I have worked with several customers who were experiencing strange behavior when viewing a SharePoint Dashboard containing multiple Excel Services Web Parts.

In one support case, a customer had 16 Excel Web Access Web Parts.  Some users would see all 16 Web Parts and others would only see 15. 

The question was, "Why do some users see all 16 Excel Web Access Web Parts and others see only 15"?

After many days, we were able to determine (via Fiddler) that the HTTP Header, for some users, exceeded the F5 "Maximum Header Size" threshold.  The reason why this happened for some users and not others, is because when you are using Kerberos, the HTTP Header contains; a Kerberos Token (which contains Active Directory information about this user) and the Header also contains Cookies (each Web Part is a Session).  So, some users had big Kerberos Tokens and the Header reach 32k sooner that others, therefore they were not able to see the 16th Excel Web Access Web Part (Session).

To fix this, you need to increase the F5 "Maximum Header Size" (we doubled it):

Here is the F5 article explaning this:

Error Message: HTTP header exceeded maximum allowed size of <value>

http://support.f5.com/kb/en-us/solutions/public/8000/400/sol8482.html

If you want to really investigate the actual token size, you can use this neat tool:

Tool for discovering MaxTokenSize

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=1448

Here is the official closing email.  I am including it because we did need to add/modify registry keys.

Issue:

==========

When viewing a dashboard with 16 “Excel Web Access Web Parts” the following message is thrown by the 16th Web Part:

"An error has occurred trying to perform the requested action. Please try again."

Followed by:

"HTTP 400 - Bad Request"

Cause:

==========

"HTTP 400 - Bad Request" was caused by Token Bloat.

"An error has occurred trying to perform the requested action. Please try again." was caused by the HTTP Headers growing over 32,768 bytes.  This was caused by a combination the Cookie Collection and the Kerberos Ticket.  F5 was stopping all session once the HTTP Header surpassed 32,768 bytes and the above error was thrown.

Resolution:

==========

The "HTTP 400 - Bad Request" was resolved by the following steps:

Add the below
RegKeys to the WFE and Application Servers and Reboot:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLength

Decimal

DWORD: 65534

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytes

Decimal

DWORD: 16777216

IMPORTANT:
Changing these registry keys can be considered extremely dangerous. These keys allow larger HTTP packets to be sent to IIS, which in turn may cause Http.sys to use more memory and may increase  vulnerability to malicious attacks.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize

Decimal

DWORD: 65535

Adding the below
Registry Key to the Client & Server and Reboot:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxPacketSize

Decimal

DWORD: 1

"An error has occurred trying to perform the requested action. Please try again." was resolved by increasing the “Maximum Header Size” from 32,768 bytes to 45,600 bytes in F5 (see F5 article sol8482).

Related Knowledgebase Articles:
===========================
Http.sys registry settings for IIS
http://support.microsoft.com/kb/820129  
 
New resolution for problems with Kerberos authentication when users belong to many groups
http://support.microsoft.com/kb/327825  
 
How to force Kerberos to use TCP instead of UDP in Windows
http://support.microsoft.com/kb/244474  

IIS 6.0 MaxFieldLength parameter not set correctly
http://technet.microsoft.com/en-us/library/aa996475(v=EXCHG.80).aspx

"HTTP 400 - Bad Request (Request Header too long)" error in Internet Information Services (IIS)
http://support.microsoft.com/kb/2020943

Many customers have reported after uploading a workbook to the PowerPivot Gallery, the thumbnails are not rendering:

Snapshots will not work if you have chosen to open the workbooks in the Client application. To remedy this, follow the below instructions:

To set the default open behavior for site collections

1. In the SharePoint site collection, click Site Actions, and then click Site Settings.
2. On the Site Settings page, under Site Collection Administration, click Site Collection Features.
3. On the Features page, for the Open Documents in Client Applications by Default feature, click Activate (OpenInClient Feature is enabled) to open documents in the client application. Click Deactivate (OpenInClient Feature is disabled) to open documents in the browser.

To set the default open behavior for a document library by using the document library settings page

1. On the <document library>: All Documents page, under Library Tools, click Library.
2. In the library toolbar, click Library Settings.
3. On the Document Library Settings page, click Advanced Settings.
4. On the Advanced Settings page, in Opening Document in the Browser, select one of the following options:
   Open in the client application When a user clicks on a document in this library, the document will open in the corresponding client application (if available).
5. Open in the browser When a user clicks on a document in this library, the document will open in the Web browser Web app for that document type. When the document is opened in the Web app, the user can then decide to open the document in the client application
6. Use the server default When a user clicks on a document in this library, the document will open by using the default open behavior specified for the server on which SharePoint 2010 Products is installed.

If the above do not work:

You need to invoke the Getshapshot.exe (which is located here: C:\inetpub\wwwroot\wss\VirtualDirectories\80\bin>GetSnapshot.exe)

        *Note: Browse to C:\inetpub\wwwroot\wss\VirtualDirectories\80\bin>GetSnapshot.exe and make sure it is 50/56kb.  I have seen instances where is is corrupt 0kb and it needs to be replaced.

To invoke the Getsnapshot.exe (re-title a workbook) via:

PowerPivot Gallery > Select a Report > Documents > Edit Properties > Title (give the workbook a title):    

If these steps do not remedy this issue, please move onto my next article:

Invoking and Analyzing the Getsnapshot.exe
http://blogs.technet.com/b/excel_services__powerpivot_for_sharepoint_support_blog/archive/2012/12/06/invoking-and-analyzing-the-getsnapshot-exe.aspx

PowerPivot for SharePoint - Scheduled Refresh to Oracle, IBMDB2, SQL (en-US)

Before you do anything, browse (while logged on the WFE as the account running the Web Application) to C:\Users\<WebAppAccount>\AppData\Local\Temp.  This location MUST exist, I have seen issues where the User Profile for the WebAppAccount does not exist.  This is where the .pngs (thumbanails) are placed prior to being updated in the PowerPivot Gallery.  If they can't be placed here, you can rest assured they will not be updated in the PowerPivot Gallery.

If my blog does not resolve it.  You will need to manually invoke the Getsnapshot.exe, rename the “thumbnails.info” file that is generated on the desktop to “thumbnails.txt” and look at its contents.  To manually invoke the thumbnails, find the account that is running your Web Application.  Log into the WFE as that account:

SharePoint 2010:

Start > Run > CMD > C:\inetpub\wwwroot\wss\VirtualDirectories\80\bin

Pass this parameter: GetSnapshot.exe "http://tschauer2010" "http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx" "C:\Users\tschauer\Desktop" thumbnail
26 300

SharePoint 2013:

Start > Run > CMD > C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\bin

Pass this parameter: GallerySnapshot.exe "http://tschauer2010" "http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx" "C:\Users\tschauer\Desktop" thumbnail
26 300

*To build the above:

1. You need to know the Web App, in this case: http://tschauer2010 (CA > Application Management > Web Applications > Manage Web Applications > URL): http://tschauer2010
2. The path of the workbook, in this case: http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx

Here is an example of what it will look like (SharePoint 2010):

 If this runs, you will see the below icons on the desktop (this takes time):

The “thumbnails.txt” (after you rename and open in notepad) could say many things.  Here are examples and how I fixed them.

1. To fix the below, disableloopbackcheck (see KB 896891):

 <SnapshotCaptureLog serverUrl="http://tschauer2010" workbookUrl="http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx"
fileNameBase="747f6f1d_0307_40f3_84ca_e7b4b3f05373"
snapshotCount="26" timeout="300">
<Error timeout="True">System.TimeoutException: The operation has timed out.</Error>
</SnapshotCaptureLog>

2. To fix the below add the below Service Pack to the PPIV machine:

Microsoft® SQL Server® 2008 R2 Service Pack 1
http://www.microsoft.com/download/en/details.aspx?id=26727

<SnapshotCaptureLog serverUrl="http://tschauer2010” workbookUrl="http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx" fileNameBase="thumbnails"
snapshotCount="26" timeout="300">
<Error>onXLFrameLoad::Error! document.readyState = interactive</Error>
<Error>onXLFrameLoad::Error! document.readyState =
interactive</Error>
</SnapshotCaptureLog>

3. To fix the below, you can do one 1 of 2 things found in this KB:

Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: "Access denied" or "No network provider accepted the given network path"
http://support.microsoft.com/kb/926642

Method 1 (recommended): Create the Local Security Authority host names that can be referenced in an NTLM authentication request

1.   Go to REGEDIT > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Lsa>MSV1_0
2.   Right click MSV1_0 > New > Multi-String Value
3.   Type ‘BackConnectionHostNames’
4.   Right click & select ‘Modify’
5.   Enter the Hostname of the site: WEBSITENAME (and on a new line enter the FQDN, WEBSITENAME.domain.com as well)

tschauer
tschauer.<fqdn>

Method 2: Disable the authentication loopback check (On all WFE's (make sure to reboot)).

Re-enable the behavior that exists in Windows Server 2003 by setting the DisableLoopbackCheck registry entry in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry
subkey to 1. To set the DisableLoopbackCheck registry entry to 1, follow these steps on the client computer:

1.Click Start, click Run, type regedit, and then click OK.
2.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.Right-click Lsa, point to New, and then click DWORD Value.
4.Type DisableLoopbackCheck, and then press ENTER.
5.Right-click DisableLoopbackCheck, and then click Modify.
6.In the Value data box, type 1, and then click OK.
7.Exit Registry Editor.
8.Restart the computer.

<SnapshotCaptureLog serverUrl="http://tschauer" workbookUrl="http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx" fileNameBase="thumbnail" snapshotCount="26" timeout="300">
<Error>Terminatingcapture process: 'Illegal redirection to resources outside of the web application:'res://ieframe.dll/navcancl.htm''</Error>
<Error>Terminating capture process: 'Illegal redirection to resources outside of the web application: 'res://ieframe.dll/navcancl.htm''</Error>
<Error>Terminating capture process: 'Illegal redirection to resources outside of the web application: 'res://ieframe.dll/navcancl.htm''</Error>
<Error>Terminating capture process: 'Illegal redirection to resources outside of the web application: 'res://ieframe.dll/navcancl.htm''</Error>
</SnapshotCaptureLog>

Update:

If you are using SSL you will want to look at you CAPI2 Event logs (Application and Services Logs > Microsoft > Windows > CAPI2) for GallerySnapshot.exe errors.  I have seen where servers are unable to retrieve the SSL cert for a couple of reasons (expiration or firewall/proxy blocking).  A workaround is to log on to the Web Front Servers as the account running the Web Application > Internet Options > Advanced > and uncheck "Check for server certificate revocation".  For security purposes you will want to get the Certificate issue resolved, but this can be a temporary workaround:

4. To fix the below:

Log on to all machines that are Web Front Ends with the account (very important) that is running the Web Application hosting the PowerPivot Gallery.  If this account cannot log on to that server you have a problem.  It needs to have access to that server.  Once logged on, Open Internet Explorer >Internet Options > Security tab > Trusted Sites > Sites > add the URL to the list of Trusted Sites (may need to log on to the WFE(s) as account running SP-80): http://tschauer2010:80

I have also seen that you need to un-tick "Require server verification (http:s) for all sites in this zone." under Internet Explorer >Internet Options > Security tab > Trusted Sites > Sites.

<SnapshotCaptureLog serverUrl="http://tschauer2010" workbookUrl="http://tschauer2010/PowerPivot%20Gallery/PowerPivotWorkbook.xlsx" fileNameBase="thumbnail"
snapshotCount="26" timeout="300">
<Info>'http://tschauer2010:80' was found in a different trust zone (URLZONE_TRUSTED). Attempting to remove from URLZONE_TRUSTED.</Info>
<Info>’http://tschauer2010:80’ was removed from (URLZONE_TRUSTED)</Info>
<Info>’http://tschauer2010:80’ has been added to(URLZONE_INTRANET)</Info>
</SnapshotCaptureLog>

Refreshing PowerPivot Gallery thumbnails
http://blogs.msdn.com/b/mtn/archive/2010/10/15/how-to-manually-refresh-powerpivot-gallery-thumbnails.aspx