Access Denied error when connecting via a proxy server in Kaspersky Security 9.x for Microsoft Exchange Servers

Back to "Troubleshooting"

This article refers to:

• Kaspersky Security 9.5 for Microsoft Exchange Servers Maintenance Release 5 (version 9.5.153.0);
• Kaspersky Security 9.4 for Microsoft Exchange Servers Maintenance Release 4 (version 9.4.189.0);
• Kaspersky Security 9.3 for Microsoft Exchange Servers Maintenance Release 3 (version 9.3.54.0);
• Kaspersky Security 9.2 for Microsoft Exchange Servers Maintenance Release 2 (version 9.2.39.0);
• Kaspersky Security 9.1 for Microsoft Exchange Servers Maintenance Release 1 (version 9.1.42.0); 
• Kaspersky Security 9.0 for Microsoft Exchange Servers (version 9.0.129.0).

In case the HTTPS scan option is enabled on the proxy server, requests generated by Kaspersky Security 9.x for Microsoft Exchange Servers will be blocked. In this event, te application logs the following message:

Error AntispamEngine: tpprov [ConnectionTmpl.h:133] eka::SystemException caught: .\src\ProxyAuthorizationUtil.cpp(178) SystemException - basic auth failed. http ret code:407: 0x80000045 (Access denied)

Reason

This occurs because the KSN (Kaspersky Security Network) service and the Enforced Anti-Spam Update Service use port 443 for connecting to public Kaspersky Lab servers. 

Solution

To ensure the correct work of the services of Kaspersky Security 9.x for Microsoft Exchange Servers, it is necessary to create a special allowing rule or disable HTTPS traffic scan.

To disable HTTP traffic scan on Forefront TMG, follow these steps:

1. Open the Forefront TMG management console.
2. In the management console, select the server node -> Web Access Policy.
3. On the Tasks tab in the right frame, select Configure HTTPS inspection.
4. In the HTTP Outbound Inspection window, clear the check box Enable HTTPS inspection.

5. Click OK to save the changes and close the window.
6. Click Apply in the Forefront TMG management console.

Back to "Troubleshooting"