Picture this scenario:
You have a domain joined web server where you have an IIS hosted site that runs under the application pool identity. This application pool identity uses the machine account security principal. When you run "nltest.exe /sc_change_pwd:domainname" to change the machine password, you get an authentication failure message from a remote server connection. Rebooting the IIS server fixes the issue until you change the password again (in some instances the machine password may change every 30 days by default).
The issue occurs because the global credential security flag is not updated with the latest password.
There is a hotfix available now to fix this exact issue. Bear in mind that the issue DOES OCCUR for anonymous authentication as well!
Hope that helps.