The RHEL computer is joined to active directory domain but cannot renew the machine password

Issue

These errors are found in /var/log/sssd/sssd_example.com.log:

(2023-11-14 14:14:07): [be[example.com]] [ad_machine_account_password_renewal_done] (0x1000): 
--- adcli output start---
* Found realm in keytab: example.com
* Found service principal in keytab: restrictedkrbhost/rhel-client
* Found service principal in keytab: host/rhel-client
* Found service principal in keytab: restrictedkrbhost/rhel-client.example.com
* Found service principal in keytab: host/rhel-client.example.com
* Found host qualified name in keytab: rhel-client.example.com
* Found computer name in keytab: rhel-client
* Using fully qualified name: rhel-client.example.com
* Using domain name: example.com
* Calculated computer account name from fqdn: rhel-client
* Using domain realm: example.com
* Sending NetLogon ping to domain controller: adserver.example.com
* Received NetLogon info from: adserver.example.com
* Wrote out krb5.conf snippet to /tmp/adcli-krb5-cnO9rU/krb5.d/adcli-krb5-conf-vN0WOt
* Authenticated as default/reset computer account: rhel-client
* Using GSS-SPNEGO for SASL bind
! Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Invalid argument)
adcli: couldn't connect to example.com domain: Couldn't authenticate to active directory: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Invalid argum
ent)
---adcli output end---