I've set an NMAS Password policy for users within an eDirectory Tree.
The password policy requires a number of criteria to be met.

If one of the password criteria are not met, the user is presented with
a similar error message:
LOGIN-LGNWNT32.DLL-710: The password could not be changed. Error 0xffffc178.
(The code 0xffffc178 referees to a numeric missing from the password.)

Once the user clicks on the "OK" button Windows loads without the
eDirectory password being changed (but the AD password is changed) and
the "Grace Login" counter is decremented.

Any idea how to prevent the user from logging in until they enter a
password which is validated by the password policy?

Also, any idea as to why the strange error message appears as opposed to
a more user friendly message?