LsaLookupSids

One of my coworkers got married and changed her surname. After my colleague changed her domain user strange thing happened. We are using domain authentication on our web portal. After domain user change she didn’t have any rights on the portal anymore. I checked the log (I am using Elmah) and there it was: Validation failed for one or more entities. The strangest thing was that under User column there was old surname, not the new one! Firstly I checked AD. Everything was fine. Then I tried to restart web page and IIS – it didn’t help. Server reboot was out of option.

After that I asked uncle Google, if he knows anything about that stuff. And he directed me to stackoverflow article. To work around this issue you can do following:

  1. Open registry editor as admin (on Windows Server 2008 and newer you can find it via searchbox (type regedit) on older versions you can run it via Run).
  2. Locate following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click on it, point to New and click DWORD Value.
  4. Type in LsaLookupCacheMaxSize and press Enter.
  5. Set value to 0 and exit registry editor.

Warning: this registry entry disables local SID caching. Because local SID cache helps to reduce domain controller workload and network traffic I deleted this registry entry after I checked that cache doesn’t hold deprecate username value anymore.

You can also check solution on official Microsoft support page.

Long time no see

Hey folks, long time no see! 😉

I was kind of busy – that’s why I was’t posting stuff for quite long time. And probably I was a little lazy also. 😛 As you can see, my blog is looking a little bit differently nowadays. That’s because I migrated it from Nibbleblog to WordPress. Don’t get me wrong, Nibbleblog is great blog system – it is simple to install (you don’t have to configure MySQL etc.) and it is surprisingly fast given the fact that it uses XMLs instead of database system. But the community is much much smaller than WordPress’, and only few plugins/templates are available…

Ad alert: Author of Nibbleblog (Diego Najar) is working on a new project named Bludit. He promises a lot of changes and new ideas.