When trying to connect to VisualSVN Server using Subversion client, a user may receive the following error message:
The error on the client is accompanied by the following Error Level event in the VisualSVN Server event log:
The above errors indicate that HTTP request header received by VisualSVN Server exceeds the header size limit. By default, request header size limit is set to 16384 bytes in VisualSVN Server.
Kerberos authentication method is always selected when a user authenticates to VisualSVN Server using Negotiate (SPNEGO) protocol and the connecting client supports Kerberos. In such case, the client sends special Kerberos access token as an HTTP request header. The error occurs when HTTP request header containing the access token becomes too large and exceeds the limit.
Kerberos token can become too large when Active Directory accounts migration is in process and has not been fully completed yet. Kerberos token includes SID history to retain access control and security settings in the process of migration. Therefore, Kerberos token can exceed HTTP header size limit if SID history is large. For more information about SID history, read the Microsoft TechNet article "Using SID History to Preserve Resource Access".
If the problem occurs in the middle of Active Directory accounts migration or the migration has not been properly completed, it is necessary to complete the migration and clear the SID history. You can find articles describing the problem and its resolution on TechNet Blogs:
- Using PowerShell to resolve Token Size issues caused by SID history,
- Do Over: SID History One-Liner.
In order to workaround the issue, it is possible to increase the HTTP request header limit set in VisualSVN Server.
Follow these steps to increase the HTTP request header limit:
Start Notepad as administrator and open the file:
Enter the following line and save the file:
- Restart VisualSVN Server.