You are currently offline, waiting for your internet to reconnect

FIX: You cannot specify exact domains for HTTPS inspection in Threat Management Gateway 2010

In Microsoft Forefront Threat Management Gateway (TMG) 2010, you can specify an exclusion list from HTTPS inspection, that is, the list of sites that are excluded from HTTPS inspection. You cannot define an inclusion list, that is, the list of sites for which the HTTPS inspection is applied.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
There can only be one DomainNameSet in the inclusion list. If the inclusion list is set, the HTTPS Inspection Exclusion tab in the UI is disabled.

To set the inclusion list for HTTPS inspection, follow these steps:
  1. Create a DomainNameSet for the HTTPS inspection inclusion list.
  2. Copy the following script into Notepad save it with the file name ConfigureHTTPSiInclusionList.vbs.
    If WScript.Arguments.Count > 1 ThenWScript.Echo "Usage:" & vbCRLF & _" ConfigureHTTPSiInclusionList <DomainNameSetName> - add DomainNameSet to HTTPS Inspection inclusion list" & vbCRLF & _" ConfigureHTTPSiInclusionList - remove DomainnameSet VPS" & vbCRLFWScript.Quit(1) End IfGUID = "{da361caa-f5ed-461a-ac23-13a02eec9867}"Attribute = "InclusionDomainNameSetGUID"Set Arr = CreateObject("FPC.Root").GetContainingArray()Set VendorSets = Arr.ArrayPolicy.WebProxy.OutboundHTTPSInspectionConfiguration.VendorParametersSetsOn Error Resume Nextif WScript.Arguments.Count > 0 ThenDomainNameSetName = WScript.Arguments(0)Set DomainNameSet = Arr.RuleElements.DomainNameSets.Item(DomainNameSetName)If Err.Number <> 0 ThenWScript.Echo "DomainNameSet " & DomainNameSetName & " does not exist"WScript.Quit(1)End IfEnd IfSet VendorSet = VendorSets.Item( GUID)If Err.Number <> 0 ThenErr.ClearSet VendorSet = VendorSets.Add( GUID )CheckErrorWScript.Echo "No existing VendorSet."ElseWScript.Echo "Existing VendorSet found. Values in it:"for each name in VendorSet.allNamesWScript.Echo " ", name, "=", VendorSet.Value(name)nextWScript.Echo "-------------------------------------"End IfIf WScript.Arguments.Count > 0 ThenVal = DomainNameSet.PersistentNameWScript.Echo "Setting ", Attribute, " = ", ValVendorSet.Value(Attribute) = ValElseWScript.Echo "Deleting", AttributeVendorSet.RemoveValue(Attribute)End IfArr.SaveSub CheckError()If Err.Number <> 0 ThenWScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.DescriptionErr.ClearEnd IfEnd Sub
  3. Run the following command:
    cscript ConfigureHTTPSiInclusionList.vbs <DomainNameSetName>
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

TMG2010 script

Article ID: 2619986 - Last Review: 10/31/2011 07:20:00 - Revision: 2.0

  • Microsoft Forefront Threat Management Gateway 2010 Standard
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
  • kbfix kbbug kbexpertiseinter kbsurveynew KB2619986