After installing May 2016 Cumulative Update (Project Server KB3115024) my Search service application stopped crawling content with error  "Item was not crawled because of a password change".

My Default content access account is OK. I have changed it several times in search administration page.

Password is ok.

Web application policies for this account are correctly configured for read access.

After starting full crawl process I receive also this event log warning:

The start address http://xxx
Context: Application 'Search_Service_Application', Catalog 'Portal_Content'
Details: Logon failure: unknown user name or bad password. (0x8007052e)

In security Event log:

Audit failure: An account failed to log on.
Account For Which Logon Failed:
 Security ID:  NULL SID
 Account Name:  SearchAccAcnt
 Account Domain:  mydomain
Failure Information:
 Failure Reason:  Unknown user name or bad password.
 Status:   0xC000006D
 Sub Status:  0xC000006A

This (Status: 0xC000006A) means that account is ok but password is bad.

As I said password for this account is ok.

After checking search app DB I've found that password for this account is stored in clear text:

MSSConfiguration table:

GUID\Gathering Manager\DefaultAccount => mydomain\SearchAccAcnt

GUID\Gathering Manager\DefaultAccountSecret => {guid2}
GUID\Gathering Manager\Secrets\{guid2} => my-password-in-clear-text

But in my sps-2010 farm password is encoded in this record:

GUID\Gathering Manager\Secrets\{guid} => 0x568FC1....

I think while impersonating search account sharepoint tries to decode stored password but result is bad because it is stored in clear text. Which cause logon failed error.

What happened in my system?

Why sharepoint started saving this password in a clear text?

Can anybody check the same table in SearchAppDB?

do you have also encoded password for search acount or not?