- You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
- You add a website to the destination exception list for HTTPS inspection.
- You install and configure Forefront TMG Client on a computer. Or, you configure the computer to use Forefront TMG as the default gateway.
- You try to access a website that requires a client certificate authentication on the computer.
Note If reverse lookup fails, this issue still occurs. If reverse lookup fails, resolve the DNS issue, or add an entry to the Windows hosts file that is located on the Forefront TMG server.
To resolve this issue, follow these steps:
- Run the script that is in the following Microsoft Knowledge Base (KB) article: 982550 FIX: Error message occurs when you try to access a web server that requires a client certificate if HTTPS inspection is enabled in Forefront TMG 2010: "Error Code: 502 Proxy Error. The message received was unexpected or badly formatted. (-2146893018)"
- Install the software update that is described in the following Microsoft Knowledge Base (KB) article:2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Note The reverse lookup result of the host name must be in the destination exception list for HTTPS inspection and must be marked as No validation.
Article ID: 2501650 - Last Review: Feb 25, 2011 - Revision: 1