As an administrator you find that your users are reporting that they cannot login using their latest Internet password
Users can not log in with their latest Internet password but can log in with their previous Internet password.
In this case it has been identified that users are changing their Internet passwords and then changing the password again straight away. This action is currently not supported and results in multiple Change HTTP password requests being generated within the admin4.nsf database and the requests not being processed in the order expected by the Administrator and Domino is actually working as designed.
An enhancement request to change the administration process to allow Change HTTP requests be executed based on the time they have been received into the admin4.nsf has been created under APAR LO73909
Diagnosing the problem
The Domino Administration Process does not process adminp requests such as change HTTP passwords based on a time generated basis rather it processes the last request received the next time the administration process begins to scan for new requests to process so acts more like a stack. The administration process scans for new requests to process every 60 seconds at a minimum and by default however this can be changed within the server document within Interval field of the Sever Tasks -> Administration Process tab to up to a maximum of three (3) minutes.
This means that entering multiple Change HTTP password requests within a couple of seconds of each other can result in the requests being processed in an order not expected by the end user or administrator and one or more of the requests will fail with the following error reported in the admin4.nsf Wrong Password (Passwords are case sensitive - be sure to use the correct upper and lower case) and the user finds that they can not log in with what they believe is their correct Internet password but can log in with a previous password.
While this issue can be seen when the user changes their Internet password through a browser, it should be noted that if an organisation is using ID Vault and have the following policy settings enabled "Update Internet Password When Notes Client Password Changes" and "Enforce password change after password has been reset" that this issue can also occur as follows
A: The administrator changes the password for the user within the vault, which creates a Change User Password in Domino Directory and Change HTTP password administration request.
B: The user logs in to their Notes client straight away and changes their password as required, which generates its own Change User Password in Domino Directory and Change HTTP password administration requests.
C: The user changes their password again straight away, which generates another set of administration requests.
Resolving the problem
To prevent this issue from occurring the user must not change their Internet password and then change it again straight away. A recommended minimum interval to wait is three minutes before changing their password again to allow the previous Change HTTP Password request to be executed. However as the request must be replicated from the user's mail server to their administration server for processing and their person document updated and these changes replicated back to their mail server, replication delays can increase this time limit unless the administratior manually replicates these databases.