The client cannot negotiate the request again and returns an HTTP 413 error.

If the client certificate is enabled on a single directory or file of the web server, website, or site, the client may see an HTTP 413 error when uploading a large file.

If a client sends a long HTTP request (such as a POST request) to a Web server running IIS 6.0, the IIS worker process may receive data sufficient to parse the request header, however, the entire request body is not received. When the IIS working process detects that a client certificate is required to return data to the client, IIS tries to negotiate the client connection again. However, the client cannot negotiate the connection again because it is waiting for other data in the request to be sent to IIS.

If you request the client to re-negotiate, you must use the SSL pre-load function to pre-load the request Object Body. The SSL pre-load function uses uploadreadaheadsize for ISAPI extension to configure the value of the database attribute. However, if uploadreadaheadsize is smaller than the content length, an HTTP 413 error is returned and the connection is closed to prevent deadlocks. (In the following circumstances, a "deadlock" occurs: the client is waiting to send the request entity, and the server is waiting for the re-negotiation to be completed. The re-negotiation requires that the client can send data, but this cannot be done .)

The solution is to ensure that the client is not prohibited from sending the entire entity body. Therefore, the value of uploadreadaheadsize should be changed to a value greater than the content length.

The following example shows how to set the value of uploadreadaheadsize on the Web server to 64 KB.

Run the following command in the Command window:
C:/> cscript.exe C:/inetpub/adminscripts/adsutil. vbs set w3svc/1/uploadreadaheadsize 65536
W3SVC is the IIS service, and 1 is the website serial number (you can determine the serial number based on the website log directory, such as C:/Windows/system32/logfiles/w3svc1 /..).

Note: For websites that do not require client certificate authentication, we do not recommend that you set the uploadreadaheadsize attribute to 64 kB or higher. Otherwise, you are at risk of allowing anonymous Denial of Service (DoS) attacks. When you need to set uploadreadaheadsize to a value greater than 64 KB, we recommend that you set the sslalwaysnegoclientcert attribute to true, which requires the client to install a valid client certificate.