XML Service Chokes on Request Larger Than 4KB

I have recently worked on an implementation for a customer and was concerned with a large number of group memberships. Although the solution for authenticating against the operating system are well documented by Microsoft (here, here and here), the XML service does not allow requests larger than 4KB. So if users have a large number of group memberships, authentication via the XML service can fail due to this limitation. But here’s the solution.

In CTX943036, Citrix documents this problem and the solution. As the issue is known since 2002, there is a resolution available since MetaFrame XP FR2 with hotfix 027 (XP102W027).

Since then all versions of XenApp honour a registry DWORD value named MaxRequestSize located under HKLM\SOFTWARE\Citrix\XML Service. Weird enough, this is not the same location as for suppressing access lists to be exposed in requests.

Interesting Meta Information

Setting MaxRequestSize to a large value by default on all server creates a performance impact. For every request issued, the XML service allocates the specified amount of memory which may well result in degraded performance for an XML broker processing many requests per time. I recommend slowly increasing the value until the error disappears.

When using IIS Port Sharing, the registry key mentioned above does not apply, because WPnBr.dll handles the requests inside of IIS. Instead a maximum request size of 500KB applies.

Feedback is always welcome! If you'd like to get in touch with me concerning the contents of this article, please use Twitter.