FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled

SYMPTOMS
Consider the following scenario:
  • You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
  • You try to use an HTTPS URL to access a website through Forefront TMG 2010.
In this scenario, you receive the following error message:
502 Proxy Error. An attempt was made to load a program with an incorrect format. (11).
CAUSE
This issue occurs because the server certificate of the website contains an RFC822 name in the Subject Alternative Name (SAN) extension attribute. However, the HTTPS inspection engine does not support this certificate configuration.

Notes
  • An RFC822 name resembles the following:
    user@domain.com
  • In HTTPS inspection, TMG retrieves the subject and SAN extension names for the certificate. Forefront TMG tries to a match the names with names in the destination exception list for HTTPS inspection. If there is at least one match, the site is exempted from inspection.
RESOLUTION
To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Note This software update adds support for RFC822 names in HTTPS inspection.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
REFERENCES
For more information about different HTTPS exclusion mechanisms, visit the following Microsoft TechNet website:For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 2501776 - Last Review: 02/25/2011 09:18:00 - Revision: 1.0

Microsoft Forefront Threat Management Gateway 2010 Service Pack 1

  • kbfix kbsurveynew kbexpertiseinter kbqfe KB2501776
Feedback