ZCM 10.0.1 on W2K3 in AD environment

After Windows login on the domain a ZENWorks login dialog is coming up (why?) and wants the user to authenticate to AD once again, but this fails with the agent saying user typed a wrong password etc etc.
Connection between the ZCM server and AD is working fine. We can browse the AD from the ZCM server.

What is the problem?