2012 R2 Web Application Proxy returns 400 (Bad Request) for Kerberos IIS App

Similar Messages

• Error: 400 "Bad Request" for "deletetree", file "": Unsupported protocol .

  Hi 
  I have an C# application suddenly crashing after months of operation. The application is running on a Windows7 machine and is controlling 2 x NI6602 PCI counter cards through daqmx. The only clues to what when wrong is the following messages in the Windows Application Log.
  Message 1 (occurring first):
  LabVIEW information:  Error: 400 "Bad Request" for "deletetree", file "": Unsupported protocol       .
  Message 2:
  Faulting application name: RecordingStationGUI.exe, version: 1.0.0.0, time stamp: 0x4e3fa214Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaaeException code: 0x80000003
  Does anyone know what is causing this error and/or how I prevent this from happening again?
  Regards,
  mola

  Where you ever able to resolve this issue?  I have a very similar issue

• Content-Type is net being set in HTTP header. Server returns 400 Bad Request error.

  Hi,
  I am trying to access an XML WebService. This service requires the content type of the request to be set to "text/xml". As you can see in the source code, I am setting the req.ContentType property to "text/xml".
  However, this content type seems not to be added to the HTTP headers. The server returns a 400 Bad Request error as can be seen in the log.
  I've attached a System.Net.trace log and it states:
  [Public Key]
  Algorithm: RSA
  Length: 2048
  Key Blob: 30 82 01 0a 02 82 01 01 00 bc 09 30 8a 1e 03 4d 7a ea 16 d3 a8 5e d8 5b 00 c4 8a c5 9f 26 bd 7d d6 cb 8b d0 db bd 93 2d 2b 3b 84 f6 20 79 83 34 67 51 37 21 ea 56 5e 18 d8 a3 db 72 43 0e 14 77 e2 64 cb 07 b6 2a 81 c7 f5 16 dd 19 c7 d9 68 0b 3a 81 5c f0 05 c9 ed 2b 37 00 31 41 37 8b 3a 73 4a 4d ab d7 d8 87 79 35 82 01 97 e3 3c be bb 84 e5 94 bb 87 52 e3 9f b5 fb 3e 33 38 c3 eb 73 42 ee ba 1e c5 4a 33 18 a1 0d 8a d2 10 a8 c5 3....
  System.Net Information: 0 : [26780] SecureChannel#31884011 - Remote certificate was verified as valid by the user.
  System.Net Information: 0 : [26780] ConnectStream#26966483 - Sending headers
  API-VERSION: 1
  Host: test.myhost.com
  Content-Length: 329
  Expect: 100-continue
  Connection: Keep-Alive
  System.Net Information: 0 : [26780] Connection#3888474 - Received status line: Version=1.1, StatusCode=100, StatusDescription=Continue.
  System.Net Information: 0 : [26780] Connection#3888474 - Received headers
  System.Net Information: 0 : [26780] Connection#3888474 - Received status line: Version=1.1, StatusCode=400, StatusDescription=Bad Request.
  System.Net Information: 0 : [26780] Connection#3888474 - Received headers
  0: Content-type
  1: text/xml
  X-Debug-Token: a810dc
  X-Debug-Token-Link: /service/_profiler/a810dc
  Connection: keep-alive
  Content-Length: 3440
  Cache-Control: no-cache
  Content-Type: text/html; charset=UTF-8
  Date: Tue, 14 Apr 2015 11:07:11 GMT
  Server: Apache
  ...and here's the implementation of the web request:
  private void ButtonSend_Click(object sender, EventArgs e)
  WebHeaderCollection whCol = new WebHeaderCollection();
  whCol.Add("API-VERSION", "1");
  //whCol.Add("Content-Type", "text/xml; charset=UTF-8"); <-- That doesn't work in .NET. Content-Type has to be set on the ContentType-Property
  string msg = _textBoxReq.Text;
  HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_textBoxURL.Text);
  byte[] data = Encoding.UTF8.GetBytes(msg);
  req.Method = "POST";
  req.ContentType = "text/xml; charset=UTF-8";
  req.ContentLength = data.Length;
  req.Headers = whCol;
  req.GetRequestStream().Write(data, 0, data.Length);
  string xml = "";
  try
  using (HttpWebResponse resp = (HttpWebResponse)req.GetResponse())
  using (System.IO.StreamReader sr = new System.IO.StreamReader(resp.GetResponseStream()))
  xml = sr.ReadToEnd().Trim();
  catch (WebException we)
  using (System.IO.StreamReader sr = new System.IO.StreamReader(we.Response.GetResponseStream()))
  xml = sr.ReadToEnd().Trim();
  _textBoxRes.Text = xml;
  Can anyone help?
  Thanks,
  MiRi

  Hi _MiRichter,
  Well Done!
  Thank you very much for sharing the solution to us.
  Best Regards,
  Amy Peng
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Azure Web Application Proxy not rendering all assets for RD gateway

  Hi All,
  I have an on prem RD gateway, internal as http://desktop and internal with https://desktop.mydomain.local and https://desktop.mydomain.com via a forward lookup zone. internally it is working ok.
  I installed the azure web application proxy and configured each one of those URL's in an attempt to get this working ok.
  The problem is that it renders the header and nothing else in FireFox and Chrome, IE tells me its in protected mode. But when i check the web requests I am getting A status of "aborted" on the assets, be they jpg, css etc. This is very strange.
  I have the firewall open as per the sparse documentation on technet. Any demos I have seen were on a simple single asp.net mvc dummy site.
  I am using passthrough at the moment and the rd gateway is in forms based auth mode. I got this working last month with regular on prem WAP on another build. Has anyone actually attempted to use this to publish anything significant ?
  Rob
  Rob

  Hi Rob, 
  It is possible that we do not support Remote Desktop Gateway being published via the Azure Active Directory Web Application Proxy and that is why your running into issues. I shall have to check this out as I have not attempted to do this yet. 
  I shall investigate and come back to you in regards to this, I shall also reach out to the team whom own this feature and they may choose to reply directly via this thread. 
  Regards, 
  James.

• 400: Bad Request

  I am trying to get an inputStream to another servlet from a servlet. I am using standard well documented techniques for opening the connection. The getInputStream() call throws an exception as below:
  java.io.FileNotFoundException: Response: '400: Bad Request' for url: 'http://localhost:7001/shoppingCart/SOAPServlet'
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:367)
  at SendServlet.doGet(SendServlet.java:40)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
  at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
  at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
  at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  Here is the code snippet:
  String payload = "THE PAYLOAD WILL BE HERE";
  URL url = new URL("http://Localhost:7001/shoppingCart/SOAPServlet");
  HttpURLConnection conn = (HttpURLConnection)url.openConnection();
  conn.setRequestProperty("SOAPMethodName","http://www.nicholaschase.com/soap/#InventorySold");
  conn.setDoOutput(true);
  conn.setRequestMethod("POST");
  conn.setDoInput(true);
  conn.connect();
  OutputStream toSOAP = conn.getOutputStream();
  toSOAP.write(payload.getBytes());
  toSOAP.close();
  InputStream fromSOAP = conn.getInputStream();
  The last line throws the exception. The servlet is a part of the web application and I am able to access the servlet if a type the URL in the browser window. The web.xml which deploys the servlet is as below:
  <servlet>
  <servlet-name>SOAPServlet</servlet-name>
  <display-name>SOAPServlet</display-name>
  <servlet-class>SOAPServlet</servlet-class>
  <description>Sends SOAP Information back</description>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>SOAPServlet</servlet-name>
  <url-pattern>/SOAPServlet/*</url-pattern>
  </servlet-mapping>
  Could anybody let me know why the above exception will occur

  This was posted back in 2002, but can someone tell me the solution for it. I am up against the wall with a very familier situation.
  Thanks

• Bad request for URL?

  Hello All
  Whenever I try to call this .Net web service through a simple test:
  http://dif-standardsite.biz.pentia.net/sitecore%20modules/Web/DIF.LoginRelation.WebService/userAdmin.wsdl
  What does this mean I have no idea where to start debugging is it the
  URL. Seems it imported wrong?(the sitecore%2520 thing)
  Submitted at 30. oktober 2006 07:49:39 GMT
  External Service Failure: Response: '400: Bad Request' for url:
  'http://dif-standardsite.biz.pentia.net/sitecore%2520modules/Web/DIF.LoginRelation.WebService/useradmin.asmx'
  Oliver Billing

  bah forget about it... I found the error. BEA url-encodes as well and
  the URL encoding for % is %25 thus making the URL %2520. I made the
  service owner remove the blankspace in the URL
  [email protected] skrev:
  Hello All
  Whenever I try to call this .Net web service through a simple test:
  http://dif-standardsite.biz.pentia.net/sitecore%20modules/Web/DIF.LoginRelation.WebService/userAdmin.wsdl
  What does this mean I have no idea where to start debugging is it the
  URL. Seems it imported wrong?(the sitecore%2520 thing)
  Submitted at 30. oktober 2006 07:49:39 GMT
  External Service Failure: Response: '400: Bad Request' for url:
  'http://dif-standardsite.biz.pentia.net/sitecore%2520modules/Web/DIF.LoginRelation.WebService/useradmin.asmx'
  Oliver Billing

• Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests. The http status code and text is 400, Bad Request.

  Hi All,
  I am seeing the following error for SMS_AWEBSVC_CONTROL_MANAGER component with Message ID: 8100
  Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests.  The http status code and text is 400, Bad Request.
  awebsctl.log file has below errors:
  Call to HttpSendRequestSync failed for port 80 with status code 400, text: Bad Request
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  AWEBSVCs http check returned hr=0, bFailed=1
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  AWEBSVC's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined)
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  Health check request failed, status code is 400, 'Bad Request'.
  SMS_AWEBSVC_CONTROL_MANAGER 12/22/2014 3:37:55 PM
  13920 (0x3660)
  Management point and Application Catalog Website Point are installed on the same Server where I am seeing the error for Application Catalog Web Service Point role. Management Point and Application Catalog Website Point are functioning properly. Application
  Catalog Website is working.
  Thanks & Regards, Kedar

  Hi Jason,
  Application Catalog Web Service Point and Application Catalog Website Point; both are installed as per below configuration on same Server:
  IIS Website: Default Web Site
  Port Number: 80
  with default value for Web Application Name configured.
  For SMS_AWEBSVC_CONTROL_MANAGER component, I am getting below error in Component Status:
  Application Web Service Control Manager detected AWEBSVC is not responding to HTTP requests.  The http status code and text is 400, Bad Request.
  Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which AWEBSVC is configured to communicate. 
  Solution: Verify that the designated Web Site is configured to use the same ports which AWEBSVC is configured to use.
  Possible cause: The designated Web Site is disabled in IIS. 
  Solution: Verify that the designated Web Site is enabled, and functioning properly.
  For more information, refer to Microsoft Knowledge Base.
  And awebsctl.log has the below error lines:
  Call to HttpSendRequestSync failed for port 80 with status code 400, text: Bad Request
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  AWEBSVCs http check returned hr=0, bFailed=1
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  AWEBSVC's previous status was 1 (0 = Online, 1 = Failed, 4 = Undefined)
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  Health check request failed, status code is 400, 'Bad Request'.
  SMS_AWEBSVC_CONTROL_MANAGER
  12/23/2014 11:04:36 AM 16388 (0x4004)
  STATMSG: ID=8100
  What should I check from IIS side?
  Application Catalog Website is functioning properly.
  Thanks & regards,
  Kedar
  Thanks & Regards, Kedar

• Can't install Windows Server 2012 Web Application Proxy

  Hello,
   I'm using a Server 2012 R2 evaluation copy of windows. Windows is fully patched. I'm having trouble installing the Web Application Proxy using the Ms recommended method - when I use:
  https://technet.microsoft.com/en-gb/library/dn383662.aspx#BKMK_PSstep2
  The role service is not listed and if I use PowerShell "Install-WindowsFeature Web-Application-Proxy -IncludeManagementTools" I receive an error regarding an invalid role or feature name.
  My server has a certificate installed in the personal computer store with private key.
  What am I missing?
  Thanks
  IT Support/Everything

  Hi,
  Sorry for the delay reply.
  For Windows Server 2012R2 standard, we could see the web application proxy.
  Please check the image below:
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Apache as reverse proxy - 400 Bad request

  Hi all,
  I'm configured apache as reverse proxy according to this blog:
  The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
  When I try to navigate http://testcomp/irj I get "400 - Bad request"
  See exception;
  <i>Message : User Guest, IP address
  Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  GET /irj HTTP/1.1
  Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
       at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Severity : Error
  Category :
  Location : com.sap.engine.services.httpserver
  Application :
  Thread : SAPEngine_Application_Thread[impl:3]_32
  Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
  Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
  Source Name : com.sap.engine.services.httpserver
  Argument Objs :
  Arguments :
  Dsr Component :
  Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
  Dsr User :
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives :
  Resource Bundlename :
  Session : 2
  Source : com.sap.engine.services.httpserver
  ThreadObject : SAPEngine_Application_Thread[impl:3]_32
  Transaction :
  User : Guest</i>
  The lines I added to http.conf
  <i>#Enable reverse-proxying
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://testcomp/logon</i>
  I tried with apache version 2.2.3 & 2.0.59 with no success.
  My J2EE/Portal version is 6.17.
  Since this is a testing environment the two computers are under the same workgroup (no domain).
  If I naviagte directly to the portal (without the reverse proxy) everything is working.
  How can I solve it?
  Regards,
  Omri

  Hi Jakub,
  Thanks for the answer.
  It's not working for me...
  I'm attaching my httpd.conf file.
  Also, what apache version do you use?
  Can you send me your post your httpd.conf file?
  Thanks,
  Omri
  httpd.conf
  This is the main Apache HTTP server configuration file.  It contains the
  configuration directives that give the server its instructions.
  See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
  In particular, see
  <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  for a discussion of each configuration directive.
  Do NOT simply read the instructions in here without understanding
  what they do.  They're here only as hints or reminders.  If you are unsure
  consult the online docs. You have been warned. 
  Configuration and logfile names: If the filenames you specify for many
  of the server's control files begin with "/" (or "drive:/" for Win32), the
  server will use that explicit path.  If the filenames do not begin
  with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
  with ServerRoot set to "c:/apache" will be interpreted by the
  server as "c:/apache/logs/foo.log".
  NOTE: Where filenames are specified, you must use forward slashes
  instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
  If a drive letter is omitted, the drive on which Apache.exe is located
  will be used by default.  It is recommended that you always supply
  an explicit drive letter in absolute paths, however, to avoid
  confusion.
  ThreadsPerChild: constant number of worker threads in the server process
  MaxRequestsPerChild: maximum  number of requests a server process serves
  ThreadsPerChild 250
  MaxRequestsPerChild  0
  ServerRoot: The top of the directory tree under which the server's
  configuration, error, and log files are kept.
  Do not add a slash at the end of the directory path.  If you point
  ServerRoot at a non-local disk, be sure to point the LockFile directive
  at a local disk.  If you wish to share the same ServerRoot for multiple
  httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "c:/apache"
  Listen: Allows you to bind Apache to specific IP addresses and/or
  ports, instead of the default. See also the <VirtualHost>
  directive.
  Change this to Listen on specific IP addresses as shown below to
  prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
  #Listen 12.34.56.78:80
  Listen 80
  Dynamic Shared Object (DSO) Support
  To be able to use the functionality of a module which was built as a DSO you
  have to place corresponding `LoadModule' lines at this location so the
  directives contained in it are actually available before they are used.
  Statically compiled modules (those listed by `httpd -l') do not need
  to be loaded here.
  Example:
  LoadModule foo_module modules/mod_foo.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule cgi_module modules/mod_cgi.so
  #LoadModule dav_module modules/mod_dav.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule deflate_module modules/mod_deflate.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule env_module modules/mod_env.so
  #LoadModule expires_module modules/mod_expires.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule headers_module modules/mod_headers.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule include_module modules/mod_include.so
  #LoadModule info_module modules/mod_info.so
  LoadModule isapi_module modules/mod_isapi.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule mime_module modules/mod_mime.so
  #LoadModule mime_magic_module modules/mod_mime_magic.so
  <b>LoadModule proxy_module modules/mod_proxy.so</b>
  #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  #LoadModule proxy_connect_module modules/mod_proxy_connect.so
  <b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
  #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule negotiation_module modules/mod_negotiation.so
  #LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule setenvif_module modules/mod_setenvif.so
  #LoadModule speling_module modules/mod_speling.so
  #LoadModule status_module modules/mod_status.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule userdir_module modules/mod_userdir.so
  #LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule vhost_alias_module modules/mod_vhost_alias.so
  #LoadModule ssl_module modules/mod_ssl.so
  'Main' server configuration
  The directives in this section set up the values used by the 'main'
  server, which responds to any requests that aren't handled by a
  <VirtualHost> definition.  These values also provide defaults for
  any <VirtualHost> containers you may define later in the file.
  All of these directives may appear inside <VirtualHost> containers,
  in which case these default settings will be overridden for the
  virtual host being defined.
  ServerAdmin: Your address, where problems with the server should be
  e-mailed.  This address appears on some server-generated pages, such
  as error documents.  e.g. [email protected]
  ServerAdmin @@ServerAdmin@@
  ServerName gives the name and port that the server uses to identify itself.
  This can often be determined automatically, but we recommend you specify
  it explicitly to prevent problems during startup.
  If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName localhost:80
  DocumentRoot: The directory out of which you will serve your
  documents. By default, all requests are taken from this directory, but
  symbolic links and aliases may be used to point to other locations.
  DocumentRoot "c:/apache/htdocs"
  Each directory to which Apache has access can be configured with respect
  to which services and features are allowed and/or disabled in that
  directory (and its subdirectories).
  First, we configure the "default" to be a very restrictive set of
  features. 
  <Directory />
      Options FollowSymLinks
      AllowOverride None
      Order deny,allow
      Deny from all
      Satisfy all
  </Directory>
  Note that from this point forward you must specifically allow
  particular features to be enabled - so if something's not working as
  you might expect, make sure that you have specifically enabled it
  below.
  This should be changed to whatever you set DocumentRoot to.
  <Directory "c:/apache/htdocs">
  Possible values for the Options directive are "None", "All",
  or any combination of:
    Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  Note that "MultiViews" must be named explicitly --- "Options All"
  doesn't give it to you.
  The Options directive is both complicated and important.  Please see
  http://httpd.apache.org/docs/2.2/mod/core.html#options
  for more information.
      Options Indexes FollowSymLinks
  AllowOverride controls what directives may be placed in .htaccess files.
  It can be "All", "None", or any combination of the keywords:
    Options FileInfo AuthConfig Limit
      AllowOverride None
  Controls who can get stuff from this server.
      Order allow,deny
      Allow from all
  </Directory>
  DirectoryIndex: sets the file that Apache will serve if a directory
  is requested.
  <IfModule dir_module>
      DirectoryIndex index.html
  </IfModule>
  The following lines prevent .htaccess and .htpasswd files from being
  viewed by Web clients.
  <FilesMatch "^\.ht">
      Order allow,deny
      Deny from all
  </FilesMatch>
  ErrorLog: The location of the error log file.
  If you do not specify an ErrorLog directive within a <VirtualHost>
  container, error messages relating to that virtual host will be
  logged here.  If you do define an error logfile for a <VirtualHost>
  container, that host's errors will be logged there and not here.
  ErrorLog logs/error.log
  LogLevel: Control the number of messages logged to the error_log.
  Possible values include: debug, info, notice, warn, error, crit,
  alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  The following directives define some format nicknames for use with
  a CustomLog directive (see below).
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %b" common
      <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
      </IfModule>
  The location and format of the access logfile (Common Logfile Format).
  If you do not define any access logfiles within a <VirtualHost>
  container, they will be logged here.  Contrariwise, if you do
  define per-<VirtualHost> access logfiles, transactions will be
  logged therein and not in this file.
      CustomLog logs/access.log common
  If you prefer a logfile with access, agent, and referer information
  (Combined Logfile Format) you can use the following directive.
      #CustomLog logs/access.log combined
  </IfModule>
  <IfModule alias_module>
  Redirect: Allows you to tell clients about documents that used to
  exist in your server's namespace, but do not anymore. The client
  will make a new request for the document at its new location.
  Example:
  Redirect permanent /foo http://www.example.com/bar
  Alias: Maps web paths into filesystem paths and is used to
  access content that does not live under the DocumentRoot.
  Example:
  Alias /webpath /full/filesystem/path
  If you include a trailing / on /webpath then the server will
  require it to be present in the URL.  You will also likely
  need to provide a <Directory> section to allow access to
  the filesystem path.
  ScriptAlias: This controls which directories contain server scripts.
  ScriptAliases are essentially the same as Aliases, except that
  documents in the target directory are treated as applications and
  run by the server when requested rather than as documents sent to the
  client.  The same rules about trailing "/" apply to ScriptAlias
  directives as to Alias.
      ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
  </IfModule>
  "c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
  CGI directory exists, if you have that configured.
  <Directory "c:/apache/cgi-bin">
      AllowOverride None
      Options None
      Order allow,deny
      Allow from all
  </Directory>
  Apache parses all CGI scripts for the shebang line by default.
  This comment line, the first line of the script, consists of the symbols
  pound (#) and exclamation followed by the path of the program that
  can execute this specific script.  For a perl script, with perl.exe in
  the C:\Program Files\Perl directory, the shebang line should be:
     #!c:/program files/perl/perl
  Note you mustnot_ indent the actual shebang line, and it must be the
  first line of the file.  Of course, CGI processing must be enabled by
  the appropriate ScriptAlias or Options ExecCGI directives for the files
  or directory in question.
  However, Apache on Windows allows either the Unix behavior above, or can
  use the Registry to match files by extention.  The command to execute
  a file of this type is retrieved from the registry by the same method as
  the Windows Explorer would use to handle double-clicking on a file.
  These script actions can be configured from the Windows Explorer View menu,
  'Folder Options', and reviewing the 'File Types' tab.  Clicking the Edit
  button allows you to modify the Actions, of which Apache 1.3 attempts to
  perform the 'Open' Action, and failing that it will try the shebang line.
  This behavior is subject to change in Apache release 2.0.
  Each mechanism has it's own specific security weaknesses, from the means
  to run a program you didn't intend the website owner to invoke, and the
  best method is a matter of great debate.
  To enable the this Windows specific behavior (and therefore -disable- the
  equivilant Unix behavior), uncomment the following directive:
  #ScriptInterpreterSource registry
  The directive above can be placed in individual <Directory> blocks or the
  .htaccess file, with either the 'registry' (Windows behavior) or 'script'
  (Unix behavior) option, and will override this server default option.
  DefaultType: the default MIME type the server will use for a document
  if it cannot otherwise determine one, such as from filename extensions.
  If your server contains mostly text or HTML documents, "text/plain" is
  a good value.  If most of your content is binary, such as applications
  or images, you may want to use "application/octet-stream" instead to
  keep browsers from trying to display binary files as though they are
  text.
  DefaultType text/plain
  <IfModule mime_module>
  TypesConfig points to the file containing the list of mappings from
  filename extension to MIME-type.
      TypesConfig conf/mime.types
  AddType allows you to add to or override the MIME configuration
  file specified in TypesConfig for specific file types.
      #AddType application/x-gzip .tgz
  AddEncoding allows you to have certain browsers uncompress
  information on the fly. Note: Not all browsers support this.
      #AddEncoding x-compress .Z
      #AddEncoding x-gzip .gz .tgz
  If the AddEncoding directives above are commented-out, then you
  probably should define those extensions to indicate media types:
      AddType application/x-compress .Z
      AddType application/x-gzip .gz .tgz
  AddHandler allows you to map certain file extensions to "handlers":
  actions unrelated to filetype. These can be either built into the server
  or added with the Action directive (see below)
  To use CGI scripts outside of ScriptAliased directories:
  (You will also need to add "ExecCGI" to the "Options" directive.)
      #AddHandler cgi-script .cgi
  For type maps (negotiated resources):
      #AddHandler type-map var
  Filters allow you to process content before it is sent to the client.
  To parse .shtml files for server-side includes (SSI):
  (You will also need to add "Includes" to the "Options" directive.)
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
  </IfModule>
  The mod_mime_magic module allows the server to use various hints from the
  contents of the file itself to determine its type.  The MIMEMagicFile
  directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  Customizable error responses come in three flavors:
  1) plain text 2) local redirects 3) external redirects
  Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  EnableMMAP and EnableSendfile: On systems that support it,
  memory-mapping or the sendfile syscall is used to deliver
  files.  This usually improves server performance, but must
  be turned off when serving from networked-mounted
  filesystems or if support for these functions is otherwise
  broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  Supplemental configuration
  The configuration files in the conf/extra/ directory can be
  included to add extra features or to modify the default configuration of
  the server, or you may simply copy their contents here and change as
  necessary.
  Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  Multi-language error messages
  #Include conf/extra/httpd-multilang-errordoc.conf
  Fancy directory listings
  #Include conf/extra/httpd-autoindex.conf
  Language settings
  #Include conf/extra/httpd-languages.conf
  User home directories
  #Include conf/extra/httpd-userdir.conf
  Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  Various default settings
  #Include conf/extra/httpd-default.conf
  Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  Note: The following must must be present to support
        starting without SSL on platforms with no /dev/random equivalent
        but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  <b>ProxyPreserveHost On
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://sapportal:50000/irj
  #ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://sapportal:50000/logon
  #ProxyPassReverse /logon http://testcomp/logon</b>

• Web Application Proxy and IIS

  I setup the Web Application Proxy role on Server 2012 R2 a while back and published a few applications. Everything worked great. A few months later I deployed DirectAccess on the same server. Once again, everything worked great.
  All of a sudden users started stating that they were receiving an "Internet Information Services" page while they were clicking links on the intranet. Clicking the refresh button in their browser would resolve the problem. It was puzzling. Eventually
  I figured it out. It was only mobile users having the issue. They were taking their laptops home, clicking HTTP links on our SharePoint site (which were not deployed via Web Application Proxy), which was then hitting the Web Application Proxy server's
  port 80 over HTTP (not HTTPS). Then the page was being cached by IE on their laptop/tablet. When they returned to the office the cached page was opening which is why hitting refresh resolved the issue.
  I understand that one of the issues is the wrong link on the intranet (HTTP vs HTTPS). We'll have these corrected. But the real problem is that they were hitting IIS on our Web Application Proxy server. Why is IIS installed? It's not required by WAP
  and I never installed it... Was it installed as part of DirectAccess? And most importantly, will I break anything by forwarding HTTP to HTTPS within IIS using URL rewrite? Will it affect DirectAccess? Our NLS is not on the DA server.
  Once again, this server is only used for WAP and DA. Nothing else. Any input is greatly appreciated. Thanks!

  Hi Cormang,
  Yes, IIS is a part of DirectAccess.
  Windows Server 2012 combines the DirectAccess feature and the RRAS role service into a new unified server role. This new Remote Access server role allows for centralized administration, configuration, and monitoring of both DirectAccess and VPN-based remote
  access services.
  When we try to remove the IIS, we will get the message below,
  I have tried to disable the IIS server on my DirectAccess server. DirectAccess client still works properly. Therefore, it seems that the IIS is not necessary to DirectAccess.
  Best Regards.
  Steven Lee
  TechNet Community Support

• Test-ActiveSyncConnectivity fails with The remote server returned an error: (400) Bad Request.

  Hi all,
  I'm on the process of transition from Exchange 2003 to 2010, everything is going perfectly alright however ActiveSync is bugging me!
  when I try to test activesync I get the following error:
  [PS] C:\>Test-ActiveSyncConnectivity -MailboxCredential $user -TrustAnySSLCertificate |FL
  RunspaceId                  : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
  LocalSite                   : SITE
  SecureAccess                : True
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : cas01
  LocalSiteShortName          : SITE
  ClientAccessServer          : CASSERVERNAME
  Scenario                    : Options
  ScenarioDescription         : Issue an HTTP OPTIONS command to retrieve the Exchange ActiveSync protocol version.
  PerformanceCounterName      :
  Result                      : Success
  Error                       :
  UserName                    : user1
  StartTime                   : 12/12/2012 1:02:23 PM
  Latency                     : 00:00:00.0312496
  EventType                   : Success
  LatencyInMillisecondsString : 31.25
  Identity                    :
  IsValid                     : True
  RunspaceId                  : 136b8f68-26ec-4e29-a5bb-cf5ee816e04b
  LocalSite                   : Reckon_NS
  SecureAccess                : True
  VirtualDirectoryName        :
  Url                         :
  UrlType                     : Unknown
  Port                        : 0
  ConnectionType              : Plaintext
  ClientAccessServerShortName : CASSERVERNAME
  LocalSiteShortName          : SITE
  ClientAccessServer          : CASSERVERNAME
  Scenario                    : FolderSync
  ScenarioDescription         : Issue a FolderSync command to retrieve the folder hierarchy.
  PerformanceCounterName      : DirectPush Latency
  Result                      : Failure
  Error                       : [System.Net.WebException]: The remote server returned an error: (400) Bad Request.
                                HTTP response headers:
                                MS-Server-ActiveSync: 6.5.7638.1
                                Content-Length: 46
                                Cache-Control: private
                                Content-Type: text/html
                                Date: Wed, 12 Dec 2012 02:02:23 GMT
                                Server: Microsoft-IIS/7.5
                                X-AspNet-Version: 2.0.50727
                                X-Powered-By: ASP.NET
  UserName                    : user1
  StartTime                   : 12/12/2012 1:02:23 PM
  Latency                     : -00:00:01
  EventType                   : Error
  LatencyInMillisecondsString :
  Identity                    :
  IsValid                     : True
  environment: 
  Ex 2003 'Exchange' virtual directory permission: Integrated Windows Authentication, Basic 
  Ex 2003 'OMA' permission: Basic Authentication
  Ex 2003 'ActiveSync' permission: Integrated, Basic
  Ex 2010 successfully redirects users from 2010 to 2003 webmail if you login to OWA with a mailbox on 2003

  Yes Martina,
  It has been done through ESM 
  I cannot test using testexchangeconnectivity.com since I cannot put the 2010 one into production, I will get into trouble if I change the DNS record to the new mail server!
  Yes, EAS works perfectly fine with 2010 mailboxes.
  OK.
  It might be that it's not possible to run Test-ActiveSyncConnectivity against a mailbox stored in Exchange 2003.
  Installing KB937031 and enabling Windows Authentication is really all that needs to be done in EX03, in order for Exchange 2010 to proxy the EAS requests.
  Martina Miskovic

• ESB Portal : The remote server returned an error: (400) Bad Request

  Hi,
  I am getting the below error message while trying to access ESB Portal:
  ========================
  Event code: 3005 
  Event message: An unhandled exception has occurred. 
  Event time: 12/18/2013 12:07:10 PM 
  Event time (UTC): 12/18/2013 12:07:10 PM 
  Event ID: 2a429911fb69455ab3b77348c8b259ce 
  Event sequence: 10 
  Event occurrence: 2 
  Event detail code: 0 
  Application information: 
      Application domain: /LM/W3SVC/1/ROOT/ESB.Portal-1-130318418493427545 
      Trust level: Full 
      Application Virtual Path: /ESB.Portal 
      Application Path: C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\ESB.Portal\ 
      Machine name: WIN-HG1MJEC7KJS 
  Process information: 
      Process ID: 3220 
      Process name: w3wp.exe 
      Account name: NT AUTHORITY\SYSTEM 
  Exception information: 
      Exception type: WebException 
      Exception message: The remote server returned an error: (400) Bad Request. 
  Request information: 
      Request URL: http://localhost/esb.portal/default.aspx 
      Request path: /esb.portal/default.aspx 
      User host address: ::1 
      User: WIN-HG1MJEC7KJS\ESBUser 
      Is authenticated: True 
      Authentication Type: Negotiate 
      Thread account name: NT AUTHORITY\SYSTEM 
  Thread information: 
      Thread ID: 4 
      Thread account name: NT AUTHORITY\SYSTEM 
      Is impersonating: False 
      Stack trace:    at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
  Custom event details: 
  ====================
  I also looked at thread : http://social.msdn.microsoft.com/Forums/en-US/1fb510a8-9f4b-4e1e-9261-3273b037786c/esbportal-bad-request-400?forum=biztalkesb
  However didn't able to find the workaround for the same.
  Best Regards,
  Harkirat

  Hi,
  On a local server you don't have to change the web.config if you use local Windows Groups. Check if the User is added to the "BizTalk Server Administrators" Group. Also check if the Group or the User has rights to access EsbExceptionDb & ESBAdmin
  database. You also have to enable "Windows Authentication" in IIS for the ESB.Portal.
  Local Machine settings:
  ESB.Exceptions.Service\Web.config
  <connectionStrings><add providerName="System.Data.SqlClient" connectionString="Integrated Security=SSPI;Data Source=.;Initial Catalog=EsbExceptionDb" name="EsbExceptionDbConnectionString"/></connectionStrings>
  C:\Projects\Microsoft.Practices.ESB\Source\Samples\Management Portal\ESB.Portal\Web.config
  <connectionStrings>
  <add name="AdminDatabaseServer" providerName="System.Data.SqlClient" connectionString="Network Library=dbmssocn;Data Source=(local);Integrated Security=True;Initial Catalog=ESBAdmin;"/>
  </connectionStrings>
  <authentication mode="Windows"/>
  <authorization><allow roles="BizTalk Application Users"/>
  <allow roles="BizTalk Server Administrators"/>
  <allow roles="Administrators"/>
  <deny users="*"/>
  </authorization>
  Kind regards,
  Tomasso Groenendijk
  Blog 
  |  Twitter
  MCTS BizTalk Server 2006, 2010
  If this answers your question please mark it accordingly

• ADFS 3.0 - Web Application Proxy configuration Issue

  Hi All,
  We are in the process of implementing ADFS 3.0 published to the internet for o365 Federation purposes.
  The setup consists of the following
  - 2 x windows 2012 R2 running ADFS 3.0 ( only one server presently installed and configured though)
  - 2 x Windows 2012 R2 Running Web Application Proxy (  only one server presently installed and configured though ).
  There is an F5 Big-IP load-balancer for both internal and external interfaces and it has been configured after a lot of issues with the SNI part on the F5.
  So, in short the setup is now a single server hosting ADFS 3.0 using SQL and a single WAP server, however the traffic to these servers are still going through the LB.
  Now the issue is that i cannot complete the installation/configuration of the Web Application Proxy server. There is  a firewall in between our DMZ and the internal network. I can reach the internal services via the following url and telnet on port 443
  to the federation service as well. (ports for 443 and 80) are opened to internal network on the load balancer ip . I can reach https://fs.domain.com/adfs/ls/idpinitiatedsignon.aspx and federationmetadata/2007-06/federationmetadata.xml location as well
  from the Web APplication proxy server without any issues or certificate prompts at all.
  When i do the configuration for WAP, i use the same account which was used as a service account for the ADFS service internally. If i use a local admin account, it errors out with another message stating the connection was closed.
  The certificate on the internal server along with its private key was exported and has been imported on the WAP server . This is not internal CA, instead we are using DIGICERT SSL with SAN Names for enterprise registration and work folders. Hence the CA Chain
  issue is ruled out and also this is not a wild card certificate.
  When the wizard starts configuring, it does establish the trust with the federation service which is shown up in the event viewer with  EventID 391 within 15 seconds i get another event id 422 which states that it cannot retrieve the proxy configuration
  and eventid 276 on the Federation server which states the authentication failure. this continues until the servers stops to try configuring the wizard. 
  I have read all the available threads on the 3.0 WAP installation /configuraiton problem and tried all the steps possible but i am still stuck with this issue.
  There is one more part that i noticed on the ADFS server, that the self signed services for the token-encrypting and token decrypting are self-signed certificates. Also, in the certificates it was showing up as not trusted. and i installed them to the TRUSTED
  ROOT CERTIFICATION STORE after wich i cannot see any private key showing up when viewing the certificate which means i cannot get the MANAGE PRIVATE keys option when right clicking on the cert to assign read permissions for the ADFS service account.
  Should i assign the same SSL sertificate (SAN based for enterpriseregistration & Workfolders) to the token-encrypting and token-decrypting services in ADFS console or should i leave them as self signed ? I did read that self-signed is not recommended for
  production environment ? If not the same certificate what are the requirements for the certificate ?
  I am not sure what I am missing in the configuration that is causing this issue. The WAP servers are not part of the domain and have also ensured the time synchronization between the domain machine as well.
  The service name is fs.domain.com on both the internal and external DNS ( we have domain.com as a zone in DNS internally as well ). I am able to Authenticate inside and from the WAP server when accessing the link.
  Could it be a Load Balancer Configuration ? [i will try eliminating this from the configuration]
  Let me know if there are any options that i can try to resolve this and get the configuration working.
  Cheers,

  Does the load balancer pass the certificate session through to the ADFS server or are you offloading SSL. SSL offload does not work with WAP/ADFS integration (at least at the time of writing it does not).
  Can you try through the load balancer with SSL pass through turned off please.
  Also as ADFS 3.0 (Server 2012 R2) uses Server Name Indication (SNI) then any health checks that run on the load balancer must support this, so if they do not then you need to use TCP 443 checks for a listening port, as doing a standard HTTPS check will fail,
  and if the load balancer fails its checks whilst you are configuring ADFS that might be a reason why it has gone offline for you (error 442 is to do with failure to swap client certificates between WAP and ADFS).
  Finally, check the June update to Server 2012 R2 (http://support.microsoft.com/kb/2964735) as that has fixed some certificate issues with multiple servers for WAP and ADFS when you don't have the
  2012 R2 AD schema in place.
  Brian Reid
  Exchange MVP and Exchange and  Office 365 Certified Master
  www.c7solutions.com
  Brian Reid C7 Solutions Ltd (www.c7solutions.com)

• Web Application Proxy and Safari

  Morning, all.
  I've installed and configured the new Windows Server 2012 R2 AD FS and Web Application Proxy, and I've run into some strange problems. I had some initial problems getting it to work, the documentation is a bit thin, but I now have Sharepoint and Webmail
  published to the Internet.
  I'm using x.509 Certificate Authentication for Extranet.
  In IE on a Windows 8.1 Surface Pro everything works. I can log in using ether a softcert or a SmartCard.
  On my OS X Mac I can log in using Chrome, but Safari won't work.
  Same thing on my iPad running iOS 7.0.4, Safari won't work. Interestingly enough, on my 7.0.4 iPhone it DOES work. Even more interestingly, I CAN Workplace Join the iPad using the URL https://<adfs fqdn>/enrollmentserver/otaprofile but
  I can't authenticate using the URL https://<adfs fqdn>/adfs/ls/IdpInitiatedSignon.aspx.
  I get to select my certificate, but after that I'm getting this error message: "Safari cannot open the page because too many redirects occurred." In the Event log on the AD FS server I'm getting this:
  Encountered error during federation passive request. 
  Additional Data 
  Protocol Name: 
  Saml 
  Relying Party: 
  http://<adfs fqdn>/adfs/services/trust 
  Exception details: 
  Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '0' seconds. Contact your administrator for details.
     at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.UpdateLoopDetectionCookie(WrappedHttpListenerContext context)
     at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.SendSignInResponse(SamlContext context, MSISSignInResponse response)
     at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
     at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
  Since it does work on an iPhone running the same browser, and Workplace Join does work on the iPad even if nothing else does I'm thinking there's some UserAgent voodoo going on in parts of the Web Application Proxy. It's no big deal that Safari in OS X doesn't
  work, we can always run Chrome, but the iPad is a major problem and a total deal breaker if I can't fix it.
  I would appreciate some good advice.

  Hi,
  As both IE and Chrome work, I think it’s more a client side issue.
  Maybe you need to clear you browser cache and cookies.
  This also worth a try:
  http://stackoverflow.com/questions/2640030/adfs-v2-0-error-msis7042-the-same-client-browser-session-has-made-6-request
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Hope this helps.

• "the remote server returned an error (400) bad request." can't able to upload file size 1 MB

  I cant able to upload the file size >1 MB its showing error."the remote server returned an error (400) bad request."
  any one kindly help to fix the issue.

  Hi,
  Are you trying thru OOB or how..
  Please check the "maximum file size for sharepoint".
  refer below links for the same.
  https://angler.wordpress.com/2012/03/21/increase-the-sharepoint-2010-upload-file-size-limit/
  https://msdn.microsoft.com/en-us/library/ff487972.aspx
  Don't forget to mark it as an Answer if it resolves your problem or Vote Me if it useful.
  Mahesh