Had an issue today where I was trying to add in all the managed accounts required for a new farm I was provisioning – in SharePoint 2013, you can tick the “auto-change password” checkbox and it will change the password IF the policy is set to change the password (say every 43 days like it is by default in a new domain).
Sweet, right? So i ticked the checkbox and hit OK, and got an error…
Access denied. Only machine administrators are allowed to create administration service job definitions of type: Microsoft.SharePoint.Administration.SPGeneratePasswordJobDefinition, Microsoft.SharePoint, Version=220.127.116.11, Culture=neutral, PublicKeyToken=71e9bce111e9429c.
Then every time I tried to go back into the UI I would get an error:
Object reference not set to an instance of an object.
Yep, plenty of info there… but unfortunately the ULS logs were not much better…
Application error when access /_admin/ManagedAccounts.aspx, Error=Object reference not set to an instance of an object. at Microsoft.SharePoint.ApplicationPages.ManagedAccountsDataSourceView.FillDataTable
Theory of what went wrong:
It’s possible I was not running Central Admin website in Administrator mode and so even though I was logged in as a local administrator, the site failed to “talk” to the local machine timer service. For whatever reason, the error occurred but SharePoint believed the timer job HAD been created… and so next time I opened the page it tried to enumerate through the Managed Accounts along with any “password change” timer jobs associated with each account… and threw a “missing object” error (Looks like this piece of code was missing the “catch”).
Remove the unattached Managed Service Account using the following Powershell script, replacing the domain and username with the ones for the account you have just added…
Remove-SPManagedAccount -Identity DOMAIN\UserName