STS passive sign-in fails when a sign-in request is sent to a Windows Server 2012 R2-based STS server through STS proxy

Symptoms

Assume that you try to sign in to a Windows Server 2012 R2-based Security Token Service (STS) server in a passive way through an STS Proxy. When the sign-in request includes more than 20 cookies, the sign-in fails.

Cause

This issue occurs because a STS proxy is limited to transfer no more than 20 cookies to the STS server, and the additional cookies are dropped on the corresponding back-end STS request by the STS proxy.

Resolution

To resolve this issue, install update rollup 2962409. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2962409 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: June 2014

Workaround

To work around this issue, you must clear all the browser cookies under the Delete Browsing History under Internet Options in Internet Explorer.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×