I'm using asp.net's built-in membership provider with security q'n'a enabled against a SQL Server 2005 db, and when requesting a password reminder, the process is never completed for some users (works fine for some). In those cases, when the user submits their answer, the page reloads, showing their security question again, but never verifies their submitted answer. There isn't anything unusual about the question or answer for those having the issue (eg. unusual characters), as I've been able to create a user with the issue using alphanumerics only.
The VerifyingAnswer event is being triggered, but not AnswerLookupError (if answer is incorrect) or SendingMail (if answer is correct). I ran a SQL trace during one instance, and the aspnet_Membership_GetUserByName stored procedure is being called, but nothing else gets called after. I would expect that aspnet_Membership_GetPassword would be called, which passes the security answer as a parameter, but it isn't.