Solved

Sharepoint-Header is too long (MaxRequestBytes)

Posted on 2011-02-22
4
1,411 Views
Last Modified: 2012-05-11
Dear all,

 I would like to inquire about the registry parameter (MaxFieldLength-MaxRequestBytes). Currently we have a very large SharePoint farm of 8 servers. Some users of remote locations throws the error "Bad Request - header is too long. "
 Currently we have set the following values:
 MaxFieldLength: 65534
 MaxRequestBytes: 65534

 But some users may receive this error because they belong to many groups and to get the kerberos ticket I believe it is long. The tech people told me that the value (MaxRequestBytes) can not be increased without affecting the infrastructure. I would like to understand why and how it can affect specifically.


I was reading this article: http://support.microsoft.com/kb/2020943
0
Comment
Question by:Gonzalo Becerra
  • 3
4 Comments
 
LVL 14

Expert Comment

by:KoenVosters
ID: 34951421
Impact:

It will have to  be executed on all the servers of the farm (not the sql server), and you will need to take it up in your upgrade plan of your farm so that if you are adding a webfrontend that you are changing the registry key there as well. If you don't, and you will forget :) ,adding a new frontend will give these users the same error when they are directed to the new frontend by the load balancer.
0
 
LVL 1

Author Comment

by:Gonzalo Becerra
ID: 34951621
Thanks Kown,

What was to do was change in the 8 servers in the farm, but i recieve this answer: No, because.

 "IMPORTANT: Changing These registry keys Can Be Considered Extremely Dangerous. These larger keys allow HTTP packets to Be Sent to IIS s, which in turn causes May Http.sys to use more memory and May Increase vulnerability to malicious attacks."


 I would like to know as it relates to add this parameter in the registry on all servers in the farm?. Why not raise it above 64k recommend?.

 They are Windows Server 2003 x64 8GB Ram
0
 
LVL 1

Accepted Solution

by:
Gonzalo Becerra earned 0 total points
ID: 34955567
The infrastructure "would suffer"because the one who takes Http.sys Requests to put in a queue that then processes the App Pool ... if you accept headers larger (much larger) memory escalate considerably more, depending on how much it add, which may cause the IIS service fall completely.

 The first request falls into Http.sys, so if you enlarge the size of the header that can be reached, it would be easier to kill the server by sending many large requests (Requests headers large) ... you understand?

 There is more vulnerable the Http.sys, but the infrastructure that would come larger headers ... so mark it in bold, because much will depend on how you calculate it for the header ... it is best to take the header of the friends of Indonesia and see what is the maximum you header is coming, and on that basis to the maximum, ie, be as restrictive as possible.
 Anyway, I recommend that you analyze the log of the server HTTPERR and see if they are well identified any IP they receive that message (in the field s-reason), because of having different IPs to those of Indonesia, without a cause "explained, "is to take care of making this change.
0
 
LVL 1

Author Closing Comment

by:Gonzalo Becerra
ID: 34990860
I opened a case in Microsoft to ask this issue and this is the response.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now