"502 Proxy Error" error code when you try to access a website from a computer that has Forefront TMG 2010 SP1 installed

Article translations Article translations
Article ID: 2423401 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You click to select Enable HTTPS inspection check box on the General tab of the HTTPS Outbound Inspection dialog box on a computer that has Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1) installed.
  • You add a domain name set, and then you add a Fully Qualified Domain Name (FQDN) of a website to the set. You set the Certificates field to No Validation in the Destination Exceptions tab.

    Note When the No Validation option is set, Forefront TMG 2010 SP1 cannot retrieve and validate the server certificate of Forefront TMG 2010 SP1.
In this scenario, you receive an error message that resembles the following when you try to access the website from the computer:
Error Code: 502 Proxy Error. The network logon failed. (1790)

CAUSE

This issue occurs because Forefront TMG 2010 SP1 sends an empty client certificate to the web server during the initial Secure Sockets Layer (SSL) handshake.

When certain web servers receive an empty client certificate, these servers accept and renegotiate the client certificate. For example, IIS web servers accept and renegotiate the client certificate. However, other web servers may return an SSL error when these web servers receive an empty client certificate. Therefore, Forefront TMG displays the error message.

RESOLUTION

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2288910 Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2423401 - Last Review: October 1, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2423401

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com