IIS 7 and Above
Changing from http to https - Chrome works, Internet Explorer: HTTP 4...
Last post Jan 05, 2018 06:10 AM by Yuk Ding
Jan 04, 2018 02:14 PM|Peter Forster|LINK
first - I I've read through all articles popular search engines find to this topic.
For your information: The system affected is Dynamics 365
We have the following situation:
After switching the CRM System to https (has been done with the CRM partner) some users can no longer login to Dynamics 365. All what they get with Internet Explorer is a "HTTP Error 400. The size of the rquest headers is too long"
Now this information is available on thousands of results within the web. We have applied the "fix" found in
https://support.microsoft.com/en-us/help/2020943/http-400-bad-request-request-header-too-long-response-to-http-request and still the issue persists.
I've now done a lot of testing and those are my findings:
With Chrome (on the same client with the same username) everything works fine. I've done a Fiddler Trace and I do see that Chrome is using Kerberos for Authentication.
When we disable "Enable Integrated Windows Authentication" in Internet Explorer the Authentication works, but uses NTLM. I've seen this article about a detailed description again with the above described error:
As the authentication is successful with Chrome and Kerberos it sounds like that the problem is related to Internet Explorer and the Kerberos Token.
Now the question is: Does anybody else has any other ideas how to use Kerberos with Internet Explorer?
Thanks for any hint!
Jan 04, 2018 03:19 PM|Rovastar|LINK
The error means you are sending too much stuff down the request and it is rejected by the http.sys . you need to increase the size of the allowed request or reduce the request size.
Check the http.sys log for more info
and change the http.sys reg settings (reboot required)
if you are saying that you MaxFieldLength (and tokensize, etc) are maximum and you are still getting issues then. Compare that to what you are sending. If you are sending more than the maximum then have a look at your app and change whatever
settings are relevant there.
Jan 04, 2018 03:45 PM|Peter Forster|LINK
Jan 04, 2018 08:40 PM|Rovastar|LINK
Jan 05, 2018 06:10 AM|Yuk Ding|LINK
The chrome and IE also have different core. So have you tried to clean the browser cache in ie explorer? In addition, did you see the same content in the windows Kerberos auth in fiddler? Considering the https break the Kerberos authentication in IE explorer,
you could go to ie explorer->internet option->security->custom level->prompt for username and credential to ensure the user is logging in with the right credential. In addition, you could go to internet option->advanced and check the necessary TLS, SSL credential
has been installed.
Maybe you could try to add the website to trusted sites or local intranet in IE explorer.
In addition, the windows authentication in local intranet also require the reverse nslookup in DNS.