Password Change Problem

[awayman]

Posted this to Microsoft TechNet (twice), and got no help.

I'm running WSS in AD account creation mode. A new issue has come up;
changing the password through the website used to work. When a user tries
the Change Password feature, they get an error page that says, "Error
changing password for user account." The following event shows in the
Security log on the domain controller when this happens:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 7/20/2004
Time: 3:47:36 PM
User: WSSDOMAIN\wssaccount
Computer: WSSDC
Description:
Change Password Attempt:
Target Account Name: username
Target Domain: WSSDOMAIN
Target Account ID: WSSDOMAIN\username
Caller User Name: wssacount
Caller Domain: WSSDOMAIN
Caller Logon ID: (0x0,0x86976)
Privileges: -

The "wssaccount" has access delegated to the OU for account management. In
addition, if I log into the website as the domain admin and change the user's
password using the "change password" function, it resets just fine.

Update since I originally typed this post: I messed around with some permissions and delegation for wssaccount, and now my situation is worse. I still get the "Error
changing password for user account" via the web interface, but I don't get an error in the Windows Event Log on the DC.

I'm stumped; any help would be greatly appreciated.

 

[awayman]

Update:
Actually, a user can change their own password if they are an admin in the subweb they are logged into. However, if they are not an admin, the password change fails.

Basically, any time the user is prompted to enter their original password, then the new password, the change doesn't take. However, if they only have to enter the new password (twice), it changes just fine.

Any ideas? Please?