We're running a Web Agent and we observe that IIS w3wp.exe process
crashes when request URL is larger than 7k in length.
We've configured ACO MaxUrlSize configuration increase to a value to
suit the URL length. This has no effect in this use case. Without Web
Agent installed, same URL request goes through fine.
We have multiple sites under IIS. The site is working without Web
Agent. Once Web Agent is installed to protect one of the sites, the
other site broke when large URL is sent. Windows Event viewer shows
only faulty "msvcrt.dll" message. Since the Web Agent is not enabled
for this site, there is no Web Agent log nor traces generated.
APPCRASH
Not available
0
w3wp.exe
10.0.14393.0
57899b8a
msvcrt.dll
7.0.14393.2457
5b7e2c5bc00000050000000000073f5a
\\?\C:\Windows\Temp\WER80ED.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER813C.tmp.WERInternalMetadata.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\memory.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\triagedump.dmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a
0
f962877f-4365-4819-bd7b-857169388733
4
How can we fix this ?
Web Agent 12.52SP1CR10 on IIS 8.5 on Windows 2012R2;
This is a defect with a Web Agent library.
IIS default limits of the url is at 4k, if not modified, request will
be blocked with message "Request filtering is configured on the web
server to deny the request because the query string is too long", and
HTTP error 404. However, this can be modified to 20k via IIS Request
filtering configuration.
By following 3rd party link:
How do I increase the maxUrlLength property in the config in asp.net MVC 3?
https://stackoverflow.com/questions/8245843/how-do-i-increase-the-maxurllength-property-in-the-config-in-asp-net-mvc-3
Once IIS configuration is changed, request will be stopped by agent,
and the result is w3wp.exe crashing.
For failed test cases, IIS u-log doesn't record the request,
FailedReqLogFiles is also empty. So Windows process dump must be
collected for failed use case.
Dump can be enabled by following the step below:
Steps to Catch a Simple “Crash Dump” of a Crashing Process
https://docs.microsoft.com/en-gb/archive/blogs/chaun/steps-to-catch-a-simple-crash-dump-of-a-crashing-process
Upgrade to Web Agent 12.52SP1CR11 :
SSO WEBAGENT R12.52 SP01 CR11 [#2820]
https://support.broadcom.com/download-center/solution-detail.html?aparNo=SS15420&os=ANY
The fix is available in it :
Defects Fixed in 12.52 SP1 CR11
01353610, 32173134, 32219451 DE416050, DE477735, DE474907 Web
Agent on IIS 10 application pool crashes if the request URL
contains more than 6000 characters.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/release-notes/cumulative-releases/Defects-Fixed-in-12_52-SP1-CR11.html