Why are some users intermittently seeing a 404 error

Document ID : KB000102168
Last Modified Date : 15/06/2018
Show Technical Document Details
Issue:
Behavior:
When we hit the SP initiated url, we are landing to 404 page of login.fcc.
Everything seems to work fine when we are clicking IDP initiated url's. 
Environment:
SiteMinder Policy Server Version: CA Policy Server R12.52 SP1 CR05 
Policy Server O/S: Win2008 R2 
Web Server: IIS 7.5 Web Server O/S: Win2008 R2 
SiteMinder Web Agent Version: smwa-12.52-sp01-cr08-win32 
Siteminder Option-Pack Version: 12.52.105.2112 
configuration :Partnership SAML2.0 
Resolution:
CA Support Requested Failed Request Trace on IIS

There was No 404 if a shorter URL was submitted: 

The Failed Request Trace showed a 404 httpsubstatus 15 meaning "The Request Filtering module rejected a request with a too long query string" 

https://blogs.iis.net/ma_khan/troubleshooting-iis-6-status-and-substatus-codes 

Looking at: 

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/ 
The limit can be changed with the param maxQueryString, which has a default value of 2048. 

I saved the problematic URL into a text file and then looked at the file size = 2,248 bytes 

To increase maxQueryString: 
<system.webServer> 
<security> 
<requestFiltering> 
<requestLimits maxQueryString="<VALUE>"/> 
</requestFiltering> 
</security> 
</system.webServer>