Microsoft Lync keychain password prompt on login

-
One of my users ran into an issue recently when launching Microsoft Lync. When the Lync application logged into the Lync server, a Microsoft Lync wants to use OC_KeyContainer_username@company.com. Please enter the keychain passwordprompt appeared.
Screen Shot 2013-12-02 at 11.07.19 AM
The curious thing was that the keychain prompt would not accept the user’s current login password. When I checked, the user’s login keychain was unlocked and using the current password, so it didn’t appear to be caused by the login keychain password issues that I normally deal with.
After some research, I was able to find the answer and get this issue fixed. See below the jump for the details.


The fix:


1. Quit out of Microsoft Lync
2. Go to /Users/username/Library/Keychains
3. Remove the OC_KeyContainer__username@company.com file from/Users/username/Library/Keychains.
4. Launch Microsoft Lync
5. On relaunch, the prompt no longer appeared.

What caused the password prompt?:


Microsoft Lync creates a keychain file to store encryption keys. The file is physically stored in/Users/username/Library/Keychains and is named something similar toOC_KeyContainer__username@company.com.
Screen Shot 2013-12-02 at 11.04.06 AM

The password for this keychain is not tied to the user’s account password and it looks like the Lync program itself will automatically generate a randomized password for it. The password to unlock that keychain is then stored in the user’s login keychain.

Screen Shot 2013-12-02 at 11.03.39 AM

Occasionally, something in Lync happens that causes this keychain to refuse to work properly. In that event, a pop-up may appear requesting a password.

Screen Shot 2013-12-02 at 11.07.19 AM

Removing the OC_KeyContainer__username@company.com keychain file will force Lync to create a new one.

Screen Shot 2013-12-02 at 11.05.23 AM


Screen Shot 2013-12-02 at 10.40.29 AM

When Lync is relaunched, it will generate a newOC_KeyContainer__username@company.com keychain file with a new randomized password and store it in /Users/username/Library/Keychains.

An interesting thing about this OC_KeyContainer keychain and associated password entry is that the persistence of it appears to be tied to whether or not Lync is set to save the user’s account password.

If the password is set not to be saved:

Screen Shot 2013-12-02 at 11.26.56 AM


The OC_KeyContainer__username@company.com keychain andOC_KeyContainer__username@company.com password entry in the user’s login keychain are created when Lync connects to the Lync server.
Once the Lync application is quit, the OC_KeyContainer__username@company.com keychain and application password entry are automatically deleted. On relaunch, a newOC_KeyContainer__username@company.com keychain and application password entry in the user’s login keychain are created.

If the password is set to be saved:


Screen Shot 2013-12-02 at 11.27.01 AM
If they do not already exist, the OC_KeyContainer__username@company.com keychain andOC_KeyContainer__username@company.com password entry in the user’s login keychain are created when Lync connects to the Lync server. A Microsoft Lync password entry is also created in the user’s login keychain if one does not already exist.
Once the Lync application is quit, the OC_KeyContainer__username@company.com keychain and application password entry persist and are not automatically deleted. On relaunch, Lync will look for and re-use the existing OC_KeyContainer__username@company.com keychain andOC_KeyContainer__username@company.com password entry.

Yorumlar

Yorum Gönder

Bu blogdaki popüler yayınlar

TERMINAL SERVICES UNLIMITED

-
UNLIMITED TERMINAL SERVICES CONNECTIONS IN WINDOWS TERMINAL SERVICES 2000 AND 2003 1. INTRODUCTION Welcome to Terminal Services Unlimited. This document aims to help you get Microsoft Windows 2000 and Windows 2003 terminal services unlimited connections at unlimited time. Please note that this is not crack for windows or anythig like that. Nevertheless, to completely prepare your server, I recommend that you begin by taking the step by step as it is covered in this document. I also recommend that you install, configure terminal services and terminal services licensing for running. I have tested this solution with clients Windows 2000 Pro, Windows XP, Windows 2000 Server, various Windows 2003 servers and PocketPC and also I have feedback that this is also working on thin clients. 2. UNLIMITED TERMINAL SERVICES CONNECTIONS IN WINDOWS 2000 Acording to Microsoft it is not ilegal to use terminal server with temporary licenses. There is a paragraph that says: " There is no provision in
Devamı

Uzak Masaüstü Bağlantı Geçmişini Silmek

-
Windows XP ve 2003 server üzerinde : Uzak masaüstü bağlantısı yaptığımızda windows işletim sistemi bu bağlantılara ait ip adres bilgilerini ve geçmişini sistem dosyaları içinde tutar. Bu dosyaları ve bağlantı geçmişini temizlemek ve silmek için aşağıdaki yönergeleri uygulayabiliriz. Başlat > Çalıştır > Açılan kutuya regedit komutunu yazarak Enter yapalım. Açılan Kayıt defteri düzenleyicisi üzerinde sol taraftaki menüden sırasıyla HKEY_CURRENT_USER \ Software \ Microsoft \ Terminal Server Client \ Default yolunu takip ettiğinizde Default içinde MRUSayi şeklinde dosyaların olduğunu göreceksiniz. Bu dosyaları silmek için dosya üzerine sağ tıklayıp Sil seçeneği ile uzak masaüstü bağlantı adreslerini silebilirsiniz. HKEY_CURRENT_USER \ Software \ Microsoft \ Terminal Server Client \ yine aynı bölümde Default altında bulunan Servers dosyası içindeki uzak bağlantı ip adresleri bulunmaktadır. Bu ip adreslerinin bulunduğu dosyalarıda aynı yöntemle silmelisiniz. Bu bölüm windows 2003 serve
Devamı

Putty Komut dizini

-
Exit :çıkış passwd:En az 6 karakter.en az iki karakter alfabetik kalanin sayisal veya en az bir karakterinin sayisal olmasi gerek. logname:O andaki calisani user id gosterir. ls:Bir dizin icinde yer alan dosyalarin listesini veririr. rm *:Birdizin icinde yer alan dosyalari siler. > :Bir satira sigmayan command alt satirdan devam ettirir. &:Verilen komutun sonuna yazilir ve komut geri planda kendi kendine calisir.Sonuclaninca sonuclari verir. komut> dosya:Eger komutun olusturdugu tum sonuclar ekran yerine bir dosya icine yazilir. komut> > dosya:Verilen dosya isminin sonuna sonuclari yazar. ;Bu isaret commad arkasina konarak.bir satirda birden cok commad calisir komut< dosya:Bir unix komutu ekrandan giris yerine bir dosya icinde oku nacaksa bu komut kullanilir. sleep zaman;komut:bir komutun belirli bir sure sonra calistirilmasi iste niyorsa bu komut kullanilir ornek:sleep 20;date:20 saniye sonra tarihi goster vi dosyaadi:Vi editi dosya acmaya ve acilan dosyanin icini g
Devamı