Customizing HTML error messages
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
This topic describes the HTML error messages that are provided with Forefront TMG, and how to customize them. It also describes how to create new error messages.
About HTML error messages
Web browser clients sometimes receive error messages in the browser as a result of a web request. If a web request error occurs on the client before reaching the Forefront TMG computer, the error message is generated by the web browser.
For web requests that reach the Forefront TMG computer, Forefront TMG includes a set of error messages that can be returned to web browser. Forefront TMG distinguishes between external and internal client requests.
Forefront TMG provides two sets of error messages depending on the Forefront TMG version. For both sets of error messages, you can edit or customize the messages as required; however, you cannot use both sets of error messages together, you must use one or the other. To choose the set of error messages to use in your organization:
In the Forefront TMG Management console select the server, and then in the Tasks pane, click Array Management.
On the <server_name> properties dialog box, click the Error Pages tab.
To use the new error pages (available only from Service Pack 2), click Use the version available from Forefront TMG SP2 onwards, and then click OK.
For more information, see Creating custom HTML error messages in Forefront TMG SP2.
To use the previous error pages, click Use the version available prior to Forefront TMG SP2, and then click OK.
For more information, see Creating custom HTML error messages in Forefront TMG.
Note
When using the new error pages and connecting to a site over HTTPS from an older web browser, such as, Internet Explorer 6 or 7, embedded objects do not appear in the error page.
Editing the HTML error messages
You can edit any of the .htm files as required. Remember to back up the original file before making modifications. The error messages matching the language of your version of Forefront TMG are in the Forefront TMG installation directory in one of two directories depending on the version of Forefront TMG.
Forefront TMG and Forefront TMG SP1—ErrorHtmls
Forefront TMG SP2—Templates\WebObjectsTemplates\ISA
The following syntax is used to identify the files:
For internal clients, the files are named Error_number.htm.
For external clients, the files are named Error_numberR.htm (where R indicates reverse).
The following table lists the error messages in this folder.
| File names | Description |
|---|---|
64.htm and 64R.htm |
The connection to the specified web server has been lost. |
401R.htm |
The client has not been authenticated successfully (external client only). |
407.htm |
The client has not been authenticated by the proxy server (internal client only). |
502.htm and 502R.htm |
A connection could not be made to an upstream content server. |
504.htm and 504R.htm |
An attempt to connect to an upstream server timed out. |
1460.htm and 1460R.htm |
A connection requested to the specified web server timed out. |
10054.htm and 10054R.htm |
The specified destination web server reset the connection. |
10060.htm and 10060R.htm |
The specified web server could not be contacted, and the request timed out. |
10061.htm and 10061R.htm |
The specified web server could not establish a connection. This is usually the result of attempting to connect to an inactive service on the server. |
11001.htm and 11001R.htm |
The specified host could not be found. |
11002.htm and 11002R.htm |
The DNS name server for the specified host could not be contacted. |
11004.htm and 11004R.htm |
A host was not found. |
12206.htm and 12206R.htm |
A proxy chain loop configuration has been detected. This might indicate a proxy configuration problem. |
12221R.htm |
The client certificate used to establish the SSL connection with the Forefront TMG computer is not from a trusted certification authority. |
12222R.htm |
The client certificate used to establish the SSL connection with the Forefront TMG computer is not acceptable. The client certificate restrictions not met. |
12223.htm and 12223R.htm |
The page was blocked by the intrusion protection system (IPS). |
12224.htm |
The SSL server certificate supplied by a destination server is not yet valid. |
12225.htm |
The SSL server certificate supplied by a destination server expired. |
12226.htm |
The certification authority that issued the SSL server certificate supplied by a destination server is not trusted by the local computer. |
12227.htm |
The name on the SSL server certificate supplied by a destination server does not match the name of the host requested. |
12228.htm |
The SSL certificate supplied by a destination server cannot be used to validate the server because it is not a server certificate. |
12229.htm |
The website requires a client certificate, but a client certificate cannot be supplied when HTTPS inspection is applied to the request. |
12230.htm |
The SSL server certificate supplied by a destination server has been revoked by the certification authority that issued it. |
12231.htm |
Forefront TMG denied the specified Uniform Resource Locator (URL) (This page is used when the deny rule is set to display the URL category, but not the custom message; [URLCATEGORY] will be replaced with the category name). |
12232.htm |
Forefront TMG denied the specified Uniform Resource Locator (URL) (This page is used when the deny rule is set to display the custom message but not the URL category; [ADMINMESSAGE] will be replaced with the custom message). |
12233.htm |
Forefront TMG denied the specified Uniform Resource Locator (URL) (This page is used when the deny rule is set to display both the custom message and the URL category; [URLCATEGORY] will be replaced with the category name and [ADMINMESSAGE] will be replaced with the custom message). |
Important
After modifying existing messages, or creating new ones, restart the Web Proxy service for the changes to take effect.