"HTTP/1.1 502 - Error 11 Bad format" error when you access SSL websites that use SAN certificates in Forefront TMG Server 2010 if a non-English version of a Windows operating system is installed

Symptoms

Consider the following scenario:

You have a computer that is running a non-English version of a Windows operating system.
You enable the HTTPS Inspection feature in Microsoft Forefront Threat Management Gateway (TMG) Server 2010 that is installed on the computer.
You access certain Secure Sockets Layer (SSL) websites that use Subject Alternative Name certificates.

In this scenario, you may receive an error message that resembles the following:

HTTP/1.1 502 - Error 11 Bad format.

Notes

This issue does not occur if you disable the HTTPS Inspection feature in Forefront TMG Server 2010.
This issue does not occur if the computer runs an English version of the Windows operating system.

This issue occurs because Forefront TMG Server 2010 has some hard-coded checks on non-localized strings for the SAN extension checks.

To resolve this issue, install the hotfix that is described in the following Microsoft Knowledge Base (KB) article:

2498770 Description of the TMG Server rollup package

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbqfe, kbsurveynew, kbfix, kbexpertiseinter, kb

Article Info