I have witnessed this a few times, for some reason the screensaver unlock will not accept the user's password to unlock the screen. These are AD bound machines, brand new(not that it matters), but it seems to only be happening on computers that were enrolled via DEP.
The directory binding is correct and allows the user account to be created, however at some point once the screen saver kicks in they are unable to unlock it with their correct password.
I have computers that were imaged the "legacy" method(netboot -> casper imaging) that don't have this problem and have all the same packages installed.
Has anyone seen this? I swear I saw some threads on this in the past but I can't find them now. Apologies.