tmgreporter

How To Solve "13 The Data Is Invalid" Error in Forefront TMG

by

Ulison Souza

Last week we had a problem with one of our customers that was trying to access a new web site recently built and hosted at their cloud provider. When running a query in Forefront TMG Logs and Reports view, I found the error below:

Failed Connection  Attempt Log type: Web  Proxy (Forward) Status: 13 The data is invalid. Rule: Source: Internal _Destination: External  _ Request: GET  http:// Filter information: Req ID: 0fdbab91;  Compression: client=No, server=Yes, compress rate=0% decompress  rate=0% Protocol: http User: anonymous

Cause

This error occurs when the destination Web Server is using Chunked Encoding but it is not passing the correct TransferEnconding header.

When researching about this problem I found a great post from my friend Yuri Diógenes that explains why this problem happens:

According to RFC if a server is using chunked encoding it must set the Transfer-Encoding header to "chunked". In order to compress the content we need to accumulate all the chucks and then compress. When it works, TMG knows that all that content is part of the same HTTP request since it says in the HTTP Response Header; therefore it waits for the entire content, compress and send it back to the client. On the failing server we receive the first answer that doesn’t say that the content is chucked and right after that we receive other chucks, since HTTP Compression is enabled it fails to reassemble all the content since it doesn’t know that they belong to the same content." - Yuri Diógenes at: https://blogs.technet.com/b/yuridiogenes/archive/2010/12/22/3292163.aspx

Solution

If possible, the best way to solve it is by asking the web site administrator to change the "TransferEncoding header" parameter on the web server to "chunked". See How to enable chunked transfer encoding with IIS.

Workaround

If you cannot wait for the website administrator to change this, you can workaround the problem by disabling HTTP Compression for the destination site.

Disabling HTTP Compression altogether will cause higher bandwidth consumption and may cause other kinds of Internet access errors, so the better solution is to keep this service enabled and adding the destination IP as an exception:

To add exclude a destination IP from HTTP Compression

  1. Open the Forefront TMG Management Console and go to Web Access Policy
  2. On the left hand side, click Configure HTTP Compression under Tasks.
  3. On the Request Compressed Data tab, click the Add button next to Exceptions
  4. To exclude a single IP,  add a Computer for the destination IP address you want to exclude. Alternatively, you can create a new Address Range or Computer Set to exclude more than one IP addresses. I created a new Computer Set called 'HTTP Compression Exceptions' (as in the image above).
  5. Click Add to add your new Computer, Computer Set or Range to the exception list.
  6. Click OK and Apply.

Once the exception has been added, try browsing to the web site again and the issue should be resolved!

I hope this post may help you!

Take Fastvue Reporter for a test drive

Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.

  • Share this story
    facebook
    twitter
    linkedIn

How to Enable and Disable SSL / TLS Versions on Forefront TMG

This article explains how to enable and disable SSL / TLS versions on Forefront TMG to ensure your sites are running the most secure protocol version.
TMG Reporter

How To Extend Forefront TMG's Web Protection Services (WPS) After November 30 2012

This article explains how to renew your Web Protection Services (WPS) Subscription for Forefront TMG as it can no longer be purchased from Microsoft.
TMG Reporter