Error EE0F0001 is a result of an invalid authentication attempt. After 3 invalid attempts the system will go into password entry disabled mode with a timeout, each additional incorrect login attempt the timeouts double. This is by design.
Your users should be able to use self recovery when they get locked out. Either by security questions or smartphone. Are they not able to self recovery?
Also please note the way passwords work in MDE. This may be causing some confusion. MDE passwords are separate from AD passwords. The system is configured to "sync" your AD password to MDE once authenticated to the domain.
For example, if a users AD password is pass1 and sets their MDE password to pass2. pass2 will allow them to login to MDE pre boot authentication. At the windows login prompt user then enters pass1 their AD password and successfully authenticate to AD. Once this occurs pass1 overwrites their MDE password pass2. pass2 will no longer work for MDE PBA. If you attempt to use pass2 for MDE PBA you will get the EE0F0001 error and timeouts.
Regarding your administrative user recovery issue. Machine recovery should not be used to reset a users password. The User recovery option should be used.
Can you please test administrative user recovery again using the following procedure.
https://wikis.uit.tufts.edu/confluence/display/exchange2010/Resetting+an+encryption+password