A 502 proxy error occurs when you try to create an HTTPS connection if a downstream proxy has Forefront TMG 2010 installed

Article translations Article translations
Article ID: 2445662 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You have a downstream proxy that has Microsoft Forefront Threat Management Gateway (TMG) 2010 installed.
  • You configure network traffic interoperability between the downstream proxy and an upstream proxy.
  • A client computer tries to create a Secure Hypertext Transfer Protocol (HTTPS) connection through the downstream and upstream proxies to a web server. 
In this scenario, the HTTPS connection is not created, and then you receive one of the following error messages:
  • HTTP/1.1 502 Proxy Error (Arithmetic result exceeded 32 bits.)
  • HTTP/1.1 502 Proxy Error (-2147471495) ERROR_HTTP_INVALID_HEADER

CAUSE

This issue occurs because Forefront TMG 2010 cannot parse a multi-packet response that is for the HTTPS CONNECT request and that is from the upstream proxy. Therefore, Forefront TMG 2010 does not send the response to the client computer. 

When you try to create a HTTPS connection, the downstream proxy that has Forefront TMG 2010 installed forwards the HTTPS CONNECT request to the upstream proxy. The upstream proxy returns a response packet that has some additional headers. However, Forefront TMG 2010 cannot parse the response if the returned packet is split into multiple packets.

RESOLUTION

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2433623 Software Update 2 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2445662 - Last Review: November 17, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
    • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2445662

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com