siteminder IIS web agent failed to work with extra long url request
search cancel

siteminder IIS web agent failed to work with extra long url request


Article ID: 199643


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Web Agent and we observe that IIS w3wp.exe process
crashes when request URL is larger than 7k in length.

We've configured ACO MaxUrlSize configuration increase to a value to
suit the URL length. This has no effect in this use case.  Without Web
Agent installed, same URL request goes through fine.

We have multiple sites under IIS. The site is working without Web
Agent. Once Web Agent is installed to protect one of the sites, the
other site broke when large URL is sent. Windows Event viewer shows
only faulty "msvcrt.dll" message. Since the Web Agent is not enabled
for this site, there is no Web Agent log nor traces generated.


Not available

  \\?\C:\Windows\Temp\WER80ED.tmp.appcompat.txt \\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER813C.tmp.WERInternalMetadata.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\memory.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_1b198054b2338075fbff97bbfa3b79f94066e21f_ed19be39_cab_28aa813a\triagedump.dmp

How can we fix this ?




  Web Agent 12.52SP1CR10 on IIS 8.5 on Windows 2012R2;




This is a defect with a Web Agent library.

IIS default limits of the url is at 4k, if not modified, request will
be blocked with message "Request filtering is configured on the web
server to deny the request because the query string is too long", and
HTTP error 404.  However, this can be modified to 20k via IIS Request
filtering configuration.

By following 3rd party link:

  How do I increase the maxUrlLength property in the config in MVC 3?

Once IIS configuration is changed, request will be stopped by agent,
and the result is w3wp.exe crashing.

For failed test cases, IIS u-log doesn't record the request,
FailedReqLogFiles is also empty. So Windows process dump must be
collected for failed use case.
Dump can be enabled by following the step below:

  Steps to Catch a Simple “Crash Dump” of a Crashing Process




Upgrade to Web Agent 12.52SP1CR11 :

  SSO WEBAGENT R12.52 SP01 CR11 [#2820]

The fix is available in it :

  Defects Fixed in 12.52 SP1 CR11

    01353610, 32173134, 32219451 DE416050, DE477735, DE474907 Web
    Agent on IIS 10 application pool crashes if the request URL
    contains more than 6000 characters.