My client has a security issue when using Network Load Balancing for the Web Access 9 Server: when they access using the DNS entry that points to the NLB (e.g. nlb.company.com) they will not be prompted to login with their AD account, instead they are automatically shown the credentials/folders/files/repository of the last AD user to login using nlb.company.com. This does not happen when bypassing the NLB (e.g. navigating directly to the Web Access server using webaccessserver.company.com).
When this second insecure login occurs, we can verify that there is an additional session listed for this AD account in the Administration Console (under Activity\Sessions).
I have ensured that Failover Clustering is not installed. I have also verified that the session is, indeed, using the first AD user's credentials (i.e. it's not just a display issue that would make it *appear* that the second user was logged-in as the first user).
Has anybody seen this before? Any ideas on where to troubleshoot the configuration? Does the load balancer cache data from anywhere?