LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-07-2012, 05:53 PM   #1
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 60

Rep: Reputation: 2
HTTP 400 - Size of a request header field exceeds server limit


I am trying to set up SSO for the web interface for our MicroStrategy implementation. We have a desktop app that is using SSO successfully. But when we try to access MicroStrategy through the browser, we get the HTTP 400 error.

So far, I have found all the "fixes" about setting the LimitRequestFieldSize and LimitRequetLine in the httpd.conf file, I've tried setting the maxHttpdHeaderSize in server.xml and I've changed registry settings MaxFieldLength and MaxRequestBytes under HKLM\System\CCS\services\HTTP\paramters as well as the MaxTokenSize under HKLM\System\CCS\Control\Lsa\Kerberos\Parameters.

I have verified that the kerberos ticket is less than 4k, so the size of the ticket shouldn't be an issue.

Nothing seems to prevent me from getting this error.

Is there anyone who might have some ideas as to where I can go from here to figure out where the problem lies? Any thoughts ideas or suggestions would be welcome as I have pretty much exhausted everything I've found in Google, Red Hat, MicroStrategy and pretty much every other resource I could think of.

If anyone has any ideas or needs to see any snippets of config files, I can post those.

Thanks in advance!!
 
Old 05-08-2012, 11:52 AM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
I would be interested to see what is in the actual http header. Have you tried using something like tamper data or another add-on to be able to view your HTTP headers as they are sent back to the server. Sounds like it may be a scripting problem generating too big of a request but thats just a guess.
 
Old 05-08-2012, 04:30 PM   #3
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 60

Original Poster
Rep: Reputation: 2
Thanks...I'll see if I can run a Fiddler trace and get that info. I'm abstaining from that environment during business hours for the most part as users are accessing it, but I'll run a trace and share what I find.

Thanks!!!
 
Old 05-09-2012, 10:30 AM   #4
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 60

Original Poster
Rep: Reputation: 2
Ok...so hopefully I did this correctly. (I'm rather new to Fiddler and all this tracing stuff). According to Fiddler, it looks like the header information is as follows:

GET /MicroStrategy/servlet/mstrWeb HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; InfoPath.2; MS-RTC LM 8)
Accept-Encoding: gzip, deflate
Host: microstrategy.qa.domain.com
Connection: Keep-Alive
Authorization: Negotiate YII<snip>
Cookie: JSESSIONID=A2F6F33121C1163336DF9988F7D7402B

The part I snipped out was the rest of the Authorization string after the YII. I wasn't sure it was wise to post the actual string on a public forum. However, since the string was somewhat lengthy, I copied/pasted it into Word to get an exact character count.

The string, including the YII, according to Word is 10,232 characters.
 
Old 05-09-2012, 01:26 PM   #5
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 60

Original Poster
Rep: Reputation: 2
Update....

Our current AD domain was migrated from an old domain. We noticed that one result of this was that many of our users and groups in AD still had a SID history from the previous domain.

We created a test user and added it to groups that did not have any SID history and we were able to add the user in to over 100 groups without any Bad Request errors.

The next step will be to verify that old SIDs are no longer needed and remove the SID history from all users and groups.

Unfortunately, I was not able to capture the header size on the test system (didn't have the tools). Perhaps I'll see if I can get Fiddler installed and check the header size against the 10k size from my production system.
 
Old 05-16-2012, 10:06 AM   #6
dcarrington
Member
 
Registered: Dec 2011
Distribution: RHEL, CentOS, Ubuntu
Posts: 60

Original Poster
Rep: Reputation: 2
Looks like the SID history was the culprit. After removing SID history from my user and associated groups, I am able to use SSO for internal web pages.

Thanks for all your help!! Much appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Want to add data in the header field of tcp/ip header Maitrikkshah Linux - Networking 1 08-06-2011 06:07 AM
Allowing an IP range to by pass the max size limit for web request. jrytter Linux - Newbie 2 03-11-2011 03:25 AM
core dump file size exceeds limit with ulimit -f unlimited. initpidzero Linux - Software 0 07-28-2009 02:08 AM
Rewriting "Set-cookie:" http header field J_Szucs Linux - Networking 3 08-06-2007 04:10 AM
Wget & MnoGoSearch http request problem (size) havik Linux - Software 0 09-28-2005 07:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration