469,268 Members | 973 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,268 developers. It's quick & easy.

ViewState error with Session Affinity and Web Farm on ISA Server

Hi Experts,

With Session Affinity and Web Server Farm on ISA Server 2006 accessing 2
backend IIS servers, I’m getting error “Validation of ViewState MAC failed.
If this application is hosted by a Web Farm or cluster, ensure that
<machineKeyconfiguration specifies the same validationKey and validation
algorithm. AutoGenerate cannot be used in a cluster”.

Here is the scenario when I got the error.

1. ASP.Net web application is installed on 2 backend IIS Servers. Web
application consists of a simple login page which contains UserName, Password
fields and Submit button.
2. Web farm is created on ISA Server 2006 to access both backend IIS Servers.
3. All the requests to the backend IIS servers go through the ISA 2006
firewall.
4. While creating Web Publishing Rule to access Web application folder from
backend IIS Servers, Session Affinity is used for Load Balancing so that the
requests from the same session should go to the same IIS server.
5. When I tried to access login page simultaneously from multiple browsers,
after submitting the form on web page simultaneously from different browsers,
it gave error “Validation of ViewState MAC failed” in some of the browsers.
6. I got the error only when I used HTTP protocol. When the same setup was
done for HTTPS, I did not get error and all the requests were routed to
different backend IIS Servers as expected.

I searched on net for help, in some of the resources, it is mentioned that
<machineKeyelement set in Web.config file is used for encrypting and
MAC-checking on the ViewState and if the encryption settings are different on
different servers, ASP.Net consider the ViewState as modified and gives the
exception. So, it is suggested to use the same <machineKeyon all the
backend servers in case of servers on Web farm. I tried using the same
<machineKeyon backend IIS Servers and the error was gone.

When we are using Session Affinity to create Web Publishing Rule which uses
Web Farm to handle both backend IIS Servers, why do we need same
<machineKey>? I want to understand the reason behind the error and why the
error occurs only on HTTP and not on HTTPS?

I would appreciate your quick response.

Thank you in advance.

Vijay
Jun 27 '08 #1
1 2487
It is possible that with https you have "sticky" load balancing - i.e.
it has to keep routing messages to the server that initiated the SSL
context, because only that server knows how to decrypt it. You can get
around this by using an NLB to tear down the SSL context before it is
divided between the app servers. Obviously if each connection is
sticking to a server, you don't get this problem, as the viewstate is
only seen by a single server.

So yes; you will need the same key on all servers in the farm.

Marc
Jun 27 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Amit S. Jamgade | last post: by
1 post views Thread by Kikoz | last post: by
10 posts views Thread by Lloyd Dupont | last post: by
5 posts views Thread by russell.lane | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.