Request Too Long Error on Password Reset Webpages
Users may encounter the following error accessing Password Reset pages that use Kerberos integrated authentication (Enrollment, Change Password, Helpdesk, Reporting):
Bad Request – Request Too Long
HTTP Error 400. The size of the request headers is too long.
This error can occur on Kerberos authentication if the end user is in a large number of security groups. To resolve this issue, either reduce the number of groups the user is a member of, or increase the MaxFieldLength and MaxRequestBytes values in the registry on your Password Reset web server.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters]
"MaxFieldLength"=dword:00010000
"MaxFieldLength"=dword:01000000
Reboot the server for this change to take effect.
https://docs.microsoft.com/en-US/troubleshoot/iis/http-bad-request-response-kerberos