Article ID: 2501650 - View products that this article applies to.
Consider the following scenario:
Page Cannot Be Displayed
This issue occurs because the host name uses the IP address of the server instead of the URL for the certificate.
After you install the following update, Forefront TMG 2010 performs a reverse lookup of the host name and checks the server name for exclusion if the host name is an IP address.
Note If reverse lookup fails, this issue still occurs. If reverse lookup fails, resolve the DNS issue, or add an entry to the Windows hosts file that is located on the Forefront TMG server.
To resolve this issue, follow these steps:
In a typical scenario, the subject name and the Subject Alternative Name (SAN) extension of a server certificate are used to check the HTTPS inspection exclusion list. If the SSL handshake fails, these names cannot be retrieved. However, a client certificate might be required by the server. Therefore, we use the host name to check the destination exception list for HTTPS inspection if an SSL handshake fails on a specific error. When the host name uses an IP address, an issue that is resolved by the steps in the "Resolution" section occurs.
Note The reverse lookup result of the host name must be in the destination exception list for HTTPS inspection and must be marked as No validation.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 2501650 - Last Review: February 25, 2011 - Revision: 1.0