I don't know what operating system you run HS under, but if you are running under Linux this might have something to do with it.

Is this a new install of the plug-in starting out with 10.3 device(s) or was it previously running with device(s) < 10.3?

I'm just updating my iPad now to 10.3 and I'll do some testing.

Paul..

Thanks for the quick reply Paul.

It's not a new install, I've had several versions installed on this HS3 box... I updated PHLocation at the weekend, and it had no problems then, but 2FA was only turned on in iCloud yesterday, when I updated my IOS devices.

HS3 itself is running on a Windows 10 VM.

Just updated my iPad to 10.3.1 which was previously running 10.2.? and already configured within the plug-in for 2FA prior to the update of iOS and everything is working as expected here without any prompts.

It may be that something has changed at Apple's end WRT setting up the 2FA in the first instance, so tomorrow I'll test setting it up as a new account.

Paul..

I just updated to iOS 10.3.1 and do not see any problems. I do not use 2FA.

I updated my iPhone today. They are fairly insistent that you should use 2FA now, but it was still possible to decline.

Thanks for the feedback folks. As long as I know it's not supposed to spam me by (apple) design, I'll do some more digging as well, rather than just disabling 2FA. I would like to keep it enabled, as long as it's not going to badger me EVERY 30 minutes... on every device!

I've confirmed that the middlesborough geolocation is from my IP, but god knows who apple use for geolocation, because none of the major services place me there.

I'm also fairly happy that it is PHLocation generating auth requests. in the last 24hrs I've received a push message on a schedule that perfectly matches the polling interval. if I disable / enable the PI in homeseer, I reliably see an auth request within 2 - 3 seconds of enabling the plugin.

Now, If I log into iCloud with a browser, after authenticating with the OTP, I see an option to add that browser to trusted devices... which prevents new requests if I log out / back in... i guess PHLocation doesn't have an interface with a "trust me in future" button, so I don't know if that's something that's changed in iCloud, to coincide with 10.3.

Lastly, I've just 'reset' my icloud device in the plugin, and I managed to get it to re-authorise via 2FA (i've done that 4 times in the last hour), each time, it's taken several "Send SMS" attempts, as I get push messages as well as the SMS, so I think the challenge / response 'pair' is getting out of sync... it does eventually work, but not the first time.

I've got debug logging set to level 2, and just spotted this during a quick scan through the log...

What version of the plug-in do you have? There were some issues on the 2FA side prior to version 3.0.1.71.

The plug-in does add itself as a trusted device in the same way that your browser does but it doesn't ask you if you want to do it.

Can you try resetting the account again and use one of your iDevices to do the 2FA verification as opposed to the SMS method and see if there is any change in behaviour.

NOTE:
When you have reset the account, stop and re-start iCloud services before retrying the 2FA verification.

Paul..

Hey Paul, The plugin's the latest one according to the manual update check... From memory, I think it's 3.0.1.84?

I tried resetting again (including the service restart) and using the push messages to authorise the PI, but I get a message that the code's invalid no matter how many times I try... the only thing I can get to work is sending an SMS (again, takes a few "Invalid code" attempts before it works).

I also tried removing everything for my iCloud account from the plugin... account / devices / places. On adding everything again, I get the same behaviour.

I've just tried resetting my iCloud account a number of times within the plug-in and it re-verified without issue both using push to my iOS 10.3.1 iPad and SMS to my non-Apple phone so I'm not sure what the problem is.

Can you try:
1. Stop iCloud services within the plug-in.
2. Reset the problem account from the PHL tab of the root device.
3. Set debug level to 2 on the general config page.
4. Make sure that a polling interval is set for the problem account.
4. Re start iCloud services.

You should get some errors and / or warnings in the HS3 log when it tries to connect to the account because 2FA is required but not verified.

Go back to the root device and try to re-verify 2FA.

Email me all the HS3 log entries for the whole above process and I'll see if I can spot the issue.

Set debug level to off once the above is complete.

Paul..

I've just run through those steps, and the logs are on the way over to you, thanks!