Issue with oneway keytab file...password not correct

Hello,

We sometimes are facing the problem described in this article:

https://support.oneidentity.com/safeguard-authentication-services/kb/267418/failure-417-vas_host_services-password-in-file-etc-opt-quest-vas-oneway-keytab-for-principal-oneway-account-domain-com-is-not-correct

However, what could be the cause of why the password is not matching what is in Active Directory ?  The article talks about how to resync them back, but doesn't give any reason why it happens.  With the oneway script, the service account in the trusted AD domain  gets created with "password never expires".  So, the password is not being changed on the trusted AD domain side.  So, we just want to know what is causing it.  We use one keytab file per system so at least the outage when this happens is limited to that system.  But, still we would like to get to the bottom of it.  Thanks.