@atoponce "the" problem? Feels like you forgot an "s". Please tell me this wasn't a production system somewhere.
My first thoughts are:
* they have maximum password requirements that are not being communicated to the user
* their regex test is faulty
Additionally, too many unknowns here:
* is the compliance check client-side only, or is there also a server-side check that could be failing?
* is that a regex-only check for password rules enforcement, or does it also include an entropy-based test for complexity?