Monday, August 26, 2013

IIS/ASP.NET Windows Authentication Fails After Changing a User Name in Active Directory

We ran into a problem were a user's login changed because their last name changed.  They were able to login to the website with their old user name but the new one would not work.  It turns out that the local security account (LSA) on the front end web servers had their old user name cached.

We followed the guidance from Microsoft http://support.microsoft.com/kb/946358.
Once we added the DWORD registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LsaLookupCacheMaxSize with a value of 0 things started working.  Once this was done on all the front end web servers we removed the registry key so we would get the performance gains from caching again.