I have a webfarm with two servers using "sticky" sessions at the load balancer. The machinekeys in the web.configs match and the site numbers in IIS are identical. Session is stored in memory. Generally we don't have any problems. However, it is possible to trigger an invalid postback exception by crossing the two servers. I thought that since the machinekeys, version of .NET, and site numbers in IIS were the same that this shouldn't happen on a postback, but it is; am I missing something?
It is perhaps caused by event validation? Here's a msdn post describing it:
TL;DR: the default behavior (and it's a good behavior to have for security reasons probably) is that the server verifies it rendered the original html of a postback's event. So, if you load the page on server A, it remembers it rendered a page that can postback event foo. If server B ends up getting that postback, it will complain because it could be a sign of an xss attack or something like it.