Summary
The security update that security bulletin MS11-100 addresses changes the format of forms authentication tickets in a way that is incompatible with the older version of forms authentication tickets. If you have a web farm where some servers are updated and other servers are not updated, some servers will generate a forms authentication ticket that is incompatible on other servers.
Symptoms
ASP.NET forms authentication requests that are sent to a server in a web farm may fail even though its credentials are valid. The Application log on the server has an Information entry with a Source that is a specific version of ASP.NET and an Event ID of 1315. The log contains a message that resembles the following:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Resolution
To address this issue, please make sure that all computers in the web farm are updated. For more information about deployment guidance for MS11-100, click the following article number to view the article in the Microsoft Knowledge Base:
2659968 Deployment guidance for security update 2638420, as described in MS11-100 For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2638420 MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011 For more information, visit the following Microsoft TechNet webpage to view the security bulletin MS11-100: