Can you let us know what build of SafeBoot/MEE that you're running? Also, are you using the standard MSGINA? When the users password expires, how are they notified and how are they changing their password? Is this all happening through the MSGINA on the device that's encrypted, or are there 3rd party tools involved in that part?
Could you post a client log of when the password expires and the user changes it?
The MSGina is the standard windows XP one, they are notified by the standard windows password message "Your Password Has Expired and must be changed". User does the usual new password, confirm password.
No other third party tools are being used other than the Safeboot Device Encryption.
I'll post a log of an expired password when I get one (Will be monday now)
We need to see the client log from a system when this happens. I want to see if the client log shows the "sending local token changes to database" and "sending local SSO changes to database". If both of these are present and the client *still* doesn't take the new password, then we have a real problem.
We also need to know exactly which Windows Logon options you have checked in the Machine properties. Finally, we need to know if this is a Vista or XP machine. If it is Vista, SSO will only work if you have ALL Windows Logon options checked.