This error can occur due to DNS issues where the ISA server resolves the internal site name back to the external address. In my case for no apparent reason, an SBS with ISA 2000 server started looping for the OWA and remote websites that were being sent to the external domain URL. NSLookup resolved correctly on the server, but to resolve the problem required added a new primary zone for the external domain and creating an A record for the mail address.
If using NSLookup on the external ULR domain you get both the internal resolution and a “non-authoritative” result that points to the external, then create a new zone with the external.
This error is well documented at the bottom of the document (applies to SBS 2003 and maybe to other server products) “Troubleshooting Web Proxy Traffic in ISA Server 2004”. However you need to find out who is listening on Port 8080:
c:\>netstat -aon | find ":8080"
- our result: TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 5620
c:\>tasklist /svc | find "5620"
- our result: miniwinagent.exe 5620 miniwinagent
In our case, the Serve RAID FlashCopy Agent from IBM caused the loop. The Agent can be disabled (runs as a service). See the link to “Web-application failures after ServeRAID manager installs - Servers” for information on how to achieve this.
See the link to "EventID 14148 from source Microsoft Web Proxy" for additional information on this problem.
This message came up after setting up ISA Server for the first time on Small Business Server 2000. Not sure about the reason but the problem was that the MS Web Proxy started before the WWW Publishing Service. Because there was a port conflict (port 80), the default website could not start and the proxy created the chain loop. I fixed the problem permanently by adding W3SVC to the DependOnService registry of the W3Proxy. Open regedt32 and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services, click on W3Proxy, double-click on the DependOnService registry and add W3SVC at the end of the list.
Publishing OWA over SSL gave me this error randomly on a multihomed server. Changing my SSL Web Publishing Rules to redirect to the internal IP instead of the FQDN fixed the problem for me.
When trying to reach a web site published by ISA server the client receives a "12206 - proxy chain error". This can occur for several reasons. The most likely is a DNS conflict between internal and external settings. Please read ME296202
for the fix. If that doesn''t solve the probllem make sure that the web site (IIS) is running on the target machine!
If an internal server is published using the Web Publising rule on Microsoft ISA Server and the server is configured to redirect the request to the same address that was originally requested, a loop condition might apply.
This condition commonly occurs if ISA server is used to publish an internal server using SSL Bridging (SSL to SSL). To allow this scenario to work properly, ISA server has to forward the request to the same web address (host header) that the original client used to access the service (since the same server certificate is used on the ISA server and on the internal server). However, if the ISA server was not configured to resolve this web address using the host file (which associates this web address with the internal address of the server to be published), a loop condition applies and the error is logged in the event log (needless to say that web publishing does not work for the external user and a similar error message is displayed in the browser window).
As per Microsoft: " In ISA Management, check the routing configuration on all chained proxies. To do this, in the ISA Management console tree, click Servers and Arrays, click Name, click Network Configuration, and then click Routing."