Sharepoint 2007: Error during encryption or decryption (system error code 997)

I created a MOSS 2007 farm for a project the other day and today the developers come back and say there are all sorts of errors on the server.  Yay.  I tried a few things then decided to pull the WFE’s out of the farm and re-join them.  Then I got this error;

Failed to connect to the configuration database.

An exception of type System.ArgumentException was thrown.  Additional exception information: Error during encryption or decryption. System error code 997.

That’s weird, the farm account has the appropriate permissions to the database server – what’s going on.  A little Google came up with this from Microsoft (;

This issue occurs if the Network Service account is used as the farm account. In this situation, when you remove Windows SharePoint Services 3.0 from a stand-alone farm, or when you remove SharePoint Server 2007 from a Windows SharePoint Services 3.0 farm environment, the following registry subkey that is used to encrypt passwords that are contained in the Windows SharePoint Services 3.0 configuration database (configdb) is deleted:

HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Secure\ FarmAdmin\

Therefore, when you try to join a Web application that exists in the configuration database that does not use the Network Service account, the Web application account credentials cannot be decrypted. This occurs because the required registry subkey is deleted.

The fix?

To work around this issue, run Psconfig.exe at the command line to create a new Windows SharePoint Services 3.0 configuration database. To do this, follow these steps:

  1. Click Start, click Run, type cmd in the Open box, and then click OK.
  2. At the command line, change to the following directory:
    \Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
  3. At the command prompt, type the following command to create a new configuration database:
    psconfig -cmd configdb -create -server ServerName -database ConfigDBName -user Domain\User -password Password
  4. Rerun the SharePoint Products and Technologies Wizard.

These instructions fix the issue but since there hadn’t been much work done in the environment already, I just created a new farm.  Fresh 🙂


5 thoughts on “Sharepoint 2007: Error during encryption or decryption (system error code 997)

  1. I tried doing this and got a message saying: “The user parameter specified with the configdb command is invalid. When installed in standalone mode, you cannot specify a farm administrator user account or password. The local account NetworkService becomes the farm administrator by default when installed in standalone mode.”

    I am trying to reinstall a standalone (I made the mistake of uninstalling/reinstalling) but can’t seem to figure this one out.

    Any suggestions?

  2. What steps have you taken since you were having the issues last month?

    At which point of my steps are you getting that error message? After the psconfig command, or after you re-run the wizard? Are you getting any other errors in event viewer?

  3. I get the same error with the Standalone configuration. it doesnt let you specify a user/pwd or dbuser/dbpassword option in the command line. I dont know how to fix this one since the options are so limited. Kinda stuck with this one for so long.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s