Errors "Sign In failed" and "HTTP 400" Using Kerberos Authentication

Published: 19 Nov 2014
Last Modified Date: 26 Aug 2015


When you try to sign in to Tableau Server that is configured for Kerberos authentication, the following error might occur:
Sign in failed

The following error might also occur in a network trace or browser console:
Bad Request (HTTP 400)

Your browser sent a request that this server could not understand.
Size of a request header field exceeds server limit.



  • Tableau Server 8.3.0 and 9.0.0-9.0.1
  • Kerberos authentication


Step 1

For Tableau Server 8.3.0: Upgrade to Tableau Server 8.3.1-8.3.5.

For Tableau Server 9.0.0 or 9.0.1: Use the following workaround to increase the size of the header:
  1. Copy the attached file (server.xml.templ) to the following directory on the computer running Tableau Server. You must overwrite the existing server.xml.templ file:
    • C:\Program Files\Tableau\Tableau Server\<version>\templates\vizportal
  2. On the computer running Tableau Server, open the Command Prompt window as an administrator and navigate to the Tableau Server bin folder, for example:
    • cd "C:\Program Files\Tableau\Tableau Server\<version>\bin"
  3. At the command prompt, run the following commands in order:
    • tabadmin config
    • tabadmin restart

Step 2 (optional)

If the behavior still occurs, perform the following steps on a computer running Tableau Server 8.3.1 or later versions:
  1. Open a command prompt as an administrator and navigate to the Tableau Server bin folder, for example:
    cd c:\Program Files\Tableau\Tableau Server\<version>\bin
  2. ​Run the following commands:
    • tabadmin set gateway.http.request_size_limit 32768
    • tabadmin set tomcat.http.maxrequestsize 32768
  3. ​​Restart Tableau Server for the changes to take effect:
    • tabadmin restart


The Authorization field that contains the Kerberos ticket is making the HTTP header larger than the default maximum size for the Apache gateway and Tomcat application server. This usually occurs when a user belongs to a large number of Active Directory groups.

Did this article resolve the issue?