You are currently offline, waiting for your internet to reconnect

An ASP.NET forms authentication request that is sent to server in a web farm may fail

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Summary
The security update that security bulletin MS11-100 addresses changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets. If you have a web farm where some servers are updated and other servers are not updated, some servers will generate a forms authentication ticket that is incompatible on other servers. 
SYMPTOMS
ASP.NET forms authentication requests that are sent to a server in a web farm may fail even though its credentials are valid. The Application log on the server has an Information entry with a Source that is a specific version of ASP.NET and an Event ID of 1315. The log contains a message that resembles the following: 

Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.


RESOLUTION
To address this issue, please make sure that all computers in the web farm are updated. For more information about deployment guidance for MS11-100, click the following article number to view the article in the Microsoft Knowledge Base:
2659968 Deployment guidance for security update 2638420, as described in MS11-100
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2638420 MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011
For more information, visit the following Microsoft TechNet webpage to view the security bulletin MS11-100:
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 2661404 - Last Review: 12/31/2011 00:38:00 - Revision: 2.0

Microsoft .NET Framework 4, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 2.0 Service Pack 1 (x86), Microsoft .NET Framework 2.0, Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 1.1, Microsoft .NET Framework 1.0 Service Pack 3, Microsoft .NET Framework 1.0, Windows 7 Service Pack 1, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Home Premium, Windows 7 Home Basic, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Service Pack 2, Windows Vista Service Pack 2, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows XP Service Pack 3

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2661404
Feedback
ows-ppe.net/common/oauth2/authorize?response_type=id_token&client_id=fdf9885b-dd37-42bf-82e5-c3129ef5a302&redirect_uri=https%3A%2F%2Fpreview.support.microsoft.com%2Fsilentauth&state=678cffc2-522a-400d-897f-3ced6fd6973a%7Cfdf9885b-dd37-42bf-82e5-c3129ef5a302&client-request-id=8fd70d27-ec99-4c29-a71b-7062d340b58c&x-client-SKU=Js&x-client-Ver=1.0.11&prompt=none&nonce=97d6f6ae-ca2e-47a8-a308-cc9f64b3487e">