This problem occurs due to the presence of Cisco bug ID CSCeb43948.
The Could not generate valid password error message displays when the CiscoSecure ACS for Windows is configured to require user passwords that are nine or more characters in length. This error message appears in the logs for the CSMon service when the System Configuration > Local Password Management option is used to require lengthy passwords. The CSMon is a service that helps minimize downtime in a remote access network environment.
The error message appears on the schedule defined for CSMon to test services. This problem occurs on CiscoSecure ACS versions 3.1, 3.2, 3.3, and 4.0(1.27).