Keychain issue with network users on 10.10 clients

Howdy,

I am able to replicate this problem on a 10.10 client (logging in as a network user), and a 10.6.8 server (for home directories).

I am able to reproduce this with a 10.10 client and a 10.9 (3.2.2) server, but so far it has been fine if it's a 10.10 client and a 10.10 (4.0) server. However, in my setup I have two servers (the ODM and the mail server) and am still seeing the problem when I introduce the mail server (whether 10.9 or 10.10) into the mix. If I host the mail accounts on my 10.10 ODM instead, 10.10 clients seem pretty happy (10.9, not so much).

At this point I'm considering it more inconsistent than lucky. I have a feeling if I go back and test it again I'll get dicey results. I've been working with Apple on it, if I figure anything out I'll let you know.

We have a mix of clients, 10.7, 10.9, and 10.10. I see the issue on 10.9 and 10.10 clients. It started with 10.9.4 update.

Server does not seem to make a difference, it seems a client issue. It is actually worse on 10.10 since 10.10 does not properly sync a login.

I want to add that with 10.10 clients, not only do they get the HomeSync login prompt, they get iCloud login prompt twice and iCloud Keychain gets reset at every login.

HomeSync is hosed. Apple software QA has gotten REALLY bad on initial releases.

Same issue here, Mavericks Server Keychain not properly storing information network users.,Mail keeps asking for password and icloud setting do not load in system preferences, same issue with iMessages, notes app, they must be all related,with Yosemite got even worst, please call apple care, I already did and have an open case, the more people that call them the sooner they will take care of this issue, only workaround is restarting clients after each user logs out.

Hi Robert, I been fighting with same issue since mavericks came out, and keep fighting in yosemite, we really need apple to fix this soon.

Imperfect workaround for this issue:

EVERY time a network user logs out, the computer should be restarted before they log back in again. As Robert indicated above, the reboot removes all of the vestigial processes and, as a result, the machine is clear of the offending processes when the user logs back in. My users will be told to select RESTART in lieu of log out each time they need to log out unless they are leaving for the day and shutting down.

I spoke to an Apple Enterprise rep about this today. The rep was very apologetic for the ongoing problems. They said that there is not a solution yet but that Apple is aware and a team is "working on it." The fact that this has been going on for as long as it has is silly. The loss of productivity to the companies represented by the entries in this discussion alone must be thousands of hours due to the numbers of users impacted.

Please post alternatives to this workaround here if anyone comes up with one.

-Erich

Doesn't help for us, even with a reboot I am still seeing the issue with Home Sync and the login keychain and iCloud logins. I set all the computers to reboot at night and before I leave at the end of the day I give them all a reboot just to make sure.

In my Keychain folder the login.keychain gets properly updated on logout or idle sync. It does not seem to get updated at login sync. Same with metadata.keychain. The iCloud keychain has made 4 folders. 3 are old from when the system was first updated to 10.10. One has a keychain-2.db that is getting properly synced on logout and idle but not at login.

So this seems to be the source of my woes. The files seem to be unavailable, locked, or not properly synced during login hence the request to re-enter the password for login keychain and iCloud

This keeps getting comically worse. Tried 10.10.1 and still has the HomeSync login request, still has the iCloud password request twice, now adds iMessage password request twice, and FaceTime password request twice. When you file bug reports you get the same automatic response of running sysdiagnose no matter what the bug is including App Store serving up wrong updates. I can't believe Apple has not fixed this going back to 10.9.4

Robert and others have found a fix for this that works with 10.9 and 10.10.

Check pages 5 and 6 of Re: Mavericks Server Keychain not properly storing information network users.

Start with the Scripts written by Benjamin Losch and follow to the end for adjustments.

Not working for me, still no homesync at login, still getting Keychain login request. killing secd causes iCloud Keychain to reset for me too.