Problem

Your PortalGuard website returns a '404 - Page Not Found' Error in the middle of a specific SSO Request. 

Solution

Increase the upper limits for the URL and Query String Lengths accepted by the IIS Website. 

Caveat:

This solution will only work for 404.15 errors.  You can confirm the sub-code of the 404 error by viewing the IIS Logs.

Verifying 404.15 Errors via IIS Logs:

1. Navigate to the PortalGuard server and determine which IIS Log relates to your PortalGuard Website.

   • On the PortalGuard Server, Open the 'Internet Information Services (IIS) Manager' and expand the 'Sites' folder to reveal 'PortalGuard'.

   • Right-click the 'PortalGuard' site and choose 'Manage Website' -> 'Advanced Settings'

   • In the pop-up window, note the 'ID' value:

     • Open

       

2. Navigate to the 'C:\inetpub\logs\LogFiles' folder.

   • If you have multiple PG Websites, or multiple websites in IIS in general, there will likely be multiple folders here.  Use the 'ID' value found in the previous step to isolate which log file applies.

   • The folder name will use the following format: WS3SVC{NUM} where {NUM} is the value found in step#1 above.

3. Open the appropriate folder and then open the most recent log file.

4. IIS Logs are oriented by columns, and the order is denoted on the 4th line of the file.  To confirm the error, start by searching (you can use CTRL+F) for the URL that is presenting the 404 error in your browser.

5. Once you locate the correct line, check the last four columns/data points. You should see something that resembles the following:

   1. Open

      

6. If the last four columns report a 404 error code with the 15 sub-code - proceed with the resolution steps outlined below.

   • If you see similar behavior, but are unable to verify a 404.15 error code, please reach out to techsupport@portalguard.com or submit a ticket and we will be happy to help!

Resolving 404.15 Errors

1. Navigate to the PortalGuard server and backup the following file:

   • c:\inetpub\PortalGuard\web.config

2. Edit the 'web.config' file  in an administrative text editor.

3. Search for '<http Runtime' to locate the correct section of the log.  

4. Add the following attributes to the '<httpRuntime' node:

   • maxUrlLength="4096" maxQueryStringLength="4096"

   • Important Note: These attributes are case-sensitive.  If there is a typo, your PortalGuard website will not start, and will return a 500 error. 

5. Locate the '<system.webserver>' node approximately 20 lines below.

6. After the commented out lines, add new nodes to match the screenshow:

   • Important Note: the "4096" value is only an example.  This may not be enough to allow the request through.  If that is the case, feel free to increase the value as needed. 

7. Save any Changes. 

8. Verify that the PortalGuard website is still running without issue. 

9. Test the SSO again.

Troubleshooting - Server Errors when Accessing PortalGuard After the Above Resolution

You should ALWAYS verify the PortalGuard website is running without issue before validating SSO to determine if any errors occur.  The most common error in this case would resemble the following:

In the event of a server error, revert to the backup of the web.config file taken during step #1 of the above resolution.  Test accessing the website again to validate functionality. 

Once functionality has been restored, verify the following:

• Your 'broken' web.config has the correct spelling and case. 

• Your IIS instance is up to date, and you are using a supported version of Microsoft Server OS.

If both of the above items check out, please contact techsupport@portalguard.com or submit a Support Ticket for additional troubleshooting!