A user married and so her lastname (and more important from technical point of view: accountname) changed. On her windows PC she logs in with her new accountname and everything works fine. Now she needs to access our intranet asp.net applications. To our surprise, IIS identified her with her old account name… So she does not have access to some applications because her old account name is not known in our application anymore.
Authentication mode of our intranet sites is set to ‘Windows’ for automatic login. We then use HttpContext.Current.User.Identity.Name to identify the current user so there is no option to manually sign in, it just takes the windows credentials.
Searching around I’ve found Microsofts Knowledge Base article 946358 at http://support.microsoft.com/kb/946358/en-us which proposed to create a new registry entry: Create a new DWORD Value called ‘LsaLookupCacheMaxSize’ with value 0 in ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa’ so that the cache is cleared. We did this, but it did not help.
Then she tried to logon at another machine and there it worked fine, so it’s for sure a problem of the local client instead of the IIS or the AD or anything else network-related.
We’ve deleted her profiles, her name from any registry entry…. but were not successful. In the end, the only thing that helped: Completely reinstall the machine…