1. password policy is embedded (ref) in security policy, which is set as default in System Configuration
2. the password policy specified that there must be numeric character in the password
is used with weak mapping in source resource
4. SOMETIMES(!!!) the password generated by the policy does not contain the numeric character and is considered invalid by the same policy which generated it...
Obviously there are some defaults or something...
As a workaround, we try to set
with reference to the password policy... I will update this issue description later.