08-23-2017 11:27 AM - edited 03-18-2019 01:25 PM
Hello Everyone,
I have an issue where a user is not able to log into TMS and the Productivity tools does not allow him to book meetings if they have CMR rooms that are in TMS. When he tries to book throught Outlook, it just sits there with no errors. When he tries to log into the TMS portal, he receives an 400 Error message HTTP 400 - Bad Request (Request header too long). I removed his TMS account and rebuilt it from scratch and that did not work.
TAC wanted me to capture Http traffic, so I installed Fiddler on his machine. While running Fiddler, his issue went away. Once I remove Fiddler, the problem returns. Same error messages and symptoms.
He is the only user that is experiencing this issue. My Windows 10 machine is working correctly under my Windows profile. If I have him log on as himself while using my Windows 10 machine, he receives the same error messages and installing Fiddler fixes the issue.
I wanted to know if anyone has seen this issue before and is there any advise that you can offer?
Thank you,
Adrian
Solved! Go to Solution.
09-11-2017 05:51 AM
I found the answer to the issue. The user's Kerberos authentication token size was too large. The problem comes from being in too many Active Directory user groups.
I had to make some registry changes to the TMS server in order to increase the size limit of the HTTP header.
I have linked the KB article from Microsoft. https://support.microsoft.com/en-us/help/2020943/-http-400---bad-request-request-header-too-long-error-in-internet-info
09-11-2017 05:51 AM
I found the answer to the issue. The user's Kerberos authentication token size was too large. The problem comes from being in too many Active Directory user groups.
I had to make some registry changes to the TMS server in order to increase the size limit of the HTTP header.
I have linked the KB article from Microsoft. https://support.microsoft.com/en-us/help/2020943/-http-400---bad-request-request-header-too-long-error-in-internet-info
09-12-2017 10:36 AM
Your better option would be to force kerberose to use tcp:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide