Article Configuration problems

Scenario: Event log shows a CrytographicException error

In the course of operations, you notice that there is a CryptographicException exception in your event log(s) or Exceptions report, even though system usage is fine. You might see it repeatedly in these logs.

The stack looks something like this:

Event code: 3005 
Event message: An unhandled exception has occurred.
Event time: 1/24/2015 9:50:48 PM 
Event time (UTC): 1/25/2015 7:50:48 AM 
Event ID: 69487c525a0d41fbb8ba282601323563 
Event sequence: 21356 
Event occurrence: 19 
Event detail code: 0 
Application information: 
Application domain: /LM/W3SVC/1/Root 
Trust level: Full 
Application Virtual Path: / 
Application Path: C:\Program Files\Zimbra\Telligent 9.0\9.0.xxxxx.xxxx\ 
Machine name: WEBSVR01 
Process information: 
Process ID: 2532 
Process name: w3wp.exe 
Account name: NT AUTHORITY\NETWORK SERVICE 
Exception information: 
Exception type: CryptographicException 
Exception message: Padding is invalid and cannot be removed. 
Request information: 
Request URL: http://yourcommunitysite.com/WebResource.axd?d=ycT-SiaiY9wxmb6vFNASFPVdqPAgycqF8IyZVV7QhMjFViKfzyKJcSr83djcpJiKmPMDrxWcEiuy6cer5GYDDmrxi8TQ18GDVW7ok91Zm3mZfXMdznRYHQhdwPj9VYOjL4oUNowA3RZ57HefxO-Ilg2 
Request path: /WebResource.axd 
User host address: 10.0.0.2 
User: 
Is authenticated: False 
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE 
Thread information: 
Thread ID: 6 
Thread account name: NT AUTHORITY\NETWORK SERVICE 
Is impersonating: False 
Stack trace: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Solution:

This is something of a known issue with ASP.NET and isn't due to Telligent Community Servr. It can occur when robots crawl a site, or it could also be due to time differences between servers (that is, they are out of time synchronization).

Fortunately, this error does not represent a security issue because:

  • No intellectual property is exposed
  • No exploit to the Web site or server is possible

You can add a robots.txt file to the root of your site to prevent some of the activity.