Troubleshooting HTTP 502: The Uniform Resource Locator (URL) does not use a recognized protocol

An HTTP 502 status error with the message "The URL does not use a recognized protocol, Confirm that a valid protocol is in use (for example, HTTP for a Web request)" is generated by port resource conflicts and incorrect port requests. This document discusses some of the configuration issues that cause this error to be returned.

By default, the Microsoft® Internet Security and Acceleration (ISA) Server Web Proxy Filter handles requests for Web resources as follows:

  • For outbound Internet requests, the ISA Server Web proxy listener on the default Internal network listens for requests on port 8080 (on all IP addresses). A Web Proxy client request is sent either from a client to the port on which ISA Server is listening for outbound Web requests (8080), or to port 80. Web requests to port 8080 are handled directly by Web Proxy Filter. Web requests to port 80 on the Internal network are redirected for handling by Web Proxy Filter.
  • Web listeners listen for incoming requests for Web resources published by ISA Server on port 80 for HTTP, and port 443 for HTTPS. These Web listeners are used by ISA Server Web publishing rules to proxy incoming requests to internal Web servers.

The 502 status error with the message "The URL does not use a recognized protocol," may arise when resources are in conflict, or when IP and port assignments are duplicated between Web listeners.

Error causes

The causes of this error can be resource conflicts or incorrect port requests. The following sections describe these causes and provide examples.

Resource conflicts

When the 502 error "The URL does not use a recognized protocol" is issued because of a port conflict, the following event appears in the Microsoft Windows Server® application event log:

  • Event ID: 14148
  • Description: The Web Proxy filter failed to bind its socket to <IP address> port <port number>. This may have been caused by another service that is already using the same port, or by a network adapter that is not functional.

Typically, a port conflict may occur when ISA Server is configured with a single network adapter. In this scenario, ISA Server recognizes only the Internal network. If you modify port settings so that the Internal network listens for outbound Web requests on the same port used by a Web listener for a publishing rule on the Internal network, a port conflict occurs. To work around this issue, specify a different port to listen for Web requests on the Internal network, as follows.

To configure an alternate port for outbound Web requests

  1. In ISA Server Management, expand the Configuration node, and then click Networks.

  2. On the details pane, click the Networks tab.

  3. Right-click Internal, and then click Properties.

  4. On the Web Proxy tab, change the port number in HTTP port.

    Note

    You may also need to adjust other rules or link translation dictionaries that process links to this listener.

Incorrect port requests

The 502 error may also be returned when a direct Web request is made to the Web proxy listener, or a proxy request is made to the Web publishing listener. In this case, no event is issued in the Microsoft Windows® Event Log service. To understand how this occurs, it is first necessary to understand the difference between a direct request and a proxy request:

  • When a client browser without Web proxy settings specified makes a request for a Web resource, the browser does the following:
    1. The user types "https://host.domain.tld/path/resource.ext" in the browser.
    2. The browser resolves host.domain.tld to an IP address.
    3. The browser connects to the IP address on TCP:80.
    4. The browser issues a GET /path/resource.ext HTTP/1.x request.
  • When a client browser with Web proxy settings specified makes a request for a Web resource, and assuming the Web Proxy client settings are set to use proxy server proxy.domain.tld:8080, the browser does the following:
    1. The user types "https://host.domain.tld/path/resource.ext" in the browser.
    2. The browser resolves proxy.domain.tld to an IP address.
    3. The browser connects to the proxy IP address on TCP:8080.
    4. The browser issues a GET https://host.domain.tld/path/resource.ext HTTP/1.x request.

Examples

Examples of invalid requests that cause the 502 error "The URL does not use a recognized protocol" include the following:

  • Example 1
    In a single network adapter configuration, the following is configured:
    • Port 80 of the Internal network is used to publish a Web Proxy Automatic Discovery (WPAD) server (WPAD_Server), so that clients can discover proxy configuration information.
    • Port 81 of the Internal network is used by the listener for a Web publishing rule that publishes an internal Web server (Published_Server).
    • WPAD_Server and Published_Server resolve to the same IP address.
    • A client makes a non-proxy request (or clicks a link in a published Web page) for the published Web server using "https://Published_Server" instead of "https://Published_Server:81".
    • The client browser connects to the resolved IP address on port 80 and issues a GET / HTTP/1.x request.
      ISA Server issues an HTTP 502 error because the published Web server is not configured to listen for requests on port 80.
      No alerts or events are issued.
  • Example 2
    In a single network adapter configuration, the following is configured:
    • Port 80 of the Internal network is used to listen for Web proxy requests.
    • Port 8080 of the Internal network is used to publish a WPAD server (WPAD_Server), so that clients can discover proxy configuration information.
    • The client browser makes a proxy request without specifying port 8080, the client browser connects to the resolved IP address on port 80, and then it issues a GET https://host.domain.tld HTTP/1.x request.
      ISA Server issues an HTTP 502 error because the Web listener is not listening for proxy requests.
      No alerts or events are issued.