If a user attempts to log on to a machine protected with the AuthAnvil Windows Credential Provider after their Windows password has expired, or the "User must change password at next logon" option has been checked in the user's profile, the log in fails with the error "The user name or password is incorrect."
This is a limitation of the AuthAnvil Credential Provider. Due to the way that the Windows Password is stored, the Credential provider is unable to check if a password has expired and allow the user to change it, with the result that Windows returns the expired password as a bad password, causing the error.
Remind users that they need to change their passwords on their own before they expire, and do not use the "User must change password at next logon" option in the users' AD profiles.
All versions of the AuthAnvil Credential Provider.