The following fix brought in Policy Server 12.52SP1CR05 has introduced the problem :
00250192 DE101595 The Authreason codes from Policy Server are not same as the AD response irrespective of the status of isADEnhanced.
Defects fixed in 1252sp1cr05
A functional impact occurred with the default behavior for the password services not working as expected as the redirect URLs attributes are not sent back in response to agents for the scenarios like "PasswordExpired", "MaxloginFail" attempts etc.
The reason for this behavior is that, previously for both "PasswordExpired" and "PasswordMustChange" there was the same authreason is used and we set redirect based on that single authreason only.
This is applicable for the scenarios "MaxLoginAttemptsFailed" and also "Account Disabled", which were considered the same earlier and they should be treated differently.