ISA Server has encountered a proxy chain loop

Posted on 2009-04-22
Last Modified: 2013-12-04
Hi there all,

I am having a problem with my ISA box in that I continually get Event 14141 for Microsoft ISA Server Web PRoxy (ISA Server has encountered a proxy chain loop.) and then no one can get on the internet.  I have just had to install ISA from scratch and the NIC details are as follows:

Internal NIC:

IP Address :
Gateway :
Primary DNS: (internal DNS server and Primary DC)
Seconday DNS : (ip of ADSL router)

External NIC
IP Address:
Primary DNS:

If anyone has any ideas on what would be causing this problem I would greatly appreciate it.   The other thing is I cannot nslookup internal computers from the ISA Server.  This Server is a member of our domain.

Question by:chimp153
    LVL 4

    Accepted Solution

    Your internal network card shouldn't have a gateway in the nic.
    Leave that one empty.

    Then on the cmd type route print
    Then add the route for your internal netwok

    In your case this would be
    route add mask -p

    That is if is your gateway, normally this would be
    LVL 7

    Expert Comment

    Yes. You should not have Internal Gateway in the ISA. Only the external!!
    LVL 36

    Expert Comment

    by:Bing CISM / CISSP
    and the default gateway for internal clients should be

    Author Comment

    Thanks guys.  The internal NIC was set to get an IP address automatically so I changed that and I checked the routing table and it had the route entry in there so I will give it today and see if it continues to get the error.

    The other thing is that I have a number of internal websites that are published from this server and their IP address internally is (of the server they are on - I use headers in IIS to get to the right site), but from the ISA box when I NS lookup this website I get the external ip address.  

    So my question is would this cause a proxy chain loop.  I do have to send the requests to the server but was wondering whether this would cause the proxy loop problem.
    LVL 36

    Assisted Solution

    by:Bing CISM / CISSP
    > but from the ISA box when I NS lookup this website I get the external ip address.  

    1. remove primary DNS on the external NIC. make sure all DNS requests go to internal DC.

    2. PING the internal servers from the DC ( to see if the internal DNS can address the published servers correctly.

    3. if necessary, as you have only a few internal sites to be published, use IP numbers instead of domain names, in the relevant ISA settings such as publishing server or defining firewall rules.

    hope it helps,

    Author Comment

    Checked today and all is still working, no more proxy chain loop errors.  thanks for your help rslangen

    Author Comment

    and bbao

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now