We have a SharePoint Extranet environment in the DMZ.   It has worked for months now.  All of a sudden it is not working when trying to add people from the local domain.  

I am thinking my apppassword key is corrupt. Is there any way to reset/clear this?

How can I resolve.    I am trying to add users from the other domain but can't even add them from the local domain.  I verified my rights are correct in AD.

We are running SharePoint 2013 with Feb 2015 CU.

Web app is using Claims/NTLM.     Every time I try to add a user to the central admin site I get these errors.

Changing Site collection admin -
Sorry, something went wrong

Error during decryption. System error code 0.

Event viewer error-
Log Name:      Application
Source:        Microsoft-SharePoint Products-SharePoint Foundation
Date:          3/17/2015 1:29:32 PM
Event ID:      8307
Task Category: Claims Authentication
Level:         Error
Keywords:     
User:          domain\spdevfarm
Computer:      Domain.COM
Description:
An exception occurred in AD claim provider when calling SPClaimProvider.FillResolve(): Error during decryption. System error code 0..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-SharePoint Products-SharePoint Foundation" Guid="{6FB7E0CD-52E7-47DD-997A-241563931FC2}" />
    <EventID>8307</EventID>
    <Version>15</Version>
    <Level>2</Level>
    <Task>47</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2015-03-17T17:29:32.580126100Z" />
    <EventRecordID>4593056</EventRecordID>
    <Correlation ActivityID="{55AFF39C-49E8-70C6-9137-10CA48DAA1C0}" />
    <Execution ProcessID="12776" ThreadID="15400" />
    <Channel>Application</Channel>
    <Computer>Domain.COM</Computer>
    <Security UserID="S-1-5-21-892764308-2630853807-1023936091-1356" />
  </System>
  <EventData>
    <Data Name="string0">AD</Data>
    <Data Name="string1">SPClaimProvider.FillResolve()</Data>
    <Data Name="string2">Error during decryption. System error code 0.</Data>
  </EventData>
</Event>

ULS -
03/16/2015 12:24:41.33  w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Claims Authentication          8307 Critical An exception occurred in AD claim provider when calling SPClaimProvider.FillResolve(): Error during decryption. System error code 0.. 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:41.33  w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Web Controls                   ad5w Medium   Claims Resolve call failed. Error Message: Error during decryption. System error code 0.  Callstack:    at Microsoft.SharePoint.Administration.SPCredentialManager.DecryptWithApplicationCredentialKey(Byte[] rgbEncryptedPassphrase)     at Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain.get_Password()     at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain..ctor(SPPeoplePickerSearchActiveDirectoryDomain peoplePickerDomain)     at Microsoft.SharePoint.Utilities.SPUserUtility.GetWindowsPrincipalResolvers(SPWebApplication webApp, Boolean includeUpnInOperations, String userAccountDirectoryPathRestriction, SPPrincipalResolver bySidResolver)     at Microsoft.SharePoint.Utilities.SPUserUtility.CreatePrincipalResolvers(SPWebApplication webApp, ICollection`1 urlZone... 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:41.33* w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Web Controls                   ad5w Medium   ...s, Nullable`1 currentZone, SPPrincipalResolver bySidResolver, String userAccountDirectoryPathRestriction, Boolean alwaysAddWindowsResolver, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Utilities.SPUtility.ResolveWindowsPrincipal(SPWeb web, SPWebApplication webApp, String input, SPPrincipalType scopes, Boolean inputIsEmailOnly, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.ResolvePrincipalInfo(Uri context, SPPrincipalType principalType, Boolean inputIsEmailOnly, Boolean disableEmailResolve, Boolean resolveIncludesUpnProperty, String resolveInput, Boolean& resolved)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, Boolean inputIsEmai... 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:41.33* w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Web Controls                   ad5w Medium   ...lOnly, String resolveInput, List`1 resolved)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, String resolveInput, List`1 resolved)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.Resolve(Uri context, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderOperations.Resolve(Uri context, SPClaimProviderOperationOptions mode, String[] providerNames, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.WebControls.PeopleEditor.ResolveClaimsEntities(PickerEntity entity). 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:41.33  w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Micro Trace                    uls4 Medium   Micro Trace Tags: 0 nasq,2 agb9s,6 b4ly,8 e5mc,14 aipzv,13 f8bn,13 b181,0 ad5w 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:41.33  w3wp.exe (0x2CE4)                        0x4208 SharePoint Foundation          Monitoring                     b4ly Medium   Leaving Monitored Scope (Request (POST:http://bosrextdevsp:20468/_admin/policyuser.aspx?WebApplicationId=c2795bab3690433bb1c97c6725c7c51e&zone=All&IsDlg=1)). Execution Time=69.1320763089169 3a59f39c-c923-70c6-9137-1a84fdf33bf1
03/16/2015 12:24:43.38  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Monitoring                     nasq Medium   Entering monitored scope (Request (POST:http://bosrextdevsp:20468/_admin/policyuser.aspx?WebApplicationId=c2795bab3690433bb1c97c6725c7c51e&zone=All&IsDlg=1)). Parent No 
03/16/2015 12:24:43.38  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Logging Correlation Data       xmnv Medium   Name=Request (POST:http://bosrextdevsp:20468/_admin/policyuser.aspx?WebApplicationId=c2795bab3690433bb1c97c6725c7c51e&zone=All&IsDlg=1) 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.38  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Authentication Authorization   agb9s Medium   Non-OAuth request. IsAuthenticated=True, UserIdentityName=, ClaimsCount=0 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.38  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Logging Correlation Data       xmnv Medium   Site=/ 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.38  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Monitoring                     b4ly High     Leaving Monitored Scope (PostAuthenticateRequestHandler). Execution Time=5.22828633464872 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     Decryption failed with error: 0 at    at Microsoft.SharePoint.Administration.SPCredentialManager.DecryptWithApplicationCredentialKey(Byte[] rgbEncryptedPassphrase)     at Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain.get_Password()     at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain..ctor(SPPeoplePickerSearchActiveDirectoryDomain peoplePickerDomain)     at Microsoft.SharePoint.Utilities.SPUserUtility.GetWindowsPrincipalResolvers(SPWebApplication webApp, Boolean includeUpnInOperations, String userAccountDirectoryPathRestriction, SPPrincipalResolver bySidResolver)     at Microsoft.SharePoint.Utilities.SPUserUtility.CreatePrincipalResolvers(SPWebApplication webApp, ICollection`1 urlZones, Nullable`1 currentZone, SPPrincipalResolver bySidResolver, Stri... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     ...ng userAccountDirectoryPathRestriction, Boolean alwaysAddWindowsResolver, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Utilities.SPUtility.ResolveWindowsPrincipal(SPWeb web, SPWebApplication webApp, String input, SPPrincipalType scopes, Boolean inputIsEmailOnly, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.ResolvePrincipalInfo(Uri context, SPPrincipalType principalType, Boolean inputIsEmailOnly, Boolean disableEmailResolve, Boolean resolveIncludesUpnProperty, String resolveInput, Boolean& resolved)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, Boolean inputIsEmailOnly, String resolveInput, List`1 resolved)     at Microsoft.Shar... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     ...ePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, String resolveInput, List`1 resolved)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.Resolve(Uri context, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderOperations.Resolve(Uri context, SPClaimProviderOperationOptions mode, String[] providerNames, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.WebControls.PeopleEditor.ResolveClaimsEntities(PickerEntity entity)     at Microsoft.SharePoint.WebControls.PeopleEditor.ValidateEntity(PickerEntity entity)     at Microsoft.SharePoint.WebControls.EntityEditor.Validate()     at Microsoft.SharePoint.WebControls.EntityEditorWithPicker.Validate() ... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     ...    at Microsoft.SharePoint.WebControls.EntityEditor.LoadPostData(String postDataKey, NameValueCollection values)     at System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad)     at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)     at System.Web.UI.Page.ProcessRequest()     at System.Web.UI.Page.ProcessRequest(HttpContext context)     at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)     at System.Web.HttpApplication.Pip... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     ...elineStepManager.ResumeSteps(Exception error)     at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)     at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)     at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, Request... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.39* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Topology                       b181 High     ...NotificationStatus& notificationStatus)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)     at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)   3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.41  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Claims Authentication          8307 Critical An exception occurred in AD claim provider when calling SPClaimProvider.FillResolve(): Error during decryption. System error code 0.. 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.41  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Web Controls                   ad5w Medium   Claims Resolve call failed. Error Message: Error during decryption. System error code 0.  Callstack:    at Microsoft.SharePoint.Administration.SPCredentialManager.DecryptWithApplicationCredentialKey(Byte[] rgbEncryptedPassphrase)     at Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain.get_Password()     at Microsoft.SharePoint.Utilities.SPActiveDirectoryDomain..ctor(SPPeoplePickerSearchActiveDirectoryDomain peoplePickerDomain)     at Microsoft.SharePoint.Utilities.SPUserUtility.GetWindowsPrincipalResolvers(SPWebApplication webApp, Boolean includeUpnInOperations, String userAccountDirectoryPathRestriction, SPPrincipalResolver bySidResolver)     at Microsoft.SharePoint.Utilities.SPUserUtility.CreatePrincipalResolvers(SPWebApplication webApp, ICollection`1 urlZone... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.41* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Web Controls                   ad5w Medium   ...s, Nullable`1 currentZone, SPPrincipalResolver bySidResolver, String userAccountDirectoryPathRestriction, Boolean alwaysAddWindowsResolver, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Utilities.SPUtility.ResolveWindowsPrincipal(SPWeb web, SPWebApplication webApp, String input, SPPrincipalType scopes, Boolean inputIsEmailOnly, Boolean includeUpnInOperations)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.ResolvePrincipalInfo(Uri context, SPPrincipalType principalType, Boolean inputIsEmailOnly, Boolean disableEmailResolve, Boolean resolveIncludesUpnProperty, String resolveInput, Boolean& resolved)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, Boolean inputIsEmai... 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.41* w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Web Controls                   ad5w Medium   ...lOnly, String resolveInput, List`1 resolved)     at Microsoft.SharePoint.Administration.Claims.SPActiveDirectoryClaimProvider.FillResolve(Uri context, String[] entityTypes, String resolveInput, List`1 resolved)     at Microsoft.SharePoint.Administration.Claims.SPClaimProvider.Resolve(Uri context, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderOperations.Resolve(Uri context, SPClaimProviderOperationOptions mode, String[] providerNames, String[] entityTypes, String resolveInput)     at Microsoft.SharePoint.WebControls.PeopleEditor.ResolveClaimsEntities(PickerEntity entity). 3a59f39c-69a7-70c6-9137-11e2fb564050
03/16/2015 12:24:43.44  w3wp.exe (0x2CE4)                        0x407C SharePoint Foundation          Monitoring                     nasq Medium   Entering monitored scope (Render Ribbon.). Parent SharePointForm Control Render 3a59f39c-69a7-70c6-9137-11e2fb

Sounds like someone either made an adjustment in the firewall rules, blocking the required ports to query the directory, or more likely, based on the error, changed Group Policy settings on the Domain Controller(s) to be more restrictive than they were.

You also may want to evaluate if KB3002657 was installed in the environment (either on SharePoint or the Domain Controllers) as it is known to cause issues with NTLM authentication. When there are reports of NTLM style issues, removing the KB has done the trick for others.

I don't have that KB installed and it doesn't appear to be an issue connecting to the Domain controller.  I can access sites/central admin.  Issue seems to be adding any new users.

One thing I did was ran this command again.   Not sure if now my registry file is corrupt.

stsadm -o setapppassword -password "password"

Is there a way to clear or reset this.   Running it again says completed successfully but I keep getting the same error regarding

"Claims Resolve call failed. Error Message: Error during decryption. System error code 0.  Callstack: at Microsoft.SharePoint.Administration.SPCredentialManager.DecryptWithApplicationCredentialKey(Byte[] rgbEncryptedPassphrase)  "

Not sure if its related but seems to be something with the key.

It seems the password got updated. I got similar issue while resolving names during site collection creation in web application. And executing this command worked

stsadm -o setproperty -url http://servername -pn
"peoplepicker-searchadforests" -pv
"domain:<domainame1>,username,password;domain:<domainame2>,username,password"