FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled

Article translations Article translations
Article ID: 2501776 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
  • You try to use an HTTPS URL to access a website through Forefront TMG 2010.
In this scenario, you receive the following error message:
502 Proxy Error. An attempt was made to load a program with an incorrect format. (11).

CAUSE

This issue occurs because the server certificate of the website contains an RFC822 name in the Subject Alternative Name (SAN) extension attribute. However, the HTTPS inspection engine does not support this certificate configuration.

Notes
  • An RFC822 name resembles the following:
    user@domain.com
  • In HTTPS inspection, TMG retrieves the subject and SAN extension names for the certificate. Forefront TMG tries to a match the names with names in the destination exception list for HTTPS inspection. If there is at least one match, the site is exempted from inspection.

RESOLUTION

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Note This software update adds support for RFC822 names in HTTPS inspection.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about different HTTPS exclusion mechanisms, visit the following Microsoft TechNet website:
General information about HTTPS exclusion mechanisms in Forefront TMG 2010
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2501776 - Last Review: February 25, 2011 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
    • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbfix kbsurveynew kbexpertiseinter kbqfe KB2501776

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com