none
microsoft oc1 generic credentials RRS feed

  • Question

  • please give us the solution for the windows vault credential. i.e  "Microsoft_OC1:uri=*** Email address is removed for privacy ***:specific:OCS:1"

    even if we deleted the credentials from the vault, repeatedly this above will getting saved, and user password getting locked.

    Tuesday, May 2, 2017 10:14 PM

All replies

  • Hi D_Vampire,

    In order to narrow down the issue, please help us confirm the following questions:
    1.Did you mean that you can’t modify Lync password when you sign in Lync client?
    2.Did  the issue only appeared on the specific user/ client?

    For this issue, if it only appeared on the specific client, please try to clear Lync cache file: %UserProfile%\AppData\Local\Microsoft\Communicator\ sip_UserName@Domain.com, also make sure your Lync client with the latest update.

    Please follow this method to remove stored password with Windows Credential Manager:
    1.First you need to make sure you have fully exited the Lync client.
    2.Then go to the start menu and find the control panel. In the control panel search for credential manager and open it up.
    3.Under Generic Credentials there should be an entry that starts "Microsoft_OC1:uri=" This is the stored Lync credential.
    4.Click the downward arrow to expand the credential and then at the bottom of the credential select Remove from vault.
    5.Make sure to remove ALL the credentials starting "Microsoft_OC1:uri="as any of them could be the one causing the problem.

    After this try to log in to Lync again.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Alice-Wang Monday, May 8, 2017 9:21 AM
    Wednesday, May 3, 2017 2:24 AM
  • Hello, we have been wrestling with the problem for about a month ever since I enabled AD sync to O365 AD.  In our case, Skype for Business (S4B) is what is causing the lockouts.  We have discovered that if you create a Windows Generic Credential manually, it will stop the lockouts.  I suggest you do clear the credential cache as described by the Microsoft person.  Then you can create a Generic Credential with the following name:

    Microsoft_OC1:uri=username@domain.tld:specific:EWS:1

    This has worked on 100% of Windows clients we've added them to so far.  Getting S4B to auto-create this credential is spotty but seems to work if you start S4B on a connection that has Internet access but not on your corporate network.  While on the corporate network, many clients seem to create the OCS version of the OC1 credential.  We have not found a correlation for how it decides which credential to create.

    Hope this helps somebody!

    Wednesday, May 16, 2018 3:28 PM
  • Can you please elaborate on the problem and how the users got locked out ? 

    I am experiencing a similar situation and I have noticed that the ( Target: LegacyGeneric:target=Microsoft_OC1:uri=corp@email.com:certificate:OCS:1 ) is being added to the local workstation.

    We have applied the GPO ( HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync\SavePassword\ and the other one to not show it and to disable the saved password ability ) that should prohibit the cached credential. But from what i can tell the credential will occasionally be entered there as the registry key will not be created ( maybe a diff problem all together not sure ). 

    I am looking for the detailed workflow here on how this happens and why does it lockout the credential. Why the lockout only happens usually once and how is the cache credential cleaned up in some sense of the word as the lockouts are not constant but rather "random" so it seems. 

    Thursday, January 31, 2019 7:36 PM
  • Hello, we have been wrestling with the problem for about a month ever since I enabled AD sync to O365 AD.  In our case, Skype for Business (S4B) is what is causing the lockouts.  We have discovered that if you create a Windows Generic Credential manually, it will stop the lockouts.  I suggest you do clear the credential cache as described by the Microsoft person.  Then you can create a Generic Credential with the following name:

    Microsoft_OC1:uri=username@domain.tld:specific:EWS:1

    This has worked on 100% of Windows clients we've added them to so far.  Getting S4B to auto-create this credential is spotty but seems to work if you start S4B on a connection that has Internet access but not on your corporate network.  While on the corporate network, many clients seem to create the OCS version of the OC1 credential.  We have not found a correlation for how it decides which credential to create.

    Hope this helps somebody!


    Thursday, January 31, 2019 7:37 PM