log off the computer on which the password change occurred and then log back on by using the new password.
Additionally, if you apply the update that is documented in KB 3139921, the error message is no longer received but these symptoms persist.
The fix for this issue was first included in Security update 3153171 for MS16-060 and MS16-061 for Windows Server 2012, Windows Server 2008 R2 SP1, and Windows 7 SP1.
This fix is also included in the May 2016 update rollups. Use one of the following update rollups, depending on your operating system:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.