Article ID: 2661404 - Last Review: December 31, 2011 - Revision: 2.0

An ASP.NET forms authentication request that is sent to server in a web farm may fail

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

Summary

The security update that security bulletin MS11-100 addresses changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets. If you have a web farm where some servers are updated and other servers are not updated, some servers will generate a forms authentication ticket that is incompatible on other servers. 
Back to the top

SYMPTOMS

ASP.NET forms authentication requests that are sent to a server in a web farm may fail even though its credentials are valid. The Application log on the server has an Information entry with a Source that is a specific version of ASP.NET and an Event ID of 1315. The log contains a message that resembles the following: 

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.


Back to the top

RESOLUTION

To address this issue, please make sure that all computers in the web farm are updated. For more information about deployment guidance for MS11-100, click the following article number to view the article in the Microsoft Knowledge Base:
2659968  (http://support.microsoft.com/kb/2659968/ ) Deployment guidance for security update 2638420, as described in MS11-100
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2638420  (http://support.microsoft.com/kb/2638420/ ) MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011
For more information, visit the following Microsoft TechNet webpage to view the security bulletin MS11-100:
http://technet.microsoft.com/security/bulletin/MS11-100 (http://technet.microsoft.com/security/bulletin/MS11-100)
Back to the top
APPLIES TO
  • Microsoft .NET Framework 4
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft .NET Framework 2.0 Service Pack 1 (x86)
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 1.1 Service Pack 1
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0 Service Pack 3
  • Microsoft .NET Framework 1.0
  • Windows 7 Service Pack 1, when used with:
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1, when used with:
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2, when used with:
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Back to the top
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2661404
Back to the top