FIX: "Host Not Found (11001)" error message when an SSL site is accessed by using a downstream Forefront TMG 2010 server that has HTTPS Inspection enabled

Article translations Article translations
Article ID: 2790765 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:
  • A server is implemented as a downstream proxy server in a Microsoft Forefront Threat Management Gateway (TMG) 2010 environment.
  • Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 was applied to the TMG server.
  • External DNS resolution is not configured on the TMG server.
  • HTTPS Inspection is enabled on the TMG server.
In this scenario, when the TMG server is used to access an SSL site, a "Host Not Found (11001)" error message is generated.

Cause

This problem occurs because of a change to the HTTPS Inspection exception logic that was made in Forefront TMG 2010 Service Pack 2.

Resolution

To resolve this problem, install the hotfix package that is described in the following Microsoft Knowledge Base article:
2735208 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

For more information about the change to the exception logic for HTTPS Inspection, click the following article number to go to the article in the Microsoft Knowledge Base:
2619991 FIX: An application that uses port 443 to connect to a remote web server no longer works after HTTPSi is enabled in a Forefront Threat Management Gateway 2010 environment
The new exception logic performs a DNS name resolution on the target's fully qualified domain name (FQDN) to determine whether it is part of the destination exception list. If the DNS lookup is unsuccessful, this causes the request to fail and generate the "Host Not Found (11001)" error message.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2790765 - Last Review: January 10, 2013 - Revision: 1.0
Applies to
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 2, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
    • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbqfe kbfix kbexpertiseinter kbbug kbsurveynew KB2790765

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com