From: Pavel Tajovský Pavel on
Hi everyone.
I have a big problem with IIS 6.0 (2003 server) - if some users try to call
a server www page they every time get a “400 – Bad request” error.
My configuration:
- Server: IIS 6.0 on MS Windows 2003 R2 enterprise edition server (service
pack 2)
- Clients: IE 6.0 on MS Windows XP professional (service pack 3)

Domain & server setting-up:
- maximal security token length is set to 64 kB
- SID history is allowed (which I need)
- the server with IIS is not domain controller (it's a member server)
- “trust for delegation” for the server with IIS is disabled (but I'd like
to enable it)
- web server uses Integrated Windows athentication

- The “httperr.log” reports the “HTTP/1.1 GET / 400 – RequestLength” error
- The error is evidently connected with size of user security token (users
with smaller token are OK). To be exact:
=> users with SecurityToken > 32kB can't log to computer (but it is not
problem – our largest security token is about 13 kB)
=> users with SecurityToken > 12.000 B can't to access to web pages
=> when I enable “trust for delegation” (for the web server) then users
with SecurityToken > 6.000 B can't to access to web pages but users with
smaller SecurityToken are fine
=> (to get size of SecurityToken I use tool tokensz.exe by Microsoft)
=> I have googled this error and there are many suggestions to change
following registry values. I have changed them (witch has NO effect):

Sorry for my English…

Any advice would be greatly appreciated.