In case a user is member of too many groups in the Active Directory (AD) there might occur the following problem:
... the request entity is too large ...
To solve this problem, VertiGIS recommends the following system settings:
Increase the MaxTokenSize to 32 kb under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters:
- MaxTokenSize = 32000
Add the following entries (DWORD) under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters:
- MaxFieldLength = 65534
- MaxRequestBytes = 65534
MaxFieldLength und MaxRequestBytes
- Add the parameter max_packet_size=65536 in the workers.properties.minimal (C:\Tomcat\conf) and adjust this file as shown in the following:
# workers.properties.minimal -
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
# The workers that jk should create and work with.
# Defining a worker named worker1 and of type ajp13.
# Note that the name and the type do not have to match.
- Edit packetSize in server.xml
- Configure packetSize="65536" for AJP connector (port=8009)
- Configure maxHttpHeaderSize="65536" for HTTP connector (port=8080)
packetSize und maxHttpHeaderSize
Note: After applying these settings IIS (Microsoft Internet Information Services) and Apache Tomcat have to be restarted!
Note: If these settings do not make an impact, you have to further analyze the problem with focused logging. Use the Apache Connector logging under C:\Tomcat\bin\win\isapi_redirect.properties (log_level=trace). Look for entries containing mod_jk one in the log file (C:\Tomcat\logs\isapi_redirect.log).