This behavior can often be due to a simple misconfiguration, but this KB article may apply:;en-us;912122

In general, these errors often revolve around authentication issues. You certainly do not want to ever allow credentials to pass over unencrypted HTTP. ISA 2004 SP2 and later will disallow HTTP connections to a listener that it deems to be configued insecurely (not SSL, authentication required or even supported)

In order to use WebDirect with the minimum amount of hassle, maintain security, and not lose this important protection that ISA adds, we recommend the following type of configuration.

When you accept connections to HTTP for the purpose of redirecting them into HTTPS, use a separate HTTP-only listener that does not require authentication. Make sure all webdirect rules use listeners of this type, and have "All users" set in their Users tab.

This configuration should allow users to hit the redirect rules and then return in HTTPS mode to your true publishing rule that supports correct authentication in a secure fashion.