Thanks for opening up the case as I noticed this last night but couldn't pinpoint what the culprit was. I'll be interested to see what their response is.
I believe I was experiencing something similar with the Sierra GM:
My machine isn't bound to AD or a directory, the account in question is local.
Shortly after setting up iCloud, the user account associated with the iCloud setup would be locked out. First symptom was the wake from sleep screen save lock. All password attempts would fail.
After forcing reboot, the user account no longer appears in the pick list of active users. Logging in as local admin shows the user account is still listed in Users & Groups systems prefs pane.
My only solution was to delete the user account, preserving the home directory, then recreate the account using the same username/password. This enabled me to log back in, but the problem would return.
Eventually, I migrated the user home directory to a new machine, only to have the same problem pop up. Finally, I did the account rebuild dance, but trashed the ~/Library. Problem went away and I was able to configure iCloud without problems.
HTH.
Glad to hear it's not just me @eosrebel (but not glad you are having problems of course).
Hmm, interesting @emax. So, issue may not necessarily be isolated to network accounts, and the network account lockout is just a consequence of a more localized issue.
First response from engineering is that they are in the process of attempting to reproduce the issue, so we'll see where things go from here. If we come up with a non-software update related solution/workaround that Apple is OK with me publishing then I'll definitely share it here.
If anyone else with an AppleCare OS Support account is having this issue I encourage you to also open a case so we can get some extra eyes on this.
@jasonaswell I dig some more experimenting and found that the issue only pops up if the AD bound machine has an iCloud account logged in at the time of starting the upgrade process. If I log out of iCloud before the upgrade and then log back in to iCloud after the upgrade things go fine.
@eosrebel what happens when you log out of iCloud? Aren't you asked to remove everything on your Mac that was part of the iCloud? I am concerned that there could be a lot of users who lose their files in the process? All those documents, photos and so forth kind of scare me a bit if I were to lose them personally.
@mconners Yes it does, but it retained copies in iCloud that were resynced to the device when I logged back in. In my org we don't use iCloud a whole lot so this is a minimal impact issue for us, but should honestly be covered by the standard "back up your data before upgrading" boilerplate warning.
I am seeing this as well with the iCloud setup throwing several bad password attempts (AD) when I first attempt to login
I've updated last night without disabling iCloud on my rMBP and everything worked fine. There are some typical new release things that I thought would be fine. Wireless constantly struggles from waking up to find a network. My thunderbolt display was recognized by the laptop without a restart. So far so good though.
Just wanted to add a +1 to this thread; we are also seeing the issues with AD lockouts on Sierra with systems that are signed into iCloud. In our case, the systems are locked out automatically after the upgrade, without user interaction.
We are also going to open an AppleCare case for this issue; I'd suggest that anyone else who is experience the issue do the same.
I do not have AppleCare, but I'll +1 this as well. On my AD-bound MBP, I did an in-place upgrade while signed into my iCloud account (I never would have thought to sign out), and I started experiencing AD lockouts. I don't remember even one of those happening on El Capitan except when I messed up my password.
The only experience I had was the following day after my update to Sierra. I had some strange log in issues with Outlook. Since I sit in the client services area, I asked a fellow helpdesk colleague. I was locked out of my account, but after resetting the account in AD, I have had no further issue. Very strange indeed. This indeed is an issue.
Engineering has confirmed the issue exists with local accounts, and consequently mobile accounts are affected, and since mobile accounts are affected the respective AD account will be locked as well. They don't currently have any suggested workarounds or a concrete timetable for a fix, but they are aware of the problem and are actively working on a solution.
Unfortunately not any additional info to offer at this point, but this at least confirms that it's a known issues, and that there are a growing number of cases being logged against this (thanks to all here who have done so!). Hopefully those cases create a greater since of urgency to push a fix.
<kicks the Sierra can down the road>
I'm glad I found this post as I thought it was just me with this issue. I have exactly the same issue, after trying to login to iCloud account on Sierra on a machine with AD accounts it asks for system password which it rejects, on cancelling the dialog the machine no longer accepts my AD or Keychain passwords, rebooting does not fix this issue, though oddly leaving the machine idle for around 1 hour and my login works again, trying iCloud login again and the problem repeats.
Yep, I'm seeing this as well, as are the few users I have currently testing. It seems to no longer be an issue after the first or second AD account lock.
Super weird.
Any updates? We are batting 1000 on this one. My pilot group are all running (begrudgingly) w/o being logged into the iCloud.
No updates at this point. Engineering requested some logs and an EDC and said they'd reach back out if they arrive at any solutions or workarounds. That was on 9/29 and haven't heard anything further :(
I'm on 10.12.1 Beta (16B2338c) and haven't experienced this issue at all. Maybe they've fixed it for the next release. Would be curious for someone else to try who had the issue to see if the 10.12.1 beta fixes it.
One of my engineers has had the same success with 10.12.1 Beta. He was also able to do the watch unlock too (which he couldn't). We are still testing, but it does look promising.
Just a follow up, beta 10.12.1 (build 16B2338c) still causes this issue in our environment. So, I'm unfortunately not having the same positive outcomes with the beta yet.
@jasonaswell do you have replication instructions. I have only done limited sierra testing (currently held back by our ancient versions of mcafee software in production) but if I can replicate I will open a case with AppleCare.
@Kaltsas Here are the steps from our current case:
"When logged into an AD bound Mac running Sierra with a mobile account with a local home folder, the AD account of the logged in user will lockout when attempting to setup iCloud in System Preferences. This occurs at the step of the iCloud setup process where it prompts for the local admin credentials (those credentials being the current user if they have admin privileges).
It immediately rejects the network password, and then the network account is locked due to multiple failed password attempts, even if user has only made one actual attempt in the GUI (often when no attempts have been made yet). iCloud setup says that it has failed, but seems to work anyway. But even after getting the network account unlocked, it is quickly locked again from failed password attempts coming from the IP of the Mac being used."
We are having the same issues with beta 10.12.1 build 16B2333a
I have not tested theory but since iCloud is causing this would it make sense to logout of iCloud and leave it logged out?
Interesting thought: with the new iCloud Configuration Profile options in 9.96, there is an option for "Allow use of iCloud password for local accounts". It looks like the preference domain for this is "com.apple.preferences.users". I have this profile applied (with this setting and docs/data disabled) on my primary machine, and have yet to see an iCloud lockout of my AD account since having this on my machine.
UPDATE: Applied that setting to my test Mac and still got locked out when siging into iCloud...
