• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Proxy chain loop when adding upstream proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Proxy chain loop when adding upstream proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Proxy chain loop when adding upstream proxy - 12.Nov.2004 10:17:00 AM   
Thinkagain

 

Posts: 6
Joined: 9.Nov.2004
Status: offline
Hi,

I've setup a ISA2004 server with 4 interfaces.
Internal: 10.200.X.X
Perimeter1: 10.204.X.X
Perimeter2: 10.203.X.X
External: 172.16.X.X (connected to an adsl router)
Only the external interface has a default gateway .
The adapter order under "advanced settings" are in the above order.
All adapters are using the same dns-servers, one in the internal network and the other local on the ISA server.

On this machine I am also using TrendMicro's Interscan Web Security Suite (IWSS).
The IWSS is configured to retrieve its pages direct without using a proxy.
The intention is to let the users connect to the ISA server (on port 8080) and let the ISA server connect to the IWSS (on port 8081)
As soon as i modify the "Last Default Rule" under "Web Chaining" the looping starts.
I've tried to set this to the localhost address, internal interface address and external interface address with no result

A browser with the proxy set at port 8080 or 8081 receives the error code: 12206 which is the "Proxy chain loop". In the application log eventid 14141 starts.
It seems that traffic from the IWSS gets intercepted by the ISA server which according to its configuration forwards it to the IWSS, eventually creating a loop.
The microsoft event description states that there is a routing problem, I cant seem to find it.

When I start monitoring several messages pass by, one of these is eventually: Failed Connection Attempt (which is probably the logical result of the loop). I do not receive any Deny messages.

I thought this might have something to do with the network rules (route / nat), but I cannot add or modify any rules with the "Local Host" network as source.

I've searched through several forums but have not found any answers. It seems that others do not post the solution if they receive it from another information source than than this forum post.

Anyone?, I'm pretty much out of ideas.

Please let me know if you're using a similar configuration with an upstream proxy installed locally on the isa server so we can exchange ideas.
Post #: 1
RE: Proxy chain loop when adding upstream proxy - 17.Nov.2004 6:26:00 PM   
-moz-

 

Posts: 4
Joined: 15.Nov.2004
Status: offline
got exactly same problem, using local isa as the upstreeam to try to use the backup feature and

get Error Code 12206: Proxy chain loop
Background: The gateway has detected a proxy chain loop. This condition might indicate a configuration problem on a proxy server.
Date: 17/11/2004 17:27:00
Server:
Source: Proxy

(in reply to Thinkagain)
Post #: 2
RE: Proxy chain loop when adding upstream proxy - 18.Nov.2004 7:25:00 PM   
TheMadMan

 

Posts: 2
Joined: 21.Sep.2003
Status: offline
Not sure about 2004, but in 2000/2003 you had to create a Destination-set and a Web-publishing rule, and let the Web-publishing rule point to the created destination-set. Guess it's still the same in 2004.

(in reply to Thinkagain)
Post #: 3
RE: Proxy chain loop when adding upstream proxy - 25.Nov.2004 11:20:00 AM   
npmr

 

Posts: 2
Joined: 25.Feb.2003
Status: offline
I tried exactly the same with CA eTrust Secure Content Manager.

Next I tried installing SCM on another box in the DMZ. Clients connect to ISA proxy, which redirects them to SCM proxy, which in turn tries to get the requests directly from the internet, through ISA Server firewall (it's not configured as a proxy client, but the default gateway of the DMZ is the ISA Server).

In ISA 2000 existed the HTTP Redirector, which captured non-proxy HTTP request and forwarded them to Web Proxy. I think this kind of behaviour its the cause for our problem. But in ISA 2004 there's no way to configure or disconnect the redirector.

(in reply to Thinkagain)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Proxy chain loop when adding upstream proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts