Error occurred during a cryptographic operation
This one happened on our load-balanced servers and was a direct side-effect of using load-balancing with Identity Server v2.
If, for some reason, you need to make major changes (like picking a different crypto key), you need to recycle the app. Identity Server will load the crypto settings into memory and generate some keys during start-up. However, if you use the Identity Server admin interface to recycle, it only seems to recycle the current server (the one that you are load-balanced to). The other server will still be using the old settings. So, if you mess around with the keys (change permission, rename or remove them, etc.) you will get this error on the server.
Solution: To resolve it, you need to terminal into the server (or use MMC, remote attach), and recycle the app pool that is hosting your Identity Server (web app).
Another approach is to avoid this error, by logging into the Identity Server admin screens for both/all servers (by their actual IP/machine names instead of the load-balanced address), then change your settings and immediately recycle both app pools before the servers can generate this error.