I have an AppleCare enterprise case open for this, but just curious if anyone here is experiencing the same thing:
When you are logged into a mobile account on an AD bound Mac and go to setup iCloud, the currently logged in network account will get locked out as soon as they attempt to provide a password when prompted to provide an admin password to complete the iCloud setup. The iCloud setup will "fail" but then the services seem to work anyway, but then if you unlock the network account it will lock again shortly after that as long as you stay signed into iCloud.
Been seeing this behavior for a few weeks, but wanted to wait until public release to discuss it here. Behavior has persisted through dev preview 8, and both GM builds (the second of which is the same as the final public build released today).
Solved! Go to Solution.
WE DID IT! Finally! I can't believe they actually included details about this bug in the release notes; I thought for sure the issue would fall under the "improves the stability..." umbrella. Thanks to everyone who opened a case and helped bring attention to it!
I had a problem on occasion with my iMac and Sierra with a non-mobile account AD config where randomly after logging in it would lock the console on me. I would enter my password and about 10 sec or so would go by and it would lock again. Rinse, lather, repeat. I never knew what was causing it and it would eventually stop after a restart or two. I had forgotten about it until I installed this update...it came back. This time with my apple watch configured to unlock the station it wasn't as annoying to unlock the system but irritating nonetheless. It locks even if I'm in the middle of typing an email and there's no way to stop it. A restart has stopped it again this time but I have no way of knowing if it's really gone for good. I'm not optimistic. This never existed previous to Sierra and occurred immediately after Sierra had been installed.
I've considered just rebuilding this iMac and configuring it with the mobile account setting to see if that improves things. I'm not sure if it's completely related to the issues reported here but figured I would mention it nonetheless.
"Enterprise content: Resolves an issue were network or cached user accounts (such as Active Directory accounts) using the maxFailedLoginAttempts password policy were becoming disabled."
Fantastic! Been waiting for this for the longest time. Kudos to the whole group for spamming Apple engineers to finally solve this problem. :)
Is this the same issue that we are seeing with 10.12.3 clients connecting to macOS Server 5.2 running on Sierra 10.12.3?
When bound to server and logged in as Network User, if the user attempts to open iCloud preferences, System Preferences stops responding and we must force quit. Applications associated with the Apple ID such as Messages and Facetime also stop responding at launch.
We have a case open with Enterprise Support; they were actually able to duplicate the issue, however their OS is a different version.
@yrs Power the target Mac on, then from another Mac on the network, SSH into it with your management account or any other SSH enabled account. Once you are connected to the target Mac via SSH you are going to periodically run "dscl . -readpl /Users/username accountPolicyData failedLoginCount" (where username is the user that will be physically logging into the target Mac) while the user logs in to the target Mac and performs various actions so you can watch the failedLoginCount value. This will allow you to observe at what point failed password attempts are being logged, and at what point your failed password attempt threshold that causes the lockout is hit. This will help you determine if the issue is caused by the OS, applications, user error, etc.