HTTPS Inspection causes Error 12030 ( Connection to the server ended unexpected )

Hi together,

since in the german TechNet plattform nobody has any ideas about this, i try it here :)

We have implemented a TMG 2010 (SP2 + Rollup 5) with HTTPS Inspection, the certificate to inspect sites is issued by an 2008 CA. We followed this blog post to generate it

So far, so good. CNG/SHA2 Sites are no issue (twitter, Google etc pp) and work fine but some https sites throw the error 12030 code.

Examples for this behaviour are the sites and

I dont know why this is a Problem, Proxy Service listens only on port 8080 (http + https), can this be an issue?

Another Thing i just noticed, public key is 4096bit strong, the cng certificate is issued with 2048bit strength. Can this cause this issue? Can this be resolved if i issue a 4096bit certificate for inspection? Or should i use 8k to be sure there will be no further Problems with other sites?

On the other side, has "only" 2048bit and (some random site with sha1+4096bit) works fine

Hope someone knows about this Problem 12030 and can help me out :)

of course, the problematic sites can be reached when inspection is disabled for those....but i dont like this as a "solution" cause it is no solution and i dont understand why those sites are a problem.

Ah and this are our tls/ssl config on the server

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

Windows Registry Editor Version 5.00


Thanks in advance

  • Edited by 0711 12 hours 28 minutes ago
February 4th, 2015 5:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics