Problem
In the previous tip, you discussed that because there are a large number of groups in Active Directory, you need to go beyond maxtokensize to accommodate the larger Kerberos tokens. At the same time, we note that MaxTokenSize needs to make adjustments because Web applications that use Windows Integrated authentication (Windows Integrated authentication) also have a startup failure problem. These include SQL Server Reporting Services. The company I worked on made the necessary changes and restarted the SQL and Web server. After startup, although the problem with SQL Server Management Studio is resolved, our web application still has problems. What changes do I need to make?
Expert answers
Previous methods about Kerberos Token sizes resolved the problem of modifying MaxTokenSize in a section of the registry in the following directory: hkey_local_machine\system\currentcontrolset\control\ Lsa\kerberos\parameters. Unfortunately, when you use Windows Integrated authentication (Windows Integrated authentication) to connect to SQL Server, this is not the only place to have a preset size. The extra two values are MaxFieldLength and maxrequestbytes. Unlike MaxTokenSize, when a problem affects a Web application, it presents a different point. Windows Integrated authentication (Windows Integrated authentication) is enabled in Internet Explorer by default, in the Internet Options | The advanced interface appears as follows:
Figure I
When a user attempts to access a Web page with an alias or DNS name, DNS resolution attempts to do so. Because the size of the larger Kerberos token exceeds the default maxfieldlength, you will get the wrong information immediately. This differs from the fact that a Web page cannot be found because of a time lag between entering an address and receiving a "Web page cannot be displayed" error message. The interesting part of this conundrum is that if you try to access the Web page either by host name or by alias, it will not work. However, Web pages can be accessed through IP addresses. However, execution of any SQL query fails when the page is loaded.