Re: Proxy chain loop bug in ISA SP1

• Previous message: Christian Hagemann: "Re: Proxy chain loop bug in ISA SP1"
• In reply to: Christian Hagemann: "Re: Proxy chain loop bug in ISA SP1"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 25 Mar 2004 09:46:48 -0600

Hi Christian,

That's right. Bidirectional affinity is not supported for ISA 2000.

--
Tom
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
ISA Server and Beyond Seminars - http://tinyurl.com/9sce
MVP -- ISA Server 2000
"Christian Hagemann" <newshac@helbling.ch> wrote in message
news:c3uaot$hne$1@dc2-03-su-03.dc2.solpa.net...
: Hi Al & Tristan
: got the same "proxy chain loop" Error from my ISA-NLB-Setup.
: A MS Consultant helped me to setup my ISA-environment.
: We installed NLB on the inter and intranet NICs that was in December.
: I had massive problems with VPN on the ISAs and suddenly
"Proxy-Chain-Error"
: showed up as well.
: The MS-MAPS-Consultant told me that NLB with VPN is only supportet
: on the external NICs.
: So last week I deinstalled the NLB on the internal Interfaces
: AND suddely the Proxy-Chain-thing is gone as well :-).
:
: Christian
:
: "Al Blake" <al@blakes.net> wrote in message
: news:%23gyS56FEEHA.3804@TK2MSFTNGP09.phx.gbl...
: > We have spent over a year diagnosing this problem. I have seen numerous
: > posts from others indicating they are encountering the same issue. Here
is
: > the setup:
: >
: > -SINGLE ISA Enterprise SP1 in AD. (no upstream/downstream proxies)
: > -SINGLE Internet connection on ISA box
: > -Publishing Ex2003 OWA through web publishing using SSL by name. Same
: > certificate installed on Ex2003 box and ISA server.
: > -ISA server has dns *only* bound on internal NIC pointing to Internet
: (LAN)
: > dns server
: > -Internal adapter is bound ahead of external adapter
: > -ISA server has hosts file containing hard-coded internal IPs of all
: > internal servers published via ISA (to bypass dns)
: > -1200 mailboxes on Ex2003 server - so potentially high traffic through
web
: > publishing.
: > -We are a K12 school so traffic can be low (holidays) or high (term
time)
: >
: > when there is low traffic (holidays), despite  users accessing their
: > mailboxes through OWA through ISA there are no problems. During the last
: > holiday we didnt have a single error on the ISA server (over two
months).
: > Since the students have returned and traffic has ramped up on the ISA
: > server, once or twice a day we get:
: >
: > ISA Server detected a proxy chain loop. There is a problem with the
: > configuration of the ISA Server routing policy.
: >
: > After this has been logged in the event log (14141) all subsequent users
: to
: > the OWA service get 12206 errors and 500 (page unavailable). This can
only
: > be cleared by restarting the web proxy service, which we have now
: automated
: > (stop then start after detecting the error 10 times). Checking the ISA
web
: > proxy logs confirms this *only* occurs with the OWA publishing rule:
: >
: > **** **** Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 2004-03-22
: > 20:02:43 W3ReverseProxy FLUFFY - mail.cggs.act.edu.au - - 110 1388 - -
: > SEARCH http://mail.cggs.act.edu.au:443/exchange/****/Inbox/ - 12206
: > **** **** Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 2004-03-22
: > 20:02:43 W3ReverseProxy FLUFFY - mail.cggs.act.edu.au 203.110.145.180
443
: > 125 1364 3785 http SEARCH
: > http://mail.cggs.act.edu.au:443/exchange/****/Inbox/ Inet 500
: >
: > etc etc until the service restarts. The issue is *NOT* related to a
: routing
: > error as the system works perfectly under low load (holidays) with no
: > configuration changes. Also, before hard-coding the name of the mail
: server
: > into the hosts file on the ISA server this problem used to occur 10-15
: times
: > a day. Since hard-coding the server name this has reduced to
approximately
: > once per day; but it hasn't stopped. This indicates that the problem is
: the
: > dns lookup functions of the web proxy service in ISA under high load.
: >
: > I am not prepared to pay Microsoft another $500 to be told 're-install
: your
: > ISA server', which is what they told me last time. (We have reinstalled
: > twice incidentally). Also, if we dont web publish the OWA server but
: simply
: > directly publish the port we never get the proxy chain error, even
though
: we
: > have 5 other servers published through web publishing. Again this
confirms
: > that the problem is in a web publishing SSL under high load. (The reason
: we
: > want to stick with web publishing for OWA is because we need the logging
: we
: > can obtain that way).
: >
: > Anyway, if anyone from M$ reads this perhaps they could confirm whether
: this
: > problem is in the fix-train for either an SP or the next version of ISA?
: If
: > there is anyone on ISA development that wants me to provide logs or
carry
: > out testing to nail down the problem then I would be happy to do that -
: but
: > I am not paying another $500 for the priviledge.
: >
: > To anyone else that is running into this issue; you are not alone, your
: > routing configuration is correct; its a problem in ISA, and let me know
if
: > you find a 100% fix for this issue.
: >
: > Al Blake, Canberra, Australia
: >
: >
:
:

• Previous message: Christian Hagemann: "Re: Proxy chain loop bug in ISA SP1"
• In reply to: Christian Hagemann: "Re: Proxy chain loop bug in ISA SP1"
• Messages sorted by: [ date ] [ thread ]