To facilitate this, the ISAPI filter module will automatically generate a random
spoofKey value if one is not set for it, and if it can't do so it will refuse to run. Note that on older versions of Windows, generally Windows 2000 or NT, the 2.x filter will refuse to load because the API used to generate secure random data is not available. You will need to explicitly create the
spoofKey setting there.
Certain configurations of Windows 2000, possibly involving recent patches from Microsoft, appear to alter the behavior of the SP such that prior to version 2.2.1, the filter will cause IIS to crash instead of simply failing with a Windows log event noting that the
If you experience issues or false alarms with the random key value, you can explicitly set one that will be shared by all IIS server processes and should prevent those problems (at the cost of less randomness, obviously).