[My ramblings. I was soooo pissed off at Apple for these obscure problems, and the total lack of error messages]
For a while I had problems related to password prompts, for example MS RDP which would no longer store any passwords. I blamed MS RDP at first, but it seems that was just a tip of the iceberg. It became worse after changing the password for my iCloud account. I needed to use various passwords on the lock, login and other prompts.
No remedy worked, like disabling and enabling all of iCloud or only keychain related settings on all the devices in the account. Nor would changing the password help.
In the end I concluded the problem must be in the keychain and I reset my keychain. Scary, right? Because all the passwords are in there. Apple Keychain Access however makes a backup. You can find it in:
ls -lotra ~/Library/Keychains/login*.keychain-db
This is useful to know because you can safely reset your keychain and then re-add the old keychain file again, by using
Or… [drum roll] recover the file from a time machine backup without replacing the current version!
Probably it would have been possible to reset the password on the keychain somehow (although I think that option was greyed out), but this gave me a workable solution. Once it is available in Keychain Access, you can drag all or some passwords across to the login keychain. Or use the file as is, because any keychain request searches through all the available keychains.
My MS RDP passwords work again, and it looks like the passwords are being saved there again as well.