[pubcookie-users] "User authentication failed" errors

David Grayston davidtg at u.washington.edu
Thu Jun 7 15:14:05 PDT 2007 

I can add some experiences that may or may not be helpful: we experienced
similar errors from a bug in the ISAPI filter that was fixed in v3.3.2c. I'd
double check your pubcookiefilter.dll that it is this current version
(c:\windows\system32\inetsrv\pubcookie\..). 

I also see similar (but less random) errors when an application hits a
timeout or pool recycle. Sounds like you've adjust this but I'll elaborate.
In IIS Manager check properties under Application Pools|DefaultAppPool and
Recycle Worker Processes - I've unchecked these off for our Pubcookie
protected application's AppPools. On this same property sheet check the
Performance tab and Idle Timeout - again I've unchecked this off for the
application's AppPool. 

Now under the application's site properties|Home Directory tab and
Application Settings Configuration button| Options tab | Enable session
state and session timeout. When this client session timeout is triggered
Pubcookie nearly always will throw similar errors and the client will have
to close their browser to clear their cookie and restart a session with the
application.  Some of our apps need a session state but I've set the timeout
high - 120min - and educated users that a long idle period will throw an
error.

Whether or not it helps but for each of our asp/aspnet applications I've
made their own AppPool and adjusted settings accordingly. Those not
protected via Pubcookie I leave all the recycle/timeout settings.

David

--------------------------------------------------------------------
David T. Grayston                 University of Washington
Systems & Network Administrator   SPHCM
Office of the Dean & Dept of Pathobiology

 

> -----Original Message-----
> From: pubcookie-users-bounces at mailman1.u.washington.edu 
> [mailto:pubcookie-users-bounces at mailman1.u.washington.edu] On 
> Behalf Of Nathan Dors
> Sent: Thursday, June 07, 2007 3:03 PM
> To: Williams, Nathan
> Cc: pubcookie-users at u.washington.edu
> Subject: Re: [pubcookie-users] "User authentication failed" errors
> 
> Hi Nathan,
> 
> This is about the only error we see here at UWash and on this 
> list for which we don't have an answer that consistently 
> resolves the problem. That's my impression anyway.
> 
> The idle timeout is the first and only obvious thing that 
> comes to mind, but you've turned it off. Beyond that, the 
> quality of my own troubleshooting recommendations declines 
> precipitously.
> 
> For example, since the errors concern the handling of the 
> session cookie, I sometimes ask if a static "on-disk" session 
> key pair is being used, rather than relying on the filter to 
> generate its own as needed. I've seen this practice fix 
> problems and not fix them. 
> However, we do use them here at UWash on our central 
> Win2K3/IIS 6.0 systems and don't see this problem there. (Of 
> course, that could be due to some other practice we do, maybe 
> with WebVarLocation and AppID registry settings?)
> 
> It's not clear what we could do development-wise to the 
> filter to help troubleshoot this problem. Suggestions encouraged.
> 
> -Nathan
> 
> On Thu, 7 Jun 2007, Williams, Nathan wrote:
> 
> > Apologies if this is a common error that gets asked about all the 
> > time, but I'm beating my head up against the wall trying to 
> fix it.  
> > Here's my
> > setup:
> >
> > Windows Server 2003/IIS 6.0
> >
> > Pubcookie 3.3.2c installed as ISAPI filter
> >
> > Pubcookie is configured for multiple sites on this server, idle 
> > timeout is turned off for the DefaultAppPool (that all 
> these sites run 
> > in)
> >
> >> From the user end of things, I'm getting a "User 
> authentication failed"
> > error page after the user is logged in for a seemingly arbitrary 
> > amount of time.  This happens in conjunction with the following 3 
> > entries in my event viewer:
> >
> > Event Type:       Warning
> >
> > Event Source:    Pubcookie
> >
> > Event Category: None
> >
> > Event ID:           3
> >
> > Date:                6/7/2007
> >
> > Time:                10:13:04 AM
> >
> > User:                N/A
> >
> > Computer:         JUPITER
> >
> > Description:
> >
> > libpbc_rd_safe: couldn't verify signature for www.housing.wisc.edu 
> > OpenSSL error: error:0407006A:rsa 
> > routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> >
> >
> >
> >
> >
> > Event Type:       Warning
> >
> > Event Source:    Pubcookie
> >
> > Event Category: None
> >
> > Event ID:           3
> >
> > Date:                6/7/2007
> >
> > Time:                10:13:04 AM
> >
> > User:                N/A
> >
> > Computer:         JUPITER
> >
> > Description:
> >
> > libpbc_unbundle_cookie: libpbc_rd_priv() failed
> >
> >
> >
> >
> >
> > Event Type:       Error
> >
> > Event Source:    Pubcookie-1522021381
> >
> > Event Category: None
> >
> > Event ID:           3
> >
> > Date:                6/7/2007
> >
> > Time:                10:13:04 AM
> >
> > User:                N/A
> >
> > Computer:         JUPITER
> >
> > Description:
> >
> > [Pubcookie_User] Can't unbundle Session cookie for URL /itcal/;
> > remote_host: 128.104.57.150
> >
> >
> >
> > Also, I'm not sure if this is related at all, but 
> occasionally users 
> > have problems where they're directed to the campus login 
> server from 
> > my application, they login successfully, but then aren't redirected 
> > back to my application.
> >
> >
> >
> > Anybody have any suggestions on this?  Seen it before?  Thanks for 
> > your help!
> >
> >
> >
> > Nathan Williams
> >
> > Web Developer
> >
> > Division of University Housing
> >
> > University of Wisconsin - Madison
> >
> >
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>

More information about the pubcookie-users mailing list