Consider the following scenario:
In this scenario, when the Web server receives an HTTP request, it redirects the request to the TMG adding the https on the new location within the header as shown below:
- GET Request sent from TMG to the internal Server:
Http: Request, GET /default.aspx Command: GET + URI: /default.aspx ProtocolVersion: HTTP/1.1 Via: 1.1 TMG Host: contoso.com Accept: */* Accept-Language: en-us Connection: Keep-Alive Accept-Encoding: peerdist HeaderEnd: CRLF
- Web Server reply with the new location:
Http: Response, HTTP/1.1, Status: Moved temporarily, URL: /default.aspx ProtocolVersion: HTTP/1.1 StatusCode: 302, Moved temporarily Reason: Found Cache-Control: private Location: https://contoso.com/default.aspx Server: Microsoft-IIS/7.5 XAspNetVersion: 2.0.50727 XPoweredBy: ASP.NET ContentLength: 149 HeaderEnd: CRLF
Problem: TMG receives the request with the new location and instead of sending this new location to the client workstation, it sends http://contoso.com/default.aspx (removing the “s”), client receives this 302 and send the request again, causing an eternal loop.
Resolution: in order to fix this problem, use the resolution (method 2) from KB http://support.microsoft.com/kb/924373. Although the KB doesn’t have Forefront TMG 2010 listed, the same approach applies to TMG 2010 (yes, we will update the KB).