Several customers already reported this problems with managed account passwords after installing the MS16-101 August Security updates for Windows.
This security update disables the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations.
Due to this change it is no longer possible to use the options ‘Set account password to a new value’ or ‘Generate new password’ for a Managed Account in SharePoint if MS16-101 is installed on either the SharePoint server or the Domain Controller contacted by SharePoint.
Changing the password in AD and then updating the password using the ‘Use existing password’ option in SharePoint works fine as this step only validates the password but does not change it in AD.
More information about this issue can be found in Trevor Sewards blog post:
The SharePoint product group is currently investigating this issue.