Consider the following scenario:
- You have a computer that is running Forefront TMG 2010.
- You have a Web server that automatically redirects HTTP requests to Secure Socket Layer (SSL) requests.
- You configure the Web listener to listen for HTTP requests and also to use bridging.
- You configure the Web listener and the bridging for both HTTP and for SSL requests (HTTPS).
In this scenario, when the Web server receives an HTTP request, it redirects the request to the TMG adding the https on the new location within the header as shown below:
- GET Request sent from TMG to the internal Server:
Http: Request, GET /default.aspx
+ URI: /default.aspx
Via: 1.1 TMG
- Web Server reply with the new location:
Http: Response, HTTP/1.1, Status: Moved temporarily, URL: /default.aspx
StatusCode: 302, Moved temporarily
Problem: TMG receives the request with the new location and instead of sending this new location to the client workstation, it sends http://contoso.com/default.aspx (removing the “s”), client receives this 302 and send the request again, causing an eternal loop.
Resolution: in order to fix this problem, use the resolution (method 2) from KB http://support.microsoft.com/kb/924373. Although the KB doesn’t have Forefront TMG 2010 listed, the same approach applies to TMG 2010 (yes, we will update the KB).