SharePoint 2016 - Troubleshooting - Error during decryption - Ensure the passphrase is correct

  • Article

Issue

Tried to join a server to the existing farm but it throws the error: “Error during decryption. Ensure the passphrase is correct”. It is a brand new server with SharePoint 2016 + July CU 2016 and Custom role.

Error

Here is the error in the PSConfig log:

08/04/2016 16:23:42  1  ERR            Failed to connect to the configuration database.
 
An exception of type System.ArgumentException was thrown.  Additional exception information: Error during decryption. Ensure the passphrase is correct.
 
System.ArgumentException: Error during decryption. Ensure the passphrase is correct.
 
   at Microsoft.SharePoint.Administration.SPCredentialManager.set_MasterKey(Byte[] value)
 
   at Microsoft.SharePoint.Administration.SPCredentialManager.CreateMasterKey(Boolean generateKeyIfNeeded, SecureString sstrPassphrase, Boolean localOnly)
 
   at Microsoft.SharePoint.Administration.SPFarm.Join(Boolean skipRegisterAsDistributedCacheHost, Nullable`1 serverRole)
 
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
 
   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
 
   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

Troubleshooting

Changed the PassPhrase and tried with a new one but no luck. Rebooted the server multiple times, even rebooted the entire farm but no luck. Ran the PSConfig wizard on existing servers to fix the issue but no luck. Examined the ULS logs but no luck as same error printed there as well.

Even unjoined an existing server from a farm and then tried to rejoin it but get the same error. Did this for the testing purposes.

Resolution

There are a couple of things to have in place, as the error is saying “SharePoint unable to Decrypt the passphrase”.

  1. Make sure farm admin account has DBO rights on the Configuration Database,
  2. Make sure you login with farm admin. If any other account ( i.e. install account) then that account should also have DBO on Config Database.
  3. Clear the Configuration Cache on the SharePoint Servers (all servers in the farm).
    1. If you want to do manually follow this: Clearing the Configuration Cache for SharePoint
    2. Or you can use the script from here: Clear Configuration Cache

Once you are done with above then run the Config Wizard again, Prefer to run as PSConfig first.

psconfig.exe -cmd configdb -connect -server "KFSQL.krossfarm.com" -database KF-Configdb -passphrase "SP@016farm" -localserverrole​ "Custom"

Once this completes successfully, then run the SharePoint Product and Technology Configuration wizard via GUI.