Why would a password requirement prohibit a number in the last character?
It's likely an effort to discourage passwords that fit common formats or character masks. If a password policy requires use of a number many people will chose to put their number at the end of a word or words. Here are a couple examples from corporate environments:
- NetSPI Top Password Masks for 2015
- 2015 Trustwave Global Security Report - password masks
Attackers like this user habit because it makes their hybrid password cracking or guessing attacks easier. They can focus on combining word lists with numbers added to the end rather than a more time consuming brute force approach.
So some organizations implement a policy like this in an attempt to improve security by getting users to put their numbers is a less predictable place. It sounds like in your situation they're not combining this with any other complexity checking and instead rejecting all passwords that end in a number, regardless of how random they are otherwise. That's not a very good way to implement this type of checking, but they're not alone in taking this approach.
From experience, the Must not reuse previous 6 passwords
rule may cause users to employ a password rotation scheme in which the current password cycles through something-that-fits-the-other-rules1
through something-that-fits-the-other-rules7
, to make it easier on themselves when obeying the Must change password every 90 days
rule that is common in corporate use.
Password cracking tools could use knowledge of this habit in devising passwords to guess.
The Must not contain number as the last character
rule could be an attempt to circumvent such schemes to force users to choose new passwords that are significantly different from their old ones.