Failed to Update Farm Account Password in Central Admin

Applies to SharePoint 2016; not tested on other versions of SharePoint.  

Symptoms

 

After changing the farm account password in AD, SharePoint fails to update the password with the “Use existing password” option in Central Admin:




























 

Error Message:

 

Error deploying administration application pool credentials. Another deployment may be active. An object of the type Microsoft.SharePoint.Administration.SPAdminAppPoolCredentialDeploymentJobDefinition named “job-admin-apppool-change” already exists under the parent Microsoft.SharePoint.Administration.SPTimerService named “SPTimerV4”. Rename your object or delete the existing object.

 

Screenshot:
Graphical user interface, text, application, email Description automatically generated

 

Findings:

 

·        Correlation ID in ULS shows misleading errors as none of reported services are configured for SharePoint:

o   Error updating the account password for process identity Id c3c6d96f-3994-4630-8c03-f019b0f22757, please fix manually. An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-ProjectCalcService16" already exists under the parent Microsoft.Office.Project.Server.Administration.ProjectCalcService named "ProjectCalcService16".  Rename your object or delete the existing object.

o   Error updating the account password for process identity Id e14540b3-79a0-4ff6-afd7-0fb03f16274f, please fix manually. An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-ProjectEventService16" already exists under the parent Microsoft.Office.Project.Server.Administration.ProjectEventService named "ProjectEventService16".  Rename your object or delete the existing object.

o   Error updating the account password for process identity Id 05aaef65-b8e5-444f-ae95-7ef8b32a9219, please fix manually. An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-ProjectQueueService16" already exists under the parent Microsoft.Office.Project.Server.Administration.ProjectQueueService named "ProjectQueueService16".  Rename your object or delete the existing object.

o   Error updating the account password for process identity Id fa8cd0f2-2f2f-4101-9282-3376011cdcee, please fix manually. An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-SPUserCodeV4" already exists under the parent Microsoft.SharePoint.Administration.SPUserCodeService named "SPUserCodeV4".  Rename your object or delete the existing object.

o   Error updating the account password for process identity Id c6e2e303-e2fc-4ce9-955b-3d07251178ba, please fix manually. An object of the type Microsoft.SharePoint.Administration.SPWindowsServiceCredentialDeploymentJobDefinition named "windows-service-credentials-SPSearchHostController" already exists under the parent Microsoft.Office.Server.Search.Administration.SearchRuntimeService named "SPSearchHostController".  Rename your object or delete the existing object.

·        IIS shows a mixture of old and new passwords. Script to run to verify:

$sb = {

    Import-Module WebAdministration -Force

    $webSites = gci -Path IIS:\Sites

    $appPools = gci -Path IIS:\AppPools


   Get-CimInstance -Namespace root/MicrosoftIISv2 -ClassName IISApplicationPoolSetting -Property Name, WAMUsername, WAMUserPass | Select Name, WAMUserName, WAMUserPass | ft -AutoSize

}


Foreach($server in (Get-SPServer| ? {$_.Role-NE "Invalid"}))

{

    Write-Host "Retrieving from Server" $server.Address "---- " -f green

    Invoke-Command -ComputerName $server.Address -ScriptBlock $sb

}



Cause


As the error indicates, there’s a stalled job-admin-apppool-change job:

  Text Description automatically generated

In a normal circumstance, this job does not exist (confirmed in four other farms; it returned nothing).


Resolution


1.      Delete the stalled job and confirm:



2.      Retry updating the existing password from Central Admin (screenshot under Symptoms above).

 

Popular posts from this blog

October 2025 SharePoint CU Failed to Install After Applying September 2025 SharePoint CU

Image
[Tested on SharePoint 2016 only] Applying the September 2025 SharePoint Cumulative Updates to SharePoint On-Prem was a bit chaotic as it introduced a number of bugs. It would have been better if I had the option to skip it and go straight to the October CU. Stefan, the Sr. SharePoint Escalation Engineer at Microsoft, has summarized the issues very well on  his blog . While many of the issues have been fixed in the October CU release, the fix for the "installation of this package failed" error  was not included for those who had already applied the September CU before the fix was made. That is, the System and Local Service accounts have to be manually removed from the WSS_WPG and IIS_IUSRS groups before applying the October CU. Without this step, I encountered a new popup error that said: Error 2349. An internal error has occurred. ( ) Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see PSS10R.CHM. Remedy Remove...
Read more

September 2025 SharePoint 2016 CU - Configuration Wizard failed

Image
[Applies  to SharePoint 2016; not tested on other versions of SharePoint] While the farm account is in the local admins group (regardless of being present in the  WSS_WPG  group), running the psconfigui.exe (SharePoint Configuration Wizard) or psconfig.exe with the farm account gets stuck at the last step (step 10 of 10). Associated behaviors are: CopySideBySideFiles_*.log showing the endless repetition of: “\16\TEMPLATE\LAYOUTS\accessrequestcontrol.debug.js Access is denied. Waiting 30 seconds… Retrying…”. Unable to close the Config Wizard by hitting the Cancel or X button on the GUI; it has to be killed in Task Manager. The “Upgrade Status” page on Central Admin, however, shows the green status “Succeeded” even though it's not. Diagnosis Microsoft has deployed the security hardening with the 2025 September CU. The farm service account can no longer be used interactively from now on. Previously, this was not a requirement, despite the documentation at  https://lear...
Read more

Broken Site Collection

Image
[Tested on SharePoint 2016 only] Suppose the following error occurs while creating a new site collection with a farm admin user account: ## Assume all declared variables are correct ## PS C:\FarmAdminUserAccount> New-SPSite -Url $spSite -Name $scName -Description $scDesc -ContentDatabase $cdb -QuotaTemplate $scQuota -Template $scTemplate -Language 1033 -OwnerAlias $scPrimaryAdmin -OwnerEmail $scPrimaryEmail -SecondaryOwnerAlias $scSecondaryAdmin -SecondaryEmail $scSecondaryEmail ********************** PS>CommandInvocation(Out-String): "Out-String" >> ParameterBinding(Out-String): name="InputObject"; value="Calling extension methods on object Microsoft.SharePoint.Administration.SPContentDatabase+<>c__DisplayClass16 failed with exception(s): The UPDATE permission was denied on the object 'MSP_TVF_WEB_ADMIN', database 'WSS_Content_DbName', schema 'pjpub'." New-SPSite : Calling extension methods on object Microsoft.Sha...
Read more