i think it's because of two things:
when you create a SQL user, that implicitly grants the CONNECT permissions; logins from the domain already exist, so it makes sense you need to explicitly grant them permissions to connect.
when you tried the GRANT CONNECT TO [login],
there was no SQL login that already existed right? I would expect that if the string was not found in either the domain or the locally created logins, you'd get that error.
now if you did CREATE LOGIN [login]; you would see it inherits connect permissions , and no need to explcitly grant CONNECT i believe.
Lowell