[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1986
  • Last Modified:

ISA Server has encountered a proxy chain loop

Hi there all,

I am having a problem with my ISA box in that I continually get Event 14141 for Microsoft ISA Server Web PRoxy (ISA Server has encountered a proxy chain loop.) and then no one can get on the internet.  I have just had to install ISA from scratch and the NIC details are as follows:

Internal NIC:

IP Address :  192.168.0.2
Mask: 255.255.255.0
Gateway : 192.168.0.2
Primary DNS: 192.168.0.1 (internal DNS server and Primary DC)
Seconday DNS : 10.0.0.1 (ip of ADSL router)

External NIC
IP Address: 10.0.0.2
Mask: 255.255.255.0
Gateway: 10.0.0.1
Primary DNS: 10.0.0.1

If anyone has any ideas on what would be causing this problem I would greatly appreciate it.   The other thing is I cannot nslookup internal computers from the ISA Server.  This Server is a member of our domain.

thanks
Darren
0
chimp153
Asked:
chimp153
2 Solutions
 
rslangenCommented:
Your internal network card shouldn't have a gateway in the nic.
Leave that one empty.

Then on the cmd type route print
Then add the route for your internal netwok

In your case this would be
route add 192.168.0.0 mask 255.255.255.0 192.168.0.2 -p

That is if 192.168.0.2 is your gateway, normally this would be 192.168.1.254
0
 
hau_itCommented:
Yes. You should not have Internal Gateway in the ISA. Only the external!!
0
 
bbaoIT ConsultantCommented:
and the default gateway for internal clients should be 192.168.0.2.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
chimp153Author Commented:
Thanks guys.  The internal NIC was set to get an IP address automatically so I changed that and I checked the routing table and it had the route entry in there so I will give it today and see if it continues to get the error.

The other thing is that I have a number of internal websites that are published from this server and their IP address internally is 192.168.0.4 (of the server they are on - I use headers in IIS to get to the right site), but from the ISA box when I NS lookup this website I get the external ip address.  

So my question is would this cause a proxy chain loop.  I do have to send the requests to the 192.168.0.4 server but was wondering whether this would cause the proxy loop problem.
0
 
bbaoIT ConsultantCommented:
> but from the ISA box when I NS lookup this website I get the external ip address.  

1. remove primary DNS on the external NIC. make sure all DNS requests go to internal DC.

2. PING the internal servers from the DC (192.168.0.1) to see if the internal DNS can address the published servers correctly.

3. if necessary, as you have only a few internal sites to be published, use IP numbers instead of domain names, in the relevant ISA settings such as publishing server or defining firewall rules.

hope it helps,
bbao
0
 
chimp153Author Commented:
Checked today and all is still working, no more proxy chain loop errors.  thanks for your help rslangen
0
 
chimp153Author Commented:
and bbao
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now