STS passive sign-in fails when a sign-in request is sent to a Windows Server 2012 R2-based STS server through STS proxy

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 EssentialsWindows Server 2012 R2 Foundation

Symptoms


Assume that you try to sign in to a Windows Server 2012 R2-based Security Token Service (STS) server in a passive way through an STS Proxy. When the sign-in request includes more than 20 cookies, the sign-in fails.

Cause


This issue occurs because a STS proxy is limited to transfer no more than 20 cookies to the STS server, and the additional cookies are dropped on the corresponding back-end STS request by the STS proxy.

Resolution


To resolve this issue, install update rollup 2962409. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2962409  Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: June 2014

Workaround


To work around this issue, you must clear all the browser cookies under the Delete Browsing History under Internet Options in Internet Explorer.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates