This occurs when the Active Directory password timeout is different from the web.config setting for "UserManagementMaxPasswordAgeInDays" and the user login date is a period between the two.
Active Directory timeout = 90 days.
Web.conifg setting is = 42
User logs in on day 72
User receives message that password will expire in -30 days
To prevent this scenario, make sure the values of Active Directory password and web.config setting match.