crypographic and viewstate errors

[Guest]

Hi

We have been getting 2 intermitent errors in the event log detailed below.
They are occurring on a server where the web site is stopping responding
periodically and needs to be brought back up by recycling the application
pool. We have 2 servers which are hardware load balanced with sticky sessions

We are on Windows 2003 SP1 and .Net framework V2.0

1.

Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1316
Date: 04/09/2006
Time: 09:31:11
User: N/A
Computer: XXX
Description:
Event code: 4009
Event message: Viewstate verification failed. Reason: The viewstate supplied
failed integrity check.
Event time: 04/09/2006 09:31:11
Event time (UTC): 04/09/2006 08:31:11
Event ID: e84653c400314318b919a69d1e918618
Event sequence: 468
Event occurrence: 3
Event detail code: 50203

2.

Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1309
Date: 04/09/2006
Time: 10:08:51
User: N/A
Computer:XXX
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 04/09/2006 10:08:51
Event time (UTC): 04/09/2006 09:08:51
Event ID: 01c00adecca446b5ad5435a4604f6c3b
Event sequence: 1126
Event occurrence: 1
Event detail code: 0

Process information:
Process ID: 5756
Process name: w3wp.exe
Account name:
Exception information:
Exception type: CryptographicException
Exception message: Padding is invalid and cannot be removed.

Error 2. also makes mention to the WebResource.axd file.

 

[Steven Cheng[MSFT]]

Hello Scott,

Glad to hear from you. I've also seen your update on the previous
thread("how analyze malfunctioning asp.net application?").

As for the intermitent CryptographicException error, based on my research
here are some possible causes:

1. The ASP.NET 2.0 application is in a webfarm/load balance
environment(which involve multiple server machines) and since ASP.NET by
default use the machinekey setting to perform encryption/decryption.
Therefore, in multi-server loading balance scenario, one request could be
processed by different server(use different internal machinekey) which
result to such exception. Is this the case in your application? If so,
you can manually specify a custom machinekey for all the servers hosts your
ASP.NET application so as to ensure the encryption use the identical key on
multiple servers:

#How To: Configure MachineKey in ASP.NET 2.0
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000007.asp?frame=tr
ue

2. In ASP.NET 2.0, in addition to ViewState, the webresource.axd generated
url string has identites that're encrypted using the machinekey setting.
And these encrypted values are not valid forever, it will expire and become
invalid after long time. Therefore, if a page postback after a long time,
it is posible that the embeded viewstate info or the certain
webresource.axd url become invaild which will also raise the error. This
is mostly found in some internet based web applications since there are
some users who will use some old url(expired), such as the one in google
cache to visit the certain application and will cause application raise
such validation error.

If your application is in internet environment, you can add some code in
the Application_Error event and check whether the CryptographicException is
from some particular client agents.

In addition, you can check in the Application_Error event to see whether
the exception is always occuring against some specific pages.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[rox.scott]

PROCESS ID in Viewstate??

Hello

RE: issue #1 above

My platform and symptoms match the original post exactly (diff scott though).
Web farming is not the problem, as the original post notes, sticky keys force client to return to same server each time. Although I'm still not convinced sticky keys work with ASP.NET, dropping the farm to a single server does NOT resolve the issue. PS, machinekey is set for all servers already as well.
Hence, the issue seems to be located in something else he said : "recycling the application". So my question is, does the Viewstate include ProcessID somehow in its verification? and is there a way to tell it not to? It seems two subsequent requests to the same server with an application recycle in between will cause Viewstate error.

--scott