The scenario was a simple website publishing through ISA server 2006. While accessing the HTTPS website from a client, we were seeing a Failed Connection attempt in the ISA logs. More specifically, the error message was pointing to Error code 13, “the data is invalid”. After making sure that the rule elements are configured correctly, we collected ISA data packager with the “Web Proxy and Web Publishing” template by reproducing the issue, along with a decrypted SSL trace from the ISA server.


From the decrypted SSL trace, we could identify that the ISA server returned a response code of 400 (BAD REQUEST). Upon further inspection of the HTTP headers and payload (the request was a POST), we could not find any issue which was obvious. So we looked further into the ISATracing file, which is a component level trace collected by the ISA Data Packager.

From the trace we could find the error below:

As we can see, the request seemed to contain a Multi-Line header which is not allowed by ISA server, by default. Hence it is rejecting the request made by the client. 
We then revisited the decrypted SSL trace and observed that there was a MultiLine header found.

We also used a web debugging tool to construct a similar HTTP POST request with the same payload and same headers and that worked as expected !! When we checked the network trace, we could see that the header was not sent as a “Multi-line”.

0d – Carriage Return


0a – New line (Line Feed)

09 – Horizontal tab 

More information about the byte codes and their corresponding mappings can be found in RFC2616.


In order to resolve the issue, we opened the registry editor on the problematic server and navigated to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\RAT\Stingray\Debug\Web Filters  

and added a DWORD value APPEND_CONTINUATION_LINES and set the value to 1, and then rebooted the server.

The issue no longer occurred!! The client was able to access the site successfully.

The solution to this issue has been addressed in detail in the following KB article:

This fix appends the continuation tab thereby enabling the ISA server to successfully read the headers and process it further.

We hope this post would be helpful in resolving issues that you may face while publishing web applications through ISA/TMG. But always remember not to make any changes to the registry unless you have isolated the root cause of the issue. Also, as a general best practice, take a backup of the registry before making modifications.


Karthik Divakaran

Security Support Engineer – MSD Security Team

Junaid Jan

Security Support Escalation Engineer - MSD Security Team