Is there anyway to tell why the ticket is invalid?
This is a forms authentication ticket shared across servers. Latest OS, Service Pack, and IIS
The machine keys and encryption methods specified are the same.
The servers have the same time and timezone.
The FIPS registry setting is the same (0).
The server OS and patches are the same.
This ticket works on 6 other servers but not this one.
PLEASE PLEASE don't send me any links to look at or respond to this post, unless the links or your comments address things that haven't been already stated!!!!!!!!!!!!!! I really don't want to hear about making sure the machine keys are the same, or .net
framework patch issues, or UTC time issues.
Thanks, Chuck
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 1/24/2012 8:39:31 AM
Event time (UTC): 1/24/2012 3:39:31 PM
Event ID: 1a6378f484d041c3af8df2a7213a83e2
Event sequence: 21773
Event occurrence: 21438
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/2/ROOT-1-129718896095945706
Trust level: Full
Application Virtual Path: /
Application Path: D:\inetpub\Apath$
Machine name: My Server
Process information:
Process ID: 4348
Process name: w3wp.exe
Account name: MyServer\LocalAccountl
I don't see how this identifes the reason I'm getting the error. Authentictation ticket failures are automatically logged in the Windows event log. Unfortunately they do not give the reason for the error (e.g. decryption error or AES not allowed due to
FIPS setting) I'm glad they are logged.
Users cannot get into the site because of the invalid ticket. I need to find the reason of the ticket failure so I can fix the problem. I don't think stopping logging will fix the problem.
I'm having the same problem. Have you figured this out? I have a 2 server NLB webfarm and both system have all the current patches on them, same machine keys, etc. I'm getting the exact same event message.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 4/5/2012 12:25:18 PM
Event time (UTC): 4/5/2012 4:25:18 PM
Event ID: 4a501210f77a47a28e1fca56e563c056
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
The possible failures are not documented by MS. However, probably expired or encryption failed.
I wrote some debug pages for the website that would take the guts of a cookie and then create the ticket. This way I could see if failed or was timed out. I could also look at cookies on all the sites and grab their tickets, try them on other servers.
I would check the server clocks and the hot fixes again. Mine ended up being an unpatched server.
Marked as answer by rtyhhn54 on Apr 05, 2012 05:09 PM
Man, I wish that doing the same thing over and over would fix the issue, but no, it doesn't (I think doing that and expecting a different result is called "insanity"). I also added this weeks patches and it doesn't fix the problem.
But I am curious about something you said. You said "I wrote some debug pages for the website that would take the guts..."
How did you get to the cookie before the microsoft authentication code deleted it? The symptom I get is that an event log entry is logged and as soon as my code sees the request, the cookie has been DELETED from the request by the microsoft code.
You said your problem ended up being an "unpatched server". How did you figure that out? I've run windows update on both systems and then I compared the list of hotfixes installed and they were identical.
Did you use some other methodology? I'm very curious because your issue ended up being caused by the same thing EVERY other person has concluded who had this problem, so I'm thinking that it would be unusual for me to have the exact same symptom as everybody
else but it be caused by a different problem...
On every website I have a debug page. It has two relative functions:
A button you can press to show your forms authentication cookie info.
A textbox and button you can press to examaine an authentication ticket (i.e. the value of the Authentication cookie).
So go to a website that works read the cookie/ticket, Paste the ticket string into the diagnostic textbox on a website where the cookie doesn't work. It will tell you some things about whether it can be decrypted, is expired, etc.
If all is good, then must be a cookie domain issue or something. Look at the other diagnostic of show all cookies to see if the cookie is even available to be read at the website.
Thanks. I added these to my web sites it proves: YES server1 is unable to decrypt server2's authentication tokens and
vice versa.
So in my opinion, there must be some configuration problem that isn't obvious in the IIS Manager UI so I'm going to try to go regenerate Machine Keys and start from stratch.
The part of your code that I hadn't thought of that was very helpful was dumping out the authentication token cookie and being able to paste it across to the other server to see if it could be decode.
Thanks again. I'll update this when I figure out issue.
thanks rtyhhn54 for sticking with it to help me--I owe you a beer so if you're ever in Atlanta, look me up. Putting your sample code out there threw me over the edge to realize that there was SOMETHING wigged out in my configuration.
I went back and pasted my decryption keys for my two systems into to different text files and used winmerge to compare them and they were identical. So the only thing that was left was there was something about those keys that just didn't work well with
the current version of hot fixes loaded on the system so I went back and regenerated keys and that fixed it.
On an interesting note, the old and new validation keys were both 128 bytes but the old Decryption Key was 48 bytes and the new one is 64 bytes.
rtyhhn54
Member
25 Points
64 Posts
forms authentication failed for the request. reason: the ticket supplied was invalid
Jan 24, 2012 02:57 PM|LINK
Is there anyway to tell why the ticket is invalid?
This is a forms authentication ticket shared across servers. Latest OS, Service Pack, and IIS
The machine keys and encryption methods specified are the same.
The servers have the same time and timezone.
The FIPS registry setting is the same (0).
The server OS and patches are the same.
This ticket works on 6 other servers but not this one.
PLEASE PLEASE don't send me any links to look at or respond to this post, unless the links or your comments address things that haven't been already stated!!!!!!!!!!!!!! I really don't want to hear about making sure the machine keys are the same, or .net framework patch issues, or UTC time issues.
Thanks, Chuck
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 1/24/2012 8:39:31 AM
Event time (UTC): 1/24/2012 3:39:31 PM
Event ID: 1a6378f484d041c3af8df2a7213a83e2
Event sequence: 21773
Event occurrence: 21438
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/2/ROOT-1-129718896095945706
Trust level: Full
Application Virtual Path: /
Application Path: D:\inetpub\Apath$
Machine name: My Server
Process information:
Process ID: 4348
Process name: w3wp.exe
Account name: MyServer\LocalAccountl
Request information:
Request URL: http://xxx
Request path: /admin
User host address: 123.12.123.11
User:
Is authenticated: False
Authentication Type:
Thread account name: MyServer\LocalAccount
Name to authenticate:
Custom event details:
abiruban
All-Star
16002 Points
2731 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Jan 24, 2012 05:45 PM|LINK
Hi
Here's the solution:
Note that this will prevent the logging off all
events, which covers the event range 4005-4011. There is probably a way to just remove 4005, but this solution is good enough for me.These are the links that helped me:
***DON'T FORGET TO CLICK “MARK AS ANSWER” ON THE POST IF HELPED YOU.
rtyhhn54
Member
25 Points
64 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Jan 25, 2012 02:12 AM|LINK
I don't see how this identifes the reason I'm getting the error. Authentictation ticket failures are automatically logged in the Windows event log. Unfortunately they do not give the reason for the error (e.g. decryption error or AES not allowed due to FIPS setting) I'm glad they are logged.
Users cannot get into the site because of the invalid ticket. I need to find the reason of the ticket failure so I can fix the problem. I don't think stopping logging will fix the problem.
AtlantaSam
Member
24 Points
17 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 05, 2012 04:40 PM|LINK
I'm having the same problem. Have you figured this out? I have a 2 server NLB webfarm and both system have all the current patches on them, same machine keys, etc. I'm getting the exact same event message.
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid.
Event time: 4/5/2012 12:25:18 PM
Event time (UTC): 4/5/2012 4:25:18 PM
Event ID: 4a501210f77a47a28e1fca56e563c056
Event sequence: 2
Event occurrence: 1
Event detail code: 50201
Application information:
Application domain: /LM/W3SVC/2000/ROOT-1-129781166801321271
Trust level: Full
Application Virtual Path: /
Application Path: C:\inetpub\wwwroot\testportal.mydomain.com\
Machine name: WEB01
Process information:
Process ID: 940
Process name: w3wp.exe
Account name: IIS APPPOOL\testportal.mydomain.com
Request information:
Request URL: http://testportal.mydomain.com/xyz.aspx
Request path: /xyz.aspx
User host address: ****************
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\testportal.mydomain.com
Name to authenticate:
Custom event details:
rtyhhn54
Member
25 Points
64 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 05, 2012 05:08 PM|LINK
The possible failures are not documented by MS. However, probably expired or encryption failed.
I wrote some debug pages for the website that would take the guts of a cookie and then create the ticket. This way I could see if failed or was timed out. I could also look at cookies on all the sites and grab their tickets, try them on other servers.
I would check the server clocks and the hot fixes again. Mine ended up being an unpatched server.
AtlantaSam
Member
24 Points
17 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 11, 2012 02:49 PM|LINK
Man, I wish that doing the same thing over and over would fix the issue, but no, it doesn't (I think doing that and expecting a different result is called "insanity"). I also added this weeks patches and it doesn't fix the problem.
But I am curious about something you said. You said "I wrote some debug pages for the website that would take the guts..."
How did you get to the cookie before the microsoft authentication code deleted it? The symptom I get is that an event log entry is logged and as soon as my code sees the request, the cookie has been DELETED from the request by the microsoft code.
AtlantaSam
Member
24 Points
17 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 11, 2012 02:54 PM|LINK
You said your problem ended up being an "unpatched server". How did you figure that out? I've run windows update on both systems and then I compared the list of hotfixes installed and they were identical.
Did you use some other methodology? I'm very curious because your issue ended up being caused by the same thing EVERY other person has concluded who had this problem, so I'm thinking that it would be unusual for me to have the exact same symptom as everybody else but it be caused by a different problem...
rtyhhn54
Member
25 Points
64 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 11, 2012 09:53 PM|LINK
On every website I have a debug page. It has two relative functions:
A button you can press to show your forms authentication cookie info.
A textbox and button you can press to examaine an authentication ticket (i.e. the value of the Authentication cookie).
So go to a website that works read the cookie/ticket, Paste the ticket string into the diagnostic textbox on a website where the cookie doesn't work. It will tell you some things about whether it can be decrypted, is expired, etc.
If all is good, then must be a cookie domain issue or something. Look at the other diagnostic of show all cookies to see if the cookie is even available to be read at the website.
AtlantaSam
Member
24 Points
17 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 12, 2012 08:13 PM|LINK
Thanks. I added these to my web sites it proves: YES server1 is unable to decrypt server2's authentication tokens and vice versa.
So in my opinion, there must be some configuration problem that isn't obvious in the IIS Manager UI so I'm going to try to go regenerate Machine Keys and start from stratch.
The part of your code that I hadn't thought of that was very helpful was dumping out the authentication token cookie and being able to paste it across to the other server to see if it could be decode.
Thanks again. I'll update this when I figure out issue.
AtlantaSam
Member
24 Points
17 Posts
Re: forms authentication failed for the request. reason: the ticket supplied was invalid
Apr 12, 2012 08:37 PM|LINK
IT IS FIXED!!!
thanks rtyhhn54 for sticking with it to help me--I owe you a beer so if you're ever in Atlanta, look me up. Putting your sample code out there threw me over the edge to realize that there was SOMETHING wigged out in my configuration.
I went back and pasted my decryption keys for my two systems into to different text files and used winmerge to compare them and they were identical. So the only thing that was left was there was something about those keys that just didn't work well with the current version of hot fixes loaded on the system so I went back and regenerated keys and that fixed it.
On an interesting note, the old and new validation keys were both 128 bytes but the old Decryption Key was 48 bytes and the new one is 64 bytes.