Eternal Loop while Accessing a site Published by TMG 2010

Consider the following scenario:

• You have a computer that is running Forefront TMG 2010.
• You have a Web server that automatically redirects HTTP requests to Secure Socket Layer (SSL) requests.
• You configure the Web listener to listen for HTTP requests and also to use bridging.
• You configure the Web listener and the bridging for both HTTP and for SSL requests (HTTPS).

In this scenario, when the Web server receives an HTTP request, it redirects the request to the TMG adding the https on the new location within the header as shown below:

- GET Request sent from TMG to the internal Server:

Http: Request, GET /default.aspx
Command: GET
+ URI: /default.aspx
ProtocolVersion: HTTP/1.1
Via: 1.1 TMG
Host: contoso.com
Accept: */*
Accept-Language: en-us
Connection: Keep-Alive
Accept-Encoding: peerdist
HeaderEnd: CRLF

- Web Server reply with the new location:

Http: Response, HTTP/1.1, Status: Moved temporarily, URL: /default.aspx
ProtocolVersion: HTTP/1.1
StatusCode: 302, Moved temporarily
Reason: Found
Cache-Control: private
Location:   https://contoso.com/default.aspx
    Server: Microsoft-IIS/7.5
XAspNetVersion: 2.0.50727
XPoweredBy: ASP.NET
ContentLength: 149
HeaderEnd: CRLF

Problem: TMG receives the request with the new location and instead of sending this new location to the client workstation, it sends https://contoso.com/default.aspx (removing the “s”), client receives this 302 and send the request again, causing an eternal loop.

Resolution: in order to fix this problem, use the resolution (method 2) from KB https://support.microsoft.com/kb/924373. Although the KB doesn’t have Forefront TMG 2010 listed, the same approach applies to TMG 2010 (yes, we will update the KB).