- Failure to decrypt data
- Exceptions in the WebResource or ScriptResource handlers
- Authentication failures when using Forms Authentication
- "Invalid Viewstate" exceptions
- "Unable to validate data" exceptions when trying to decrypt data such as Forms Authentication cookie
Also, the encryption and decryption methods are different for different service pack versions of the Microsoft .NET Framework 2.0. Therefore, having different service pack levels for the .NET Framework in a web farm environment that has the security update installed results in different encrypted payloads and a similar decryption failure.
- All servers that serve an ASP.NET website in the web farm have to install the security update. If some servers do not have the security update installed, you must apply the update to these servers.
- All computers that are running some version of the .NET Framework 2.0 in the web farm have to be at the same service pack level if the MS10-070 security update is applied to all the systems. If there is a difference in the service pack levels on the servers, you must update all the servers to the latest service pack and reapply all security updates. Therefore, if some servers in the web farm are running the .NET Framework 2.0 SP1, and other servers are running the .NET Framework 2.0 SP2, all the .NET Framework 2.0 SP1 servers must be upgraded to the .NET Framework 2.0 SP2 before you apply the security update to all the servers in the web farm.
- Make sure that applications are not consuming encrypted data, such as Forms Authentication cookies that were generated before the update was applied. Previously-encrypted data must be refreshed after the security update is applied.
Article ID: 2431728 - Last Review: Oct 28, 2010 - Revision: 1