FIM CM was unable to decrypt necessary data.

I get this error when trying to issue a certificate and smart card for the users.

FIM CM was unable to decrypt necessary data.

And getting these errors in the logs

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 10/24/2012 8:13:03 PM
Event time (UTC): 10/24/2012 4:13:03 PM
Event ID: a2631ed93a2249f6945ec23313077092
Event sequence: 20
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/1/ROOT/CertificateManagement-1-129955686128295829
    Trust level: Full
    Application Virtual Path: /CertificateManagement
    Application Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Certificate Management\web\
    Machine name: FIM
 
Process information:
    Process ID: 2580
    Process name: w3wp.exe
    Account name: Domain\clmWebPool
 
Exception information:
    Exception type: CryptographicException
    Exception message: FIM CM was unable to decrypt necessary data.
 
Request information:
    Request URL: http://fim/CertificateManagement/content/common/requests/DisplayRequestStatus.aspx?ID=4f7f1727c361462197a918be0545b3e1
    Request path: /CertificateManagement/content/common/requests/DisplayRequestStatus.aspx
    User host address: 192.168.1.25    User: Domain\user    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: Domain\clmWebPool
 
Thread information:
    Thread ID: 8
    Thread account name: Domain\clmWebPool
    Is impersonating: False
    Stack trace:    at Microsoft.Clm.BusinessLayer.DataEncryption.DecryptUsingAES(String encryptedDataBlob)
   at Microsoft.Clm.BusinessLayer.DataEncryption.Decrypt(String encrypted)
   at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.ReadXml(String xml)
   at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.GetSecrets(Request request)
   at Microsoft.Clm.BusinessLayer.SecretsUtility.GetNumberOfSecrets(UserProfile profileTemplate, Request clmRequest)
   at Microsoft.Clm.BusinessLayer.CheckClmOperations.CanCurrentUserDistributeSecretsOnClmRequest(UserProfile profileTemplate, Request clmRequest)
   at Microsoft.Clm.Web.Modules.OneTimePasswordUserControl.Page_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
 
 
Custom event details: