FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled
Consider the following scenario:
- You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
- You try to use an HTTPS URL to access a website through Forefront TMG 2010.
502 Proxy Error. An attempt was made to load a program with an incorrect format. (11).
This issue occurs because the server certificate of the website contains an RFC822 name in the Subject Alternative Name (SAN) extension attribute. However, the HTTPS inspection engine does not support this certificate configuration.
- An RFC822 name resembles the following: firstname.lastname@example.org
- In HTTPS inspection, TMG retrieves the subject and SAN extension names for the certificate. Forefront TMG tries to a match the names with names in the destination exception list for HTTPS inspection. If there is at least one match, the site is exempted from inspection.
To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Note This software update adds support for RFC822 names in HTTPS inspection.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about different HTTPS exclusion mechanisms, visit the following Microsoft TechNet website:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 2501776 - Last Review: 02/25/2011 09:18:00 - Revision: 1.0
Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
- kbfix kbsurveynew kbexpertiseinter kbqfe KB2501776