Users are getting 500 errors when attempting to access certain protected web pages which have domain authentication on load balanced web servers. All other portals protected by the same agent are working but authenticate via other user stores. Switching between the 2 nodes works temporarily then failures begin again.
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Application Request Routing (ARR) was enabled on the IIS web server. When using ARR, EarlyCookieCommit=yes must be set in the web agent configuration.
ARR changes the internal order of request processing within IIS such that the web agent must set its cookies earlier in the process than when ARR is not used.