Hi Handy,

We are using transparent mode for Web Proxy (WCCP Redirection and Explicit Forward)

I do not have WCCP interface for this network, because on server i am manually configuring proxy serttings to this WSA, so that means its Explicit Forward. All other clients use Explicit forwarding to this WSA.

How to check if AD Server is allowed to redirect traffic for HTTP or HTTPS to that WSA?

AD server is part of Identity on which authentication is set to Exempt from authentication. All my other AD servers are same, but they can access proxy services.

Only things is, on management interface  I have a route to this server, but same route is on other WSA as well.

I have tried unchecking bypass proxy settings still the same.

When I do packet capture, i can see the traffic from IE on Server to WSA (proxy interface not management) TCP SYN packet, but WSA never reply backs to the AD Server. If I do a ping, i can see ping request and reply from WSA.

I even cannot telnet to WSA on 3128, which i can do from any other device which works via Proxy. Again for Telnet, i can see packet capture on WSA, but WSA doesn't reply back to Server.

From your description, looks like you have proxy setting in your IE, therefore your proxy deployment is explicit mode.

If its transparent mode means that you are using WCCP redirection from either switch, router or firewall with WCCP protocol to redirect traffic to WSA and you would not have any proxy server checked in your IE.

In your IE, check under proxy server and advanced, to see anything in your "exceptions" box.

However from your advise from packet capture you are seeing SYN packet from AD server to WSA however no SYN ACK back from WSA.

check to see if you are using the correct port for the proxy in the IE

How many interface that you have set up in WSA (Management, P1, P2), if you are using P1 and P2 as well, make sure in IE you are pointing to the data interface of WSA (P1) not the management interface (if this is restricted to management only)

Yes, for WCCP redirection i have configuration on my core switch redirecting traffic to WSA, on WSA i have three WCCP configurations for that mainly for BYOD devices.

I have around 7 interface, M1, P1, and WCCP redirection interfaces. In my proxy settings i have configured P1 interface IP address which is data port, even i tried to connect to other 5 interfaces as well, WSA show SYN packet in packet capture but doesn't reply back, where on other client machines, if i configure those other interface as my proxy explicitly, it works. Only M1 is restricted to management traffic only, all others are data port.

I am using correct port in IE, even tried port 80 as well which is also configured in my Webproxy.

Its really strange behavior of WSA and AD server. Does certificate or any other can create issues?

In server logs, i am getting WSA Demo Certification verification fail errors every 1 minute, can certificates cause issue?

Proxy settings also seems fine on server, there is nothing in exceptions in advance proxy setting, but even irrespective of proxy settings, WSA should reply back to Telnet connection on 3128 or 80, it does for all other machines, but for this i cannot see reply for telnet connection as well.