Question:
In production environment we noticed that we are able to mix session
while using NTLM/Kerberos authentication. We were able to reproduce
in a lower environment.
Following the following tech note we could use the IISCacheDisable ACO
but is not effective.
https://comm.support.ca.com/kb/iis-7-and-iis-75-output-cache-session-swapping/kb000019250
We have a workaround by using the Default application pool in classic
mode insead of integrated.
1. Can you let us know if we can use the IISCacheDisable alone and why
i is not effective in our environment ?
2. Is there any constraint of using the IIS application pool in
Classic mode ? The WebAgent is the only component running on IIS.
Environment:
Webagent 12.52SP1CR04 on IIS 8.5 - Windows 2012 R2
Policy Server 12.52SP1CR04 on Redhat Linux 6
Answer:
1. Implement the "IISCacheDisable" ACO
2. Consider disabling 'Enable Cache' and 'Enable Kernel Cache' in IIS
at the Web Site level.
3. If there are load balancers or other network devices which have
'Response Caching' disable it.
KB : KB000099524