I have a webform application based on asp.net 4.0, deployed to two different servers. The webform application has only one Default.aspx with its code behind:

protected void Page_Load(object sender, EventArgs e)
{
    MachineKeySection section =
     (MachineKeySection)ConfigurationManager.GetSection("system.web/machineKey");

    this.Response.Write(section.DecryptionKey);
    this.Response.Write("<br />");

    this.Response.Write(section.ValidationKey);
    this.Response.Write("<br />");

    var authToken = "xxxxxx";  
        //the real token is obviously not xxx, just an example here

    this.Response.Write(authToken);
    this.Response.Write("<br />");

    var ticket = FormsAuthentication.Decrypt(authToken);
    if (ticket != null) this.Response.Write(ticket.Name);
    this.Response.End();
}

the same code with the same web.config is deployed to two web servers. However, one of them works fine, and another always has its ticket equals to null. If I remove if (ticket != null) then an null reference exception is thrown. They have totally the same output, except the ticket part.

The web servers are running on Windows Server 2008 R2 SP1, with .NET framework 4 installed. I'm sure the code on the two web servers are toally the same, including the machineKey:

<machineKey validationKey="xxx" decryptionKey="yyy" validation="SHA1" decryption="AES" />

How can this happen? Do you have any idea about this weired issue?

UPDATE

MS BUG, need to update package: http://support.microsoft.com/kb/2656351

While employing load Balancers, I had ran into this exact issue as you mentioned. [ .net Framework 4.0 ]

All things were being verified so many times with NO success.

Just wanted to share the below link as finally the Security Update: MS11-100 had fixed the issue in my case.

Tony considers likely this to be bug in .net 4.0 http://tmoaikel.wordpress.com/2012/03/21/formsauthentication-decrypt-returns-null/ , which was fixed by the above patch.

May be this may help you progress little further.