since the vty line are configured to go to enable mode, the enable password is not used. It is being used for the accounts in console.
I am quessing there are different account XYZ and XYZ.domain. Review the enable password setting for these.
What does the ACS failed log say.