FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled


Consider the following scenario:In this scenario, you receive the following error message:
502 Proxy Error. An attempt was made to load a program with an incorrect format. (11).


This issue occurs because the server certificate of the website contains an RFC822 name in the Subject Alternative Name (SAN) extension attribute. However, the HTTPS inspection engine does not support this certificate configuration.

  • An RFC822 name resembles the following:
  • In HTTPS inspection, TMG retrieves the subject and SAN extension names for the certificate. Forefront TMG tries to a match the names with names in the destination exception list for HTTPS inspection. If there is at least one match, the site is exempted from inspection.


To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Note This software update adds support for RFC822 names in HTTPS inspection.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


For more information about different HTTPS exclusion mechanisms, visit the following Microsoft TechNet website:For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

رقم الموضوع: 2501776 - آخر مراجعة: 25‏/02‏/2011 - المراجعة: 1