Last post May 04, 2017 03:01 PM by drdexter33
May 02, 2017 06:17 PM|drdexter33|LINK
Recently some CIS Windows hardening policies were applied to one of our Windows 2012R2 Datacenter servers.
When smoke testing the web applications on these servers, we discovered that the authentication no longer worked and we are now receiving 403 errors when accessing the web applications:
In the Windows Event Viewer the following information event is logged:
Event code: 4005
Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired.
Event time: 5/2/2017 9:02:30 AM
Event time (UTC): 5/2/2017 2:02:30 PM
Event ID: 5dd78f5603644e26b620998f702d0923
Event sequence: 22
Event occurrence: 10
Event detail code: 50202
I saw some similar errors where this problem was resolved by regenerating a Machine Key, however that did not work.
Any idea of next steps in finding the root cause of this issue?
May 03, 2017 10:32 AM|Cathy Zou|LINK
According to your description, I think the reason of the error you encounter is that your forms authentication ticket has expired.
Please check you timeout period for your ticket and if you have set to sliding or absolute expiration.
Because the default for the timeout is 30 minutes with sliding expiration so if a user gets authenticated and at some point doesn't hit your site for 20 minutes their ticket would be expired. If it is set to absolute expiration it will expire X number of
minutes after it was issued where X is your timeout setting.
You could set the timeout and expiration policy(sliding or absolute) in your web.config under /configuration/system.web/authentication/forms.
<authentication mode="None" >
<forms timeout="30" slidingExpiration="true"></forms>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
Hope above could be helpful to you.
May 04, 2017 03:01 PM|drdexter33|LINK
Needed to set Machine Key settings to the following:
Also generated same validation and encryption keys across all applications.