Partilhar via


SharePoint 2010 Health Analyser Timer Job Changed Custom Web.Config Machine Key

I recently had an issue with custom machine key in the web.config file on the WFE servers. We use non-autogenerated machine key to de/encrypt custom solutions deployed in SharePoint farm. However this key was changed every midnight and the next morning users would start complaining about custom solution throwing errors.

Initial research (Thanks for Nigel Price) showed that Health Analysis Job (Daily, Microsoft SharePoint Foundation Web Application, All Servers) is responsible for this change. Disabling this timer job would obviously solve this issue, but Nigel raised a question as where did the timer job get the machine key from. It doesn’t matter what your previous machines key value is, it always got reset back to the anther key after the timer job was executed.

It turns out the value is stored in SharePoint Config DB. I was able to see the entry in my VM with the following SQL query:

 SELECT * FROM Objects
WHERE Properties LIKE '%123456789%'

Replace 123456789with the key that the timer job changed to on your server. The returned result is in xml format, and the part related to the machine key would look something like below:

<sFld type="String" name="m_ViewStateValidationKey">ABCDEFGH4D4FA9458005157779C4AFA208757D2B483088</sFld>  
<sFld type="String" name="m_ViewStateDecryptionKey">0ED48AAF42669A67A2C99D568D553FB62BEEC903DAA37B3C</sFld>

Just to prove that this is the value timer job actually used to modify web.config file every night, I modified this value in Config DB (in my VM) and rerun the timer job. The machine key was indeed changed to the value I updated in the Config DB.

 image

After above confirmation, I went ahead to disable the timer job. (I would never touch Config DB in a running farm)

However, if you know a supported method to update this ViewStateValidationKey and ViewStateDecriptionKey, please please share with me. Thanks!

2012-09-04
===============

The solution is to disable the  ViewStateKeysAreOutOfSync health analysis rule by running the following PowerShell cmdlet:

Get-SPHealthAnalysisRule ViewStateKeysAreOutOfSync | Disable-SPHealthAnalysisRule

Ref: https://blogs.msdn.com/b/mutaz/archive/2012/05/30/keep-your-own-machinekey-values-in-sharepoint-2010-web-config.aspx

Comments

  • Anonymous
    April 02, 2012
    Nice post but I have a question do you know how we can update this value in the database using powershell ?