"(Error code 23) at BCryptDecrypt" when I click on any domain in Plesk control panel


2016-11-16 13:15:36 UTC


2017-08-16 16:32:39 UTC


Was this article helpful?

Have more questions?

Submit a request

"(Error code 23) at BCryptDecrypt" when I click on any domain in Plesk control panel

Applicable to:

  • Plesk 11.x for Windows
  • Plesk 11.x for Linux
  • Plesk 12.0 for Windows
  • Plesk 12.0 for Linux


When a user clicks on a website and domains, they get the following error:

Internal error: Data error (cyclic redundancy check). (Error code 23) at BCryptDecrypt()
MessageData error (cyclic redundancy check). (Error code 23) at BCryptDecrypt()
FileString.php Line 366
Type Exception


Since Plesk 11.0, Plesk encrypts passwords stored in the Plesk configuration database with a server-specific, randomly generated key. This key is stored in the Windows Registry in " HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PLESK\PSA Config\Config\sym_key ".

If the key is missing or modified, Plesk will not be able to decrypt stored passwords.

Since Plesk 11.5 MU#21, it is possible to restore the lost key from a daily backup located in %plesk_dir%\MySQL\Backup\ .

The backup files of old registry keys are not removed but zipped on a weekly basis into sql-XXXXXXXX.zip files. If necessary the keys can be extracted from the zip archives.

If you have no backup, then the only way to fix this problem is to reset all encrypted passwords in the following tables:

  • "psa.accounts" - passwords for mail accounts, clients, resellers, and mailboxes
  • "psa.misc" - passwords for access to apsc database
  • "psa.databaseservers" - passwords for accessing database servers
  • "psa.smb\_users" - passwords for control panel users

As there is no way to revert or decrypt passwords, and now all subscriptions will be not manageable in Plesk, the only solution is to reset all passwords using the following steps:

  1. Create a backup of the Plesk database:

    "%plesk_dir%\mysql\bin\mysqldump" -uadmin -p***** -P8306 psa >C:\psa1.dump
  2. Log into the Plesk database:

    "%plesk_dir%\mysql\bin\mysql" -uadmin -p***** -P8306 psa
  3. Execute the following SQL UPDATEs to disable password encryption:

    UPDATE psa.misc SET val = 'false' WHERE param = 'secure_passwords';
    UPDATE psa.accounts SET type = 'plain', password = 'temp_password' WHERE type = 'sym';

    Please note that temp_password should meet the password policy requirements.

  4. Update the passwords for the database servers in the " psa.DatabaseServers " table with the real passwords:

    UPDATE psa.DatabaseServers SET admin_password = '*********' WHERE id = N;

    Where N is id of the database server. Run this for every database server.If you do not remember the password for a particular database server, reset it:

    • To reset the MySQL database password, use the instructions from article #213947045 .
    • To reset the MSSQL database password, use MSSQL Studio Express.
  5. Update the password for the APS Controller database user:

    UPDATE psa.misc SET val='**********' WHERE param = 'aps_password';
    UPDATE mysql.user SET password = PASSWORD('**********') WHERE user = 'apsc';

After following these steps, reset all passwords for Plesk accounts (clients, resellers, domains, and mail accounts) using the tool from article #213958025 .

After the passwords have been changed, it is recommended you re-enable password encryption at Tools & Settings > Security Policy .


The key " HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PLESK\PSA Config\Config\sym_key " is either lost or has been modified.

Have more questions? Submit a request
Please sign in to leave a comment.