Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FIX: Access to certain SSL websites may be unavailable when HTTPS Inspection is enabled in Forefront Threat Management Gateway 2010

FIX: Access to certain SSL websites may be unavailable when HTTPS Inspection is enabled in Forefront Threat Management Gateway 2010

View products that this article applies to.

Symptoms

When HTTPS Inspection is enabled in Microsoft Forefront Threat Management Gateway 2010, access to certain secure sockets layer (SSL) websites may be unavailable. Additionally, you receive the following error message in Internet Explorer:

Internet Explorer cannot display the webpage

When you view the Threat Management Gateway web proxy logs, a result code of either 0x80090332 or -2146893022 is logged for the request.

If you run a Network Monitor trace of the traffic, you find that Threat Management Gateway returns the following error to the client:

HTTP/1.1 502 Proxy Error (The target principal name is incorrect.)

↑ Back to the top

Cause

This problem occurs because HTTPS Inspection expects an SSL certificate to have a Common Name attribute specified in the Subject field. This is checked by HTTPS Inspection as part of certificate validation.

Some certification authorities have started to issue SSL certificates that have the subject name specified only in the Subject Alternate Name attribute. This is a valid certificate format. However, HTTPS Inspection in Threat Management Gateway 2010 does not handle this kind of certificate, and the outgoing connection fails.

Usually, a certificate that uses the Subject Alternate Name attribute would also specify a Common Name attribute in the Subject field.

↑ Back to the top

Resolution

To resolve this problem, install Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

See the terminology Microsoft uses to describe software updates.

↑ Back to the top

Keywords: kbnotautohotfix, kbqfe, kbfix, kbexpertiseinter, kbbug, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2899713
Revision : 1
Created on : 1/7/2017
Published on : 11/8/2013
Exists online : False
Views : 291