Several customers already reported this problems with managed account passwords after installing the MS16-101 August Security updates for Windows.
This security update disables the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations.
Due to this change it is no longer possible to use the options ‘Set account password to a new value’ or ‘Generate new password’ for a Managed Account in SharePoint if MS16-101 is installed on either the SharePoint server or the Domain Controller contacted by SharePoint.
Changing the password in AD and then updating the password using the ‘Use existing password’ option in SharePoint works fine as this step only validates the password but does not change it in AD.
More information about this issue can be found in Trevor Sewards blog post:
Update 2016-11-18: This problem has been resolved with November 2016 CU for SharePoint 2013 and 2016.