I've got a test domain rig where the (single) DC is Server2008 R2 and there are some XP (SP3) workstations.

Following a reset of a user's password (eg using AD U&C, at the DC) something very strange happens. The user can still log onto an XP workstation with the old password. This only works once. The next logon attempt brings up the familiar 'The system could not log you on...' dialogue and only the new password will do.

The new password works on the first logon attempt too, by the way. So you only see this if you attempt to use the old password after it's been changed.

Some other observations:
(1) As far as I can tell this is a time-dependent issue. If you leave long enough (not sure exactly, but maybe > 10 minutes) between the reset and the subsequent logon attempt the problem seems to have gone away and you get the 'system could not log you on' dialogue.

(2) The problem does not seem to be present if the user logs onto a Server 2003 domain machine.

(3) The initial session often, but not always, appears compromised insofar as you get a strange warning in the system tray saying 'Windows needs your current credentials'. Clicking this brings up a dialogue telling you to lock and then unlock the machine, presumably so that you can re-authenticate.

(4) The problem also occurs, in exactly the same way, if the password reset is done programmatically, via IADsUser::SetPassword().

I've not been able to test this on a rig using Server 2003 DCs (my normal operating conditions) and so can't narrow this down terribly well - sorry. But I just wondered if it might light a bulb in someone's head and I could get a pointer to where to look.

Any help much appreciated,

Cheers, Ian.