Users can't change password via web interface

Hello,

we have a problem were users are unable to change their password through the web interface. They are able to login, but after providing the old and new password for the change they get an error message.

The log file /var/log/univention/management-console-server.log tells me:
22.10.24 14:27:44.707 AUTH ( WARN ) : Changing password failed (('Authentication token manipulation error', 20)). Prompts: [('Current Kerberos password: ', 1), ('New password: ', 1), ('Retype new password: ', 1), ('Unable to reach any changepw server in realm DOMAIN.LOCAL', 3)]

Has anyone a hint or two?

Restarting heimdal with systemctl restart heimdal-kdc.service seems to solve the problem temporarily. I found this bug from UCS 4.4: 50524 – Self-Service not usable after installation: unable to reach any changepw server

We are on version 5.0-9 at the moment.

Another problem I see now is, that on our Backup Directory Node the user can login, but has no option to change the password. The option was there before I restarted the heimdal service on the primary.