You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mikey <mi...@gmail.com> on 2014/07/21 06:42:42 UTC
Re: ISAPI Redicect - Request Entitiy too large
Alexander Diedler <adiedler <at> tecracer.de> writes:
>
>
> Hello <at> ll,
> I have installed a new Windows 2008 R2 x64 Server with IIS7 and Tomcat
6.0.32 x64 Edition. We use SSO Authentication from IIS to the Tomcat.
Suddenly, we got on some clients, but not on every client (that´s stupid!)
the following error:
>
> Request Entity Too large!
> The HTTP method does not allow the data transmitted, or the data volume
exceeds the capacity limit.
>
> Jakarata/ISAPI/isapi_redirector/1.2.32 ()
>
> The isapi.log contains the following messages in debug mode:
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
find_match::jk_uri_worker_map.c (863): Found a wildchar match
'/jci/*=worker1'
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
HttpFilterProc::jk_isapi_plugin.c (1978): check if [/jci/] points to the
web-inf directory
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - should
redirect to worker1
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/]
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
wc_maintain::jk_worker.c (339): Maintaining worker worker1
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3022): Reading extension header
HTTP_TOMCATWORKER0000000180000000: worker1
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3023): Reading extension header
HTTP_TOMCATWORKERIDX0000000180000000: 3
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3024): Reading extension header
HTTP_TOMCATURI0000000180000000: /jci/
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3025): Reading extension header
HTTP_TOMCATQUERY0000000180000000: (null)
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header
Connection : Keep-Alive
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header
Content-Length : 0
> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept
: */*
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-
Encoding : gzip, deflate
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-
Language : de-DE
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309):
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Host :
b0621s008
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header User-
Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64;
Trident/4.0; SLCC2; .NET CLR 2.0.50727)
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1
method=GET host=fe80::3d83:4ce1:6ac:83dd%11 addr=fe80::3d83:4ce1:6ac:83dd%11
name=b0621s008 port=80 auth=Negotiate user=DOMAIN\USERNAME uri=/jci/
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8
attributes=0 chunked=no content-length=0 available=0
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
wc_get_worker_for_name::jk_worker.c (116): found a worker worker1
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name worker1
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0
after 0 retries
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error]
ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header
value
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [info]
ajp_service::jk_ajp_common.c (2431): Creating AJP message failed, without
recovery
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error]
HttpExtensionProc::jk_isapi_plugin.c (2261): service() failed with http
error 413
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
ajp_reset_endpoint::jk_ajp_common.c (807): (worker1) resetting endpoint with
socket -1 (socket shutdown)
> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
ajp_done::jk_ajp_common.c (3078): recycling connection pool slot=0 for
worker worker1
>
> Attachment (smime.p7s): application/pkcs7-signature, 5183 bytes
After 18+ months of dealing with this issue - with IIS6, IIS7, IIS7.5 - I
fixed it by removing 'Negotiate' from the Windows Authentication providers,
just leaving 'NTLM'. Hope this helps, as I've been bashing my head against
a brick wall for so long over this!!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ISAPI Redicect - Request Entitiy too large
Posted by Cédric Couralet <ce...@gmail.com>.
2014-07-21 6:42 GMT+02:00 Mikey <mi...@gmail.com>:
> Alexander Diedler <adiedler <at> tecracer.de> writes:
>
>>
>>
>> Hello <at> ll,
>> I have installed a new Windows 2008 R2 x64 Server with IIS7 and Tomcat
> 6.0.32 x64 Edition. We use SSO Authentication from IIS to the Tomcat.
> Suddenly, we got on some clients, but not on every client (that´s stupid!)
> the following error:
>>
>> Request Entity Too large!
>> The HTTP method does not allow the data transmitted, or the data volume
> exceeds the capacity limit.
>>
>> Jakarata/ISAPI/isapi_redirector/1.2.32 ()
>>
>> The isapi.log contains the following messages in debug mode:
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> find_match::jk_uri_worker_map.c (863): Found a wildchar match
> '/jci/*=worker1'
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> HttpFilterProc::jk_isapi_plugin.c (1978): check if [/jci/] points to the
> web-inf directory
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> HttpFilterProc::jk_isapi_plugin.c (1994): [/jci/] is a servlet url - should
> redirect to worker1
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> HttpFilterProc::jk_isapi_plugin.c (2034): fowarding escaped URI [/jci/]
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> wc_maintain::jk_worker.c (339): Maintaining worker worker1
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3022): Reading extension header
> HTTP_TOMCATWORKER0000000180000000: worker1
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3023): Reading extension header
> HTTP_TOMCATWORKERIDX0000000180000000: 3
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3024): Reading extension header
> HTTP_TOMCATURI0000000180000000: /jci/
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3025): Reading extension header
> HTTP_TOMCATQUERY0000000180000000: (null)
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3085): Applying service extensions
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header
> Connection : Keep-Alive
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header
> Content-Length : 0
>> [Fri Sep 30 15:06:08.445 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept
> : */*
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-
> Encoding : gzip, deflate
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Accept-
> Language : de-DE
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309):
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header Host :
> b0621s008
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3309): Forwarding request header User-
> Agent : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64;
> Trident/4.0; SLCC2; .NET CLR 2.0.50727)
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3344): Service protocol=HTTP/1.1
> method=GET host=fe80::3d83:4ce1:6ac:83dd%11 addr=fe80::3d83:4ce1:6ac:83dd%11
> name=b0621s008 port=80 auth=Negotiate user=DOMAIN\USERNAME uri=/jci/
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> init_ws_service::jk_isapi_plugin.c (3356): Service request headers=8
> attributes=0 chunked=no content-length=0 available=0
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> wc_get_worker_for_name::jk_worker.c (116): found a worker worker1
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> HttpExtensionProc::jk_isapi_plugin.c (2228): got a worker for name worker1
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> ajp_get_endpoint::jk_ajp_common.c (3161): acquired connection pool slot=0
> after 0 retries
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error]
> ajp_marshal_into_msgb::jk_ajp_common.c (469): failed appending the header
> value
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [info]
> ajp_service::jk_ajp_common.c (2431): Creating AJP message failed, without
> recovery
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [error]
> HttpExtensionProc::jk_isapi_plugin.c (2261): service() failed with http
> error 413
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> ajp_reset_endpoint::jk_ajp_common.c (807): (worker1) resetting endpoint with
> socket -1 (socket shutdown)
>> [Fri Sep 30 15:06:08.460 2011] [3456:1540] [debug]
> ajp_done::jk_ajp_common.c (3078): recycling connection pool slot=0 for
> worker worker1
>>
>> Attachment (smime.p7s): application/pkcs7-signature, 5183 bytes
>
> After 18+ months of dealing with this issue - with IIS6, IIS7, IIS7.5 - I
> fixed it by removing 'Negotiate' from the Windows Authentication providers,
> just leaving 'NTLM'. Hope this helps, as I've been bashing my head against
> a brick wall for so long over this!!
>
>
Hi,
Wasn't the problem caused by a too big kerberos ticket ?
AIUI, that ticket contains all the groups SID of the member (which
would explain why only certain members are affected).
I am asking because I recently read (on http WG) that kerberos ticket
in header could be very large in size, even larger than 16K. Tomcat
default limits of 8K could explain your error (don't know if it
applies to AJP).
This is all very speculative, but as you do the auth on IIS, maybe
another solution would be to not transfer the Authenticate header.
Not really important as you solved your problem, just my 2 cts.
Cédric
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org