THE INFORMATION IN THIS ARTICLE APPLIES TO:
- Mail Express, all versions
SYMPTOM
Mail Express Outlook Add-in user logon using Windows authentication fails with a (400) Bad request error.
CAUSE
Apache Tomcat, the web server used by Mail Express, imposes a limit on the size of the header of each HTTP request. The default limit is 8192 bytes. If the header of an HTTP request exceeds this limit (such as when a user has numerous AD accounts and group memberships), Tomcat closes the TCP connection, causing the authentication to fail.
WORKAROUND
Add the maxHttpHeaderSize value to the first Connector in the <Installation Directory>\conf\server.xml file, as described below. The Mail Express Server service must be restarted for any changes to take effect.
To configure the Mail Express Server to allow a larger header size:
- Shut down the Mail Express Server service.
- Using a text editor such as Notepad, edit the configuration file “<Mail Express Server Installation Directory>\conf \server.xml”
- Locate the SSL Connector definition XML Element by searching for the text "port=443". The element will be similar to:
<Connector
address="192.168.1.58"
port="443"
protocol="HTTP/1.1"
connectionTimeout="20000"
keepAliveTimeout="20000"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="200"
scheme="https"
secure="true"
SSLEnabled="true"
SSLProtocol="all"
SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"
SSLCertificateFile="${catalina.home}\conf\MailExpress.crt"
SSLCertificateKeyFile="${catalina.home}\conf\MailExpress.key"
SSLPassword="mailexpress"
SSLVerifyClient="none"
SSLVerifyDepth="10"/>
- Add the maxHttpHeaderSize attribute into the “Connector” definition. For example: maxHttpHeaderSize="16384"
The number can range from 8192 to 65536. The resulting Connector definition should resemble the following example:
<Connector
address="192.168.1.58"
port="443"
protocol="HTTP/1.1"
connectionTimeout="20000"
keepAliveTimeout="20000"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
maxThreads="200"
maxHttpHeaderSize="16384"
scheme="https"
secure="true"
SSLEnabled="true"
SSLProtocol="all"
SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW"
SSLCertificateFile="${catalina.home}\conf\MailExpress.crt"
SSLCertificateKeyFile="${catalina.home}\conf\MailExpress.key"
SSLPassword="mailexpress"
SSLVerifyClient="none"
SSLVerifyDepth="10"/>
- Save the changes to the file.
- Start the Mail Express Server service.