the server-side ntlmssp api increments ntlmssp_seq_num twice. this obviously isn't very good, but it gets away with the first packet-exchange because the sequence nuimber is correct - once and only once. that's enough for one password change, btw, which is what ntlmssp _mostly_ gets used for :) so it's a bug, but not an issue - for now. luke