A 502 proxy error occurs when you try to create an HTTPS connection if a downstream proxy has Forefront TMG 2010 installed
Consider the following scenario:
- You have a downstream proxy that has Microsoft Forefront Threat Management Gateway (TMG) 2010 installed.
- You configure network traffic interoperability between the downstream proxy and an upstream proxy.
- A client computer tries to create a Secure Hypertext Transfer Protocol (HTTPS) connection through the downstream and upstream proxies to a web server.
- HTTP/1.1 502 Proxy Error (Arithmetic result exceeded 32 bits.)
- HTTP/1.1 502 Proxy Error (-2147471495) ERROR_HTTP_INVALID_HEADER
This issue occurs because Forefront TMG 2010 cannot parse a multi-packet response that is for the HTTPS CONNECT request and that is from the upstream proxy. Therefore, Forefront TMG 2010 does not send the response to the client computer.
When you try to create a HTTPS connection, the downstream proxy that has Forefront TMG 2010 installed forwards the HTTPS CONNECT request to the upstream proxy. The upstream proxy returns a response packet that has some additional headers. However, Forefront TMG 2010 cannot parse the response if the returned packet is split into multiple packets.
Update informationTo resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2433623 Software Update 2 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 2445662 - Last Review: 11/17/2010 01:29:00 - Revision: 1.0
Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
- kbqfe kbfix kbsurveynew kbexpertiseinter KB2445662