Local cached Mobile account is locked

hansjoerg_watzl
Contributor II

We're using mobile accounts (AD join) with FileVault.
In the last days we got an increasing number of issues with locked mobile accounts and we don't know how to reset this lock.

We see this with 10.14.6 and more with 10.15.5/10.15.6.
The domain account is not locked, it's only the local cached mobile account. If a user wants to authenticate locally (without connectivity to the our corporate network), a message appears with something like "try again in x minutes later". (See screenshot from system preferences as example)

The number of minutes can be 15 min. but will increase, if the user still tries to enter a (wrong) password.

How can we reset this, so the local cached password of a Mobile account can be synced again with the current domain password?

edf76014c7bd4aadb6e369432e90b43f

1 REPLY 1

taylorducharme
New Contributor III

I was running into this alot a couple months ago. I have no idea what caused it but the work around was to log into a local account, switch user into the "locked" account and then change the password for that account. That seemed to fix it.