Access Denied error when connecting via a proxy server in Kaspersky Security 9.x for Microsoft Exchange Servers

This article concerns:

• Kaspersky Security 9.6 for Microsoft Exchange Servers Maintenance Release 6 (version 9.6.96.0)
• Kaspersky Security 9.5 for Microsoft Exchange Servers Maintenance Release 5 (version 9.5.153.0)

In case the HTTPS scan option is enabled on the proxy server, requests generated by Kaspersky Security 9.x for Microsoft Exchange Servers will be blocked.

In this case, the application logs the following message:
Error AntispamEngine: tpprov [ConnectionTmpl.h:133] eka::SystemException caught: .\src\ProxyAuthorizationUtil.cpp(178) SystemException - basic auth failed. http ret code:407: 0x80000045 (Access denied).

Cause

This occurs because the Kaspersky Security Network service and the Enforced Anti-Spam Update Service use port 443 for connecting to public Kaspersky servers. This port may be unavailable.

Solution

To ensure the correct work of the services of Kaspersky Security 9.x for Microsoft Exchange Servers, create a special allowing rule or disable the HTTPS traffic scan.

To disable the HTTP traffic scan on Forefront TMG, follow these steps:

1. Open the Forefront TMG management console.
2. In the management console, select the server node → Web Access Policy.
3. On the Tasks tab, select Configure HTTPS inspection.
4. Go to the General tab and clear the Enable HTTPS inspection checkbox.

5. Click OK.
6. Click Apply in the Forefront TMG management console.