I thought this behaviour was just popping up for users who's password was expiring. We have Max Password Age set to 180 days. But now I find it's happening to other users; even new ones I just set up. I wondering if
poking around in TMG caused it to worsen.
It's been working fine. We force new users to change their passwords and then they go on to our SharePoint portal. Subsequent logins proceeded without issue. Then earlier this week some users were notified that their passwords were expired
and to change them. They would change it and continue on to the portal. Then on subsequent logins, they were again notified that they're password expired. If they bypass this page and go straight to the portal homepage, they get in fine.
The password change is taking effect. The old password is no good. I checked the pwdLastSet value in AD and it is set correctly.