OK, I had this error, and fought with it for a long time (years) when interacting with my Ruby on Rails app.
I had default credentials set up as described in the accepted answer, but still got the error, and have been relying on a didReceiveChallenge response to supply the credentials - fortunately that worked as a work around.
But! I've just found the solution!
I was working on a hunch that that the protectedSpace fields did not match the Authorization challenge from the Ruby on Rails server - and I looked into the realm field, which seemed to be the only one that was being left undefined.
I started by printing out the server response headers, and although I was able to examine these, they did not include the WWW-Authorization field that would have included the realm field.
I thought this was maybe because my Rails app wasn't specifying the realm, so I started looking at the Rails side of things.
I found I could specify the realm in the call to,
authenticate_or_request_with_http_basic
...which I am using for HTTP Basic authentication.
I wasn't specifying a realm already, so added one,
authenticate_or_request_with_http_basic("My Rails App")
I then added the corresponding string to the protectionSpace,
NSURLProtectionSpace *protectionSpace =
[[NSURLProtectionSpace alloc] initWithHost:@"myrailsapp.com"
port:443
protocol:NSURLProtectionSpaceHTTPS
realm:@"My Rails App"
authenticationMethod:NSURLAuthenticationMethodHTTPBasic];
Voila! That worked, and I no longer get the,
CredStore - performQuery - Error copying matching creds. Error=-25300
Even after specifying the realm in the Rails app, I still don't see it passed in the HTTP header, I don't know why, but at least it works.