Password rotation failed with error : 3221226252

[goyalaSahab]

we are getting the error "3221226252" when the remediation script is trying to change the password of a local administrator account on few systems in our environment.
those systems are AADJ only systems (means no connectivity to AD), just an FYI.
also FYI, the issue is appearing on AVD(s) on which the local administrator account name gets generated as "avdadmin"

event viewer shows messages like below:

CloudLAPS: Local administrator account password rotation started
CloudLAPS: Azure AD device identifier : xxxxxxxxxxxxxxxxxxxxxxx <replacing these x(s) from the real identifier ID>
CloudLAPS: Calling Azure Function API for password generation and secret update
CloudLAPS: Local administrator account exists, updating password
CloudLAPS: Failed to rotate password for 'avdadmin' local user account. Error message: An unspecified error occurred: status = 3221226252
CloudLAPS: Local administrator account password rotation completed

I am suspecting that this is due to the fact that when a new AVD is created then somehow, after first execution of remediation script, the option "user must change password at first login" for the avdadmin gets checked, which then does not allow further changes in the password via any script automatically ?

[goyalaSahab]

@NickolajA or anyone, any help or suggestion here will be appreciated.

[StevieKnight]

I suspect that the local user does not allow the password change. Azure devices also behave somewhat differently than hybrid devices. I would first try :

Set-LocalUser -Name avdadmin -Password "xxxxxxxxxxx" -PasswordNeverExpires $true

and see if this works in the context of the user in which the Remediate script is executed. It could be "System", but I'm not sure.

Good luck finding the error.