Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled

FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You enable the HTTPS inspection feature in Microsoft Forefront Threat Management Gateway (TMG) 2010.
  • You try to use an HTTPS URL to access a website through Forefront TMG 2010.
In this scenario, you receive the following error message:
502 Proxy Error. An attempt was made to load a program with an incorrect format. (11).

↑ Back to the top

Cause

This issue occurs because the server certificate of the website contains an RFC822 name in the Subject Alternative Name (SAN) extension attribute. However, the HTTPS inspection engine does not support this certificate configuration.

Notes
  • An RFC822 name resembles the following:
    user@domain.com
  • In HTTPS inspection, TMG retrieves the subject and SAN extension names for the certificate. Forefront TMG tries to a match the names with names in the destination exception list for HTTPS inspection. If there is at least one match, the site is exempted from inspection.

↑ Back to the top

Resolution

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Note This software update adds support for RFC822 names in HTTPS inspection.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

For more information about different HTTPS exclusion mechanisms, visit the following Microsoft TechNet website:
General information about HTTPS exclusion mechanisms in Forefront TMG 2010
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: kbfix, kbsurveynew, kbexpertiseinter, kbqfe, kb

↑ Back to the top

Article Info
Article ID : 2501776
Revision : 1
Created on : 3/21/2017
Published on : 2/25/2011
Exists online : False
Views : 173