I recently had a client that had claims based authentication on his site. He also had me write some “forgot my password” functionality for the logon page. Occasionally, he would email me stating that when a user used the “forgot my password” functionality and it emailed them a new password, the user could not log in with the newly issued password. After some research I discovered the MachineKey for the web application had changed. So, I changed it back and everything started working again.
The next day I got a similar email from the client. I checked the machine key and saw that it was changed again! I’m sure that no one would have changed it without consulting with me first, but I changed it back and started doing some research.
It turns out that in the SharePoint 2010 health monitoring jobs there is a job called “Web.config files are not identical on all machines in the farm”. This job is set to automatically fix the web.config’s when they become out of sync. I disabled the job from auto repairing like so:
Go to Central Administration > Monitoring > Review Rules Definition > Configuration Category > “Web.config files are not identical on all machines in the farm”. Click on the item and select edit. Then uncheck the automatically repair option, then save.
I hope to research this a bit more to understand why it changed this web.config and not the other one it was sync’ing up to and post and update to this blog post.