TL;DR; Unable to create new workplace accounts in Windows 10. Root cause = ‘400. The size of the request headers is too long’ when sending OAUTH API requests to https://login.microsoftonline.com/common/oauth2/v2.0/authorize. Multiple instances of x-ms-DeviceCredential & x-ms-RefreshTokenCredential in Request Headers. How to fix?

Root Cause: 400. The size of the request headers is too long.

This all began when I started using ‘Work Profiles’ in Microsoft Edge. After adding around 10, I started receiving errors adding more. Following on from this, I was then unable to:

• Add new mailboxes to Outlook Desktop App (existing mailboxes OK)
• Add new OneDrive for Business connections (existing connections OK)
• Add new connections via ‘Access work or school’ in Windows Settings (existing connections OK)

I would receive spurious errors like Unable to access the Internet, No Network Connection, HTTP400 error connecting to login.microsoftonline.com, and Check your internet connection, and then try again (Error Code: 0x80004e4c3.

Everything via a web browser works fine, I can sign-in to Microsoft 365 web services (Outlook, OneDrive, Word, Excel etc) no problem at all – this only happens using local Windows apps and services.

Using Fiddler I failed miserably to capture any errors using the System Proxy feature, OneDrive, Outlook, Windows Settings would just report ‘no internet’ and Fiddler would log nothing, until I used the Microsoft SaRa tool – it did capture what I believe to be the root cause:

HTTP Error 400. The size of the request headers is too long.

… in the Response Body to a GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize OAUTH API call. Furthermore I noted some 12 instances of x-ms-DeviceCredential each with a 2,497 character token and 11 instances of x-ms-RefreshTokenCredential each with a 2,187 character token in the Request Headers, so in total, a 56,318 character Request Header, including the usual Method, URL, Accept Headers etc. I assume this is some sort of SSO feature.

I’m guessing that the https://login.microsoftonline.com/common/oauth2/v2.0/authorize API end-point does not accept such large Request Headers, and so reports the HTTP400 error above.

TROUBLESHOOTING

1. Proven everything works fine in a new Windows profile.
2. Proven everything works fine in a separate virtual machine.
3. Cleared all browser cached files, cookies, everything.
4. Signed-out of all Microsoft Edge work profiles.
5. Reset all work profiles.
6. Followed an online guide to completely uninstall/reinstall Microsoft Edge, deleted all files, profiles, registry entries (and, yes, this did cause problems).
7. Followed some online guides about enabling older TLS versions, resetting network settings, resetting IE settings, resetting OneDrive.
8. Deleted two ‘Work school accounts’ in Windows Settings.
   *Note: this then prevented access via Outlook, but I am now unable to add them back – error above 🙁

CONCLUSION

I believe I have found the root cause but how do I fix this?

The more work accounts I delete, the more existing access I lose and I fear that if I delete them all, I’ll just lose access to everything with no way of setting them back up.