We are and have been experiencing quite an odd issue. First off....on EP6 connected to ECC5.0 on WAS6.4 (as well as other new versions of CRM, SRM, BI and SEM). SSO is set up all around and works just fine in general. However, it seems that if a user logs into the portal and then say goes to a ECC transaction/service but has NEVER logged into the ECC system DIRECTLY before, they receive a "SAP NetWeaver SAP Web Application Server" pop-up asking them to change their password ("This is an intial password that must be changed." message on the pop-up too). Of course, since using SSO, the user (a) should not be asked for a password on the backend (b) does not know their passwords in backend systems. Our workaround at the moment, the user simply clicks the "delete password" option and then all is well from that point on. This has been happening since at least SP12 and now we are at SP19, so I think it is not SP related. I have searched service.sap.com for notes and here as well with little to no info on this. Any help?