search

SparkDevNetwork / Rock

An open source CMS, Relationship Management System (RMS) and Church Management System (ChMS) all rolled into one.
http://www.rockrms.com
574 stars 347 forks source link

We are being constantly logged off with 'Validation of viewstate MAC failed' errors. #709

Closed ElimAdmin closed 9 years ago

ElimAdmin commented 9 years ago

I thought this might have been internet connection issues, but now I'm not sure. Here's the Exception Notification email: Is this an Arvixe web hosting change? Just started the last couple of days. Any suggestions?

An exception has occurred. Details of this error can be found below: An error occurred on the Rock RMS site on page: http://elimrms.org:80/page/71 HttpException in System.Web Message Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. See http://go.microsoft.com/fwlink/?LinkID=314055 for more information. Stack Trace at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString, Purpose purpose) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter2.Deserialize(String serializedState, Purpose purpose) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter2 formatter, String serializedState, Purpose purpose) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.themes_rock_layouts_fullwidth_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) -ViewStateException in Message Invalid viewstate. Client IP: 203.109.201.165 Port: 49868 Referer: http://elimrms.org/page/71 Path: /page/71 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0 ViewState: b0TkRbnUKB9JxUXwtOtXzLC5ac3oh1F90tAx7/N2JVX+TjKFIsItmX7s09YQlQ4FWu7wP9ga1/NDtnGtoFQxZ5zOksOkBnohn0Ysac3bncZI8dfqvmFg+QJSxxuTy3dKEkV2yv7pULazkLORto/EIB5LUA3STj8CHNewEHajGCATz39hQBXDEy3oBDYjgqBD9lMShVCA1TmJGGIIJa4K2YhC2aJc6ZWutwGCFgdgDh9oor0CHe/M45eerdtVFDt6DXAuiS6Ey2bwjvyfNQxD1zyXhyVeoOB19c0kBbxn415CEFkshu2m/wa1x6/AdNkzG8pofYwhd+85bU96T0TcsWgdjnDG7hvinNJz7bTKnJ87vCxj3PVAvrV6eWmwa6wTNKC2LTnsjUiNAZ8ur3mEhbsckTaTHnfiP6BRXE2+ZvzpigXo/TAeQbJ5xNjDW02bNI/BJZXM3PpTUe9dmZknCcrpCjCCKMymP/Z49gmGgiI89BLR/Lj7hMfYUzkCHJY2Ci689tVlVRRDbKr2dWvChLyH3sZpGuGBImlIKH35M6Tr7Y/foeqd0bQG3dRNAMWU+6ejbR9MyGY8K4GvnrF9P9nKwDy26MyrLk+HL/E4FneZvik8EiGPRDLaAwNRcFPSlp8QGlU0HhpBFNHzHeB2ZaaXXXX4PjuM44jGelJI11sWx6B6dqS2qHj5PrT5TjqWb+Hld+FqiDXU4xU5sPQzGp88GdR1Rb1fuiachKSLfnIwIcCgyVdYz4qHK6AHuV+OWDKWYmFa7lgabbIzJ7GLDwI9uXFkEEQLUTy7DDqmfc1z3BIbyr8BjV0LlHT2+... Stack Trace

ElimAdmin commented 9 years ago

The error msg refers to this MS page, where it suggests generating and using a fixed machine key in web.config: http://support.microsoft.com/kb/2915218#AppendixA

There seem to be lots of references to this error on the net, e.g.

http://blogs.msdn.com/b/tom/archive/2008/03/14/validation-of-viewstate-mac-failed-error.aspx

https://social.msdn.microsoft.com/Forums/en-US/0f143e24-65e7-4f44-8d64-a8f920f410af/validation-of-viewstate-mac-failed-if-this-application-is-hosted-by-a-web-farm-or-cluster-ensure?forum=vstswebtest

Need some guidance as to which of the possible solutions is the right one (?)

I think this is the same issue as #702

ElimAdmin commented 9 years ago

We had multiple tabs open on three PCs at the same time and were working between the three.
I suspect this was Arvixe server load related?
I followed these instructions http://support.microsoft.com/kb/2915218#AppendixA. to generate this machine key:

<machineKey decryption="AES" decryptionKey="D127B1DF9EA78B8FE665EDD4800409B4AD3D5B91B03ED51D514E9C694B57C1D2" validation="HMACSHA256" validationKey="D5D34B2489A78AFF81BBA2FE2DFAE509199BC400AE99507CD3F73C68CCCB1BA5AD3E95C61018A7888E6DD9BF26640EAC5DF0C6FFD8406D4D0694616A41BB4969" />

I added it in my web.config file here:

 -->
   The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.5"/>
      </system.Web>
  -->
    <system.web>
        <machineKey decryption="AES" decryptionKey="D127B1DF9EA78B8FE665EDD4800409B4AD3D5B91B03ED51D514E9C694B57C1D2" validation="HMACSHA256" validationKey="D5D34B2489A78AFF81BBA2FE2DFAE509199BC400AE99507CD3F73C68CCCB1BA5AD3E95C61018A7888E6DD9BF26640EAC5DF0C6FFD8406D4D0694616A41BB4969" />
        <trace enabled="false" />
        <trust level="Full"/>
-->
        other lines...
-->
    <system.web>

Have not had any other exception errors yet...

ElimAdmin commented 9 years ago

We've had no more errors. This can be closed. Unless it raises other issues that you want to follow through.

azturner commented 9 years ago

@ElimAdmin , The Rock install actually now adds the machine key to the web.config during the install, but you likely ran the install before this was added.

ElimAdmin commented 8 years ago

@azturner Hi David. I have been impacted by Arvixe's problems lately. I think they have changed the machine hosting my site. As a result I get the "Server Error in '/' Application" error. I am going to see if I can generate a new machine key to fix this. But this has prompted me to wonder: isn't this also a problem with just copying the web.config file from one server to another (something that is happening as people are moving servers)? Won't the machine key need to be changed each time? Is there a link between machine key and PasswordKey and DataEncryptionKey? Or are they all independent?

ElimAdmin commented 8 years ago

@azturner. Hi David. I falsely thought that machine key was unique to a server. But its not, so that's why it still works on another server. My problem (embarassed look) was because I had changed the database username's password, but not changed the connection string in the config file. All sorted. No action required.