After enabling Kerberos on our SharePoint Server 2007 acceptance environment I suddenly could not access the environment anymore. The only thing I got was an error stating “Bad Request – header field too long”. Since changing the authentication method to Kerberos was the only change it had to be related with this. Apparently the solution was making changes both on the client and the server level:
- In the eventlogs of my client I saw the following error - “Windows cannot determine the user or computer name. (Not enough storage is available to complete this operation. ). Group Policy processing aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.”. Apparently this was caused by the fact that I’m a member of quite a few Active Directory groups – check out KB327825 New resolution for problems with Kerberos authentication when users belong to many groups. Using the old fix – changing the MaxTokenSize and MaxUserPort in the registry seemed to already solve some issues but still no go on accessing our SharePoint Server environment.
- Next I stumbled on to this blog post – HTTP 1.1 400 Bad Request (Header field is too long). Configuring IIS on the SharePoint Server 2007 to accept larger headers seemed to do the trick – check out KB 820129- Http.sys registry settings – the settings we changed was both the MaxFieldLength and MaxRequestBytes. This seemed to do the trick.