AzurePack: Admin Portal failing with HTTP 500

 

One of the common issues we get after setting up AzurePack is while trying to access Admin portal and getting HTTP 500. Moreover issue would be limited to admin portal only and tenant portal might work fine.

AzurePack admin portal uses Windows authentication whereas tenant portal used forms authentication, hence the difference.

The admin user account with which we are trying to access the admin portal might be a system admin or domain admin account that would have large number of group memberships. With the increase in number of group memberships, the size of auth token also increases.

This could be verified by looking at a network trace or simply run fiddler on the client machine and check the header size.

clip_image002

Suggested way of fixing such issues is to reduce the number of group memberships. But that might not be always possible.

Another way to fix this issue is to increase the allowed limit on the web server. We have to increase MaxRequestBytes and MaxFieldLength values on all servers where is Windows Authentication Role installed:

Key path: SYSTEM\CurrentControlSet\Services\HTTP\Parameters
Value name: MaxRequestBytes
Value type: REG_DWORD
Value data: 65534

Key path: SYSTEM\CurrentControlSet\Services\HTTP\Parameters
Value name: MaxFieldLength
Value type: REG_DWORD
Value data: 65534

Reference:

Problems with Kerberos authentication when a user belongs to many groups
https://support.microsoft.com/en-us/kb/327825