Shibboleth SP IIS Error 2746

Lukas Hämmerle lukas.haemmerle at
Fri May 8 10:22:12 EDT 2015

Hello all

One of our SP admins is dealing with a hard IIS Shibboleth SP problem
that we also have not yet found a solution for. His setup is a Windows
Server with IIS 7.5 and the SP 2.5.4.

Installation went fine and the SP worked ok for some time. Then,
apparently an external developer installed his web service (and
potentially applied configuration changes to IIS). Now, authentication
fails after a user is sent back to the Service Provider with an "500 -
Internal server error" and the Shibboleth error message:


The system encountered an error at Fri May 08 16:07:19 2015

To report this problem, please contact the site administrator at
helpdesk at

Please include the following message in any email:

xmltooling::IOException at

Error reading request body from browser (2746).

As usual the last line of the error is the most interesting one. Error
2746 led us to believe that there might be an ISAPI extension/filter
installed which interferes with IIS. In the mail archives and with
Google we found that in particular the following two extensions/filter
might cause problems:

* "BlackBaud BBIS", see

* "Telerik", because it contains RadCompression, see

However, we have not found any of those extensions in that particular

We also have tried to:

* Completely remove and reinstall the Shibboleth SP
* Configure the IIS part manually as described on:
* Move the Shib ISAPI filter to the front of the ordered ISAPI filter list
* Move the Shib ISAPI filter to the end of the ordered ISAPI filter list
* Move the Shib ISAPI Handler mapping to the front, then end or before
all the .* mappings.

All to no avail... So, we have pretty much run out of ideas except:
* Reinstalling the whole IIS (apparently quite cumbersome)
* Revert back to a previous backup of the VM (would mean redoing some
* Find a machine that is set up similarly and compare the ISAPI
filters/handlers and their order

However, maybe someone has a better debugging idea or can extend that
list of known ISAPI filters/extensions that conflict with Shib.

Best Regards

Lukas Hämmerle, Central Solutions
GÉANT Project Task Leader "Enabling Users"
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle at,

More information about the users mailing list