- You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
- You try to use an HTTPS URL to access a website that requires a client certificate through Forefront TMG 2010.
- You add the website to the Destination Exception list for HTTPS inspection.
When a request that contains an empty client certificate is sent, some web servers accept and renegotiate the client certificate. However, other web servers may return an SSL error when the web server receives an empty client certificate, and Forefront TMG does not correctly handle the server error. Therefore, the error message that is mentioned in the "Symptoms" section is generated.
Note An example of a web server that accepts and renegotiates an empty client certificate is an IIS web server.
- Install the software update that is described in the following Microsoft Knowledge Base (KB) article:2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
- Run the script that is in the following article:
Article ID: 2501777 - Last Review: Feb 25, 2011 - Revision: 1