Sharepoint 2007: Error during encryption or decryption (system error code 997)

I created a MOSS 2007 farm for a project the other day and today the developers come back and say there are all sorts of errors on the server.  Yay.  I tried a few things then decided to pull the WFE’s out of the farm and re-join them.  Then I got this error;

Failed to connect to the configuration database.

An exception of type System.ArgumentException was thrown.  Additional exception information: Error during encryption or decryption. System error code 997.

That’s weird, the farm account has the appropriate permissions to the database server – what’s going on.  A little Google came up with this from Microsoft (http://support.microsoft.com/kb/927156);

This issue occurs if the Network Service account is used as the farm account. In this situation, when you remove Windows SharePoint Services 3.0 from a stand-alone farm, or when you remove SharePoint Server 2007 from a Windows SharePoint Services 3.0 farm environment, the following registry subkey that is used to encrypt passwords that are contained in the Windows SharePoint Services 3.0 configuration database (configdb) is deleted:

HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\Secure\ FarmAdmin\

Therefore, when you try to join a Web application that exists in the configuration database that does not use the Network Service account, the Web application account credentials cannot be decrypted. This occurs because the required registry subkey is deleted.

The fix?

To work around this issue, run Psconfig.exe at the command line to create a new Windows SharePoint Services 3.0 configuration database. To do this, follow these steps:

  1. Click Start, click Run, type cmd in the Open box, and then click OK.
  2. At the command line, change to the following directory:
    \Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
  3. At the command prompt, type the following command to create a new configuration database:
    psconfig -cmd configdb -create -server ServerName -database ConfigDBName -user Domain\User -password Password
  4. Rerun the SharePoint Products and Technologies Wizard.

These instructions fix the issue but since there hadn’t been much work done in the environment already, I just created a new farm.  Fresh 🙂