I hit a very unusual bug with IIS 6.1 (Win 2008 R2 server) today. When passing credentials from iPXE to IIS (for accessing secured resources), my password didn't work.
For this example, lets assume my password was Ba5eb@ll
The "@" was interpreted literally in the URL arguments and completely changed the way the string was handled. The URL was something like
Which translated roughly to http://robbie@Ba5eb@ll/boot/secure/boot.php
(the translation didn't appear long enough to capture it properly)
I replaced the "@" with a "%40" (when prompted for my password) and everything worked.
Also, perhaps I need to reconsider what special characters I use in passwords.