A Proxy Chain Error Message "12206" Is Displayed

Symptoms

When your Web browser attempts to locate a Web site that has been published by Internet Security and Acceleration (ISA) Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition, you may receive a "12206" proxy chain error message.

Cause

This behavior can occur because the external network adapter references an Internet service provider (ISP) Domain Name System (DNS) server and the binding order on ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition lists the external network adapter first. When the publishing server is redirected by a Fully Qualified Name and the zone of the server matches the zone located on the external DNS server, the external DNS server is used to resolve the name. The external DNS server redirects the traffic back to the external network adapter on ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition. Each time the traffic arrives at ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition, an "HTTP Via" record is added to the packet. When two of these records exist, ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition returns the 12206 error message.

NOTE: This behavior can occur even when there is only one ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition that publishes the Web site.

Resolution

To resolve this behavior, remove the external DNS server address from the external network adapter, and then change the binding order on ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition so that the internal network adapter is listed first:
  1. Click Network and Dial-Up connections.
  2. On the Advanced menu, click Advanced Settings to display the binding order.
  3. Click the internal network adapter, and then move it to the top. The internal DNS is used to resolve the server name so that redirection works properly.
Note For ISA Server 2006 and Microsoft Forefront Threat Management Gateway, Medium Business Edition, the IP address of the published server can be specified in the Web publishing rule properties on the TO tab. By specifying this IP address, ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition will establish a connection to the published server without having to make a name resolution. This will avoid hitting the Proxy Chain Error.
Propriedades

ID do Artigo: 296202 - Última Revisão: 5 de dez de 2008 - Revisão: 1

Comentários