A background service, mobile device, or mounted share (like NFS/CIFS) is using cached, incorrect credentials for that user. Every few seconds, it attempts to sync, failing and instantly triggering the lockout threshold again. Solution: Have the user turn off Wi-Fi on their phone/tablet.
The user sees the "Reset password" button, but after authenticating, they get "No escrowed key found." Root Cause: The Mac completed FileVault encryption before the MDM profile was installed. Solution: Run an MDM command to EscrowRecoveryKey . In Jamf, this is "Update Management Account" or "Rotate FileVault Key." In Intune, sync the device and run "Rotate FileVault key." ipa user-unlock
By default, only users with administrative roles can run this command. You must have a valid Kerberos ticket (via kinit admin ) to execute it. Fedora Linux 🖥️ Unlocking via the Web UI A background service, mobile device, or mounted share