One of the problems you've got, is that your validator is trying to do too many things at once, which is leading to your confusion. You're making an assumption that your sample password is correct, which isn't being helped by the generic error that you're receiving. If your error was more specific, you'd see the problem more easily.
Whilst it is possible to validate the password length, the characters, etc all in one go, it doesn't result in a helpful message for the user.
Consider breaking your password requirements down into individual validators, so you can give the user more helpful feedback.
To start with, you could do something similar to this:
<asp:RegularExpressionValidator ID="RegExp1" runat="server"
ErrorMessage="Password length must be between 7 to 10 characters"
ControlToValidate="txtPassword"
ValidationExpression="^[.]{7,10}$" />
<asp:RegularExpressionValidator ID="RegExp2" runat="server"
ErrorMessage="Password must only contain the allowed characters (letters, spaces and numbers both upper and lower case, and any of the following special characters '@&#.)"
ControlToValidate="txtPassword"
ValidationExpression="^[a-zA-Z0-9'@&#.\s]*$" />
This way, when the password is the incorrect length, but all valid characters, you will only show the length error. When the password is the correct length, but contains disallowed characters, you will only see the character error. When the password length is incorrect, and also has invalid characters, you will correctly see both errors.
You could take this one step further, and tell the user which disallowed characters they entered, such as "the ! character is not allowed". This will greatly help your user to find a valid password more easily.
Password requirements are a great source of frustration to users, it's one of the areas of your signup process where you will lose the most people. Even small improvements to usability can have a significant difference in account creation conversion rates.
