In CICS CTS 4.1 and below there was not an extract to check for PASSINIT.  This is the password interval.  If acids were defined in CTS 4.1 or below with a password interval and were used as ATS acids then the interval was never checked and the terminal logged on successfully.  However, when you upgrade to CTS 4.2 or above the new extract for PASSINIT will check the interval and determine that the passwords are expired.

 The following CICS messages will be received:

DFHXS1202 10/30/2016 10:13:18 CICS11 The password supplied in the verification request for userid xxxxxxx has expired. This occurred in transaction xxxx when userid xxxxxxx was signed on at netname xxxxxxx.

 DFHSN1106 10/30/2016 10:13:18 CICS11 Signon at netname xxxxxxx by user xxxxxxx requires a new password.

Acids with an expiration interval need to have the interval replaced with a 0, so that they do not expire.

Before upgrading run TSSCFILE with TSS LIST(ACIDS) DATA(PASS).

Look at the record type 3000.  If the record is blank then the acid has a non-expiring password (no password interval).  If it is not blank then the acid needs to have the password interval replaced:

TSS REPLACE(acid) PASS(*, 0)  

The * will keep the current password.