1

Config: TMG is up at 10.0.3.1 with three network adapters, one of them is connected to Internet. Local Windows 8.1 PC at 10.0.3.xx attempts to connect to a managed switch (internal) at http://10.0.3.yy via browser. PC has 10.0.3.1 as gateway, the switch might not have this setting altogether. The switch is NOT published on TMG. The PC receives an error 12206: Proxy chain loop page into the browser, originating from 10.0.3.1. TMG's logs indicate a corresponding event id 14141 with about the same content.

How come traffic ever goes through the TMG, if the browser is configured to not use the proxy? And how to make the PC ignore TMG's presence and directly connect to the switch via HTTP?

P.S.: telnet 10.0.3.yy 80 with GET / HTTP/1.0 sent by hand also results in 12206 page retrieved from TMG, so this issue should be on an underlying network layer.

Vesper
  • 754
  • 1
  • 9
  • 29
  • https://support.microsoft.com/en-us/help/296202/a-proxy-chain-error-message-12206-is-displayed – Diamond Feb 27 '17 at 08:23
  • @bangal Read that, changed ISA bindings, still the same issue. Also, this is not the question in particular. The question is, why ISA/TMG ever interferes with localized traffic? – Vesper Feb 27 '17 at 09:28
  • Your question is valid. May be you have a transparent proxy running? You can check if automatic proxy detection is enabled in browser settings. If yes, then set a bypass rule for local net. – Diamond Feb 27 '17 at 10:40
  • It is also possible that a firewall client is installed on the PC that is forwarding the request to the TMG. In any case I suppose you will need to create bypass rule for direct access to local ip, in your TMG. – Diamond Feb 27 '17 at 10:49

1 Answers1

1

Traffic goes through without proxy if you have the default SecureNAT network rule enabled. Proxy chain loop error is usually due to a misconfiguration or if it starts occurring at random, then it's most probably due to a DNS issue, try clearing the DNS cache of your TMG server and if you have DNS server running on your network, change the sequence of root forwarders.

For local addresses, e.g. your managed switch, you need to exclude the address in your browser (or in proxy settings if you're using Windows 10). In older Windows versions, if your alternate browsers are set to use systems settings, you can disable proxy in IE or Control Panel -> Internet Options.

Hamza Sultan Zuberi
  • 31
  • 1