Article ID: 819962 - View products that this article applies to.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/EN-US/ )Description of the Microsoft Windows Registry
When you are using Internet Security and Acceleration (ISA) Server 2000 in either a Web publishing or a Web proxy scenario, you may receive the following error message when you open or post data to a Web page:
414 Request-URI Too Large - The size of the request header is too large. Contact the server administrator.
(12215) Internet Security and Acceleration Server
By default, ISA Server permits HTTP requests that have a combined header length of up to 10 KB. If the limit is exceeded, you receive the error message that is described in the "Symptoms" section. For HTTPS, the Transport Layer Security (TLS) 1.0 RFC 2246 (section 6.2.1) and the Secure Sockets Layer (SSL) 3.0 specification state that no single SSL fragment should be more than 2^14 bytes (16 KB). However, certain clients may not follow this specification, or they may send SSL fragments that are close to 16 KB. ISA Server requires a single buffer to decrypt the SSL fragments before it tries to parse the headers.
You may receive the error message when you connect to a Web server that is Web published by an ISA Server computer. The problem may occur in the following situations:
You must install ISA Server Service Pack 1 (SP1) before you install the following hotfix. For additional information about how to obtain the latest ISA Server service pack, click the following article number to view the article in the Microsoft Knowledge Base:
313139A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
(http://support.microsoft.com/kb/313139/ )How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
This fix also applies to the French, German, Spanish, and Japanese versions of ISA Server.
Date Time Version Size File name -------------------------------------------------------------- 22-Jul-2003 11:24 3.0.1200.284 178,448 Mspadmin.exe 22-Jul-2003 11:23 3.0.1200.284 103,184 Msphlpr.dll 22-Jul-2003 11:23 3.0.1200.284 392,464 W3proxy.exe 22-Jul-2003 11:23 3.0.1200.284 299,280 Wspsrv.exe
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
You can add a registry value to change the default maximum value for the HTTP request headers. If you are Web publishing a Web site by using HTTPS behind an ISA Server computer and you do not install the hotfix, you may have to change this value from 10 KB to 32 KB (32768 decimal). Microsoft recommends that you install the hotfix because the default value reduces the risk of malicious HTTP requests.
To change the default value, follow these steps:
MaxRequestHeadersSizeregistry value. After you make the change, restart the Web Proxy service.
Note If you do not install the hotfix, you may have to increase this value to more than 64 KB depending on how the client encrypts its SSL packets or if the client sends HTTP request headers that are more than 64 KB.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
If you add the registry value in the "Workaround" section of this article or apply the hotfix, and the problem still occurs, the error message may have been issued by a different ISA Server computer. For example, the error message may have been issued by an upstream ISA Server computer in your organization. The error message may also have been issued by an external ISA Server computer in an organization that is Web publishing its Web site behind its own ISA Server computer.
To troubleshoot this problem, you can use Network Monitor or review the Web Proxy logs of the ISA Server computers in the request chain. The Web Proxy log of the ISA Server computer that issued the error message contains 414 as the "sc-status" for the request.
Article ID: 819962 - Last Review: June 14, 2007 - Revision: 2.9
Contact us for more help