SOLUTION: Cannot sign in Jabber error: The Web Page cannot be displayed

Applies to Cisco IM&P 10.5.X, Cisco Jabber 11.1

Problem:
You configured single sign on by using Microsoft Active Directory Federation services and CUCM so that Jabber users can sign in without entering user and password. But some users cannot sign in with error: The web Page cannot be displayed

Cause:
The problem user is a member of too many groups which causes the Kerberos token in WWW-Authenticate header for the user is too large. If the header exceeds the limit configured in IIS then error occurs and user cannot be authenticated by ADFS

Solution 1:
Remove user from the some AD groups and decrease the token size.

Solution 2:
Modify the MaxFieldLength and the MaxRequestBytes registry settings on the IIS on ADFS server based on

HTTP 400 – Bad Request (Request Header too long)” error in Internet Information Services (IIS)
https://support.microsoft.com/en-us/kb/2020943

More Information:

ADFS 2.0 error: This page cannot be displayed
https://support.microsoft.com/en-us/kb/3044971

Using internet Explorer you try to login the following link. Normally you should able to login and choose the services for login:

https://adfs.contoso.com/adfs/ls/idpinitiatedsignon.aspx

Here uncheck Show Friendly HTTP error messages option in Internet Explorer settings under Advanced tab. So that you can get the following error:

HTTP 400 – Bad Request (Request Header too long)

Advertisements
Gallery | This entry was posted in Cisco Cups & Jabber and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s