Error when logging into SMP console: Bad Request (Request Header Too Long)


Article ID: 155828


Updated On:


Management Platform (Formerly known as Notification Server)


When a user logs into the SMP they receive the error: HTTP 400 - Bad Request (Request header too long)

HTTP 400 - Bad Request (Request header too long)


This is an error generated from IIS. This is usually caused by the user being in hundreds of AD groups and therefore increasing their Kerberos token size to a size that is over the limits created in IIS

In an nut shell here is the issue.  During authentication a Kerberos token is passed to the server needing authentication. The more groups a user is a member of the larger that user’s token is going to be.   While 2012 does allow for a very large token (48KB), IIS still limits it’s overall request size to 16KB which include both the URL and the Kerberos token. 

Once the request size and field lengths are set to allow more data in the request, the issue will be resolved.  


Follow this document and adjust the IIS settings until you are happy with the response.


One customer found some workarounds, rather than contacting Microsoft to find out the cause of the Kerberos related authentication issue:

  1. RDP to the NS and access the NS Console by using http://localhost/altiris  (name / FQDN does not work)
  2. Access the NS Console remotely using the IP Address of the NS instead of name