Re: FTP mit ISA 2004

From: "Tobias Redelberger \(MVP - SBS\)" <T.Redelberger@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 5 Dec 2007 14:52:20 +0100

Hi Bernd

irgendwie steh ich voll auf dem Schlauch, eine FTP-Zugriff zu
konfigurieren. Ich habe einen SBS R2 mit ISA 2004, 2 NIC, FTP Regeln
konfiguriert (bzw. hat auch der Assistent schon gemacht). Dass
standardmässig kein Upload zugelassen ist, weiss ich, habe daher bei
der SBS Internet Access rule (FTP) den Haken bei "nur lesen"
weggeklickt. Trotzdem verbindet mich der FTP Client nicht und gibt
Timeout-Fehler. Im CLient (FW-Einstellungen) selbst habe ich die IP
des ISA auch eingestellt (ich benutze TotalCommander, FileZilla geht
aber auch nicht). Kann mir bitte jemand mal einen Tipp geben, wo ich
das Konfigurationsbrett vorm Kopf habe? Dank vorab!

Unabhänig vom Regelwerk ist folgendes zu beachten:

Best practices and known issues when you install Windows Server 2003 Service
Pack 2 on a Windows Small Business Server 2003-based computer
http://support.microsoft.com/kb/939421/en-us

You may experience network-related problems after you install Windows Server
2003 SP2 or the Scalable Networking Pack on a Windows Small Business Server
2003-based computer
http://support.microsoft.com/kb/936594/en-us

[..]
SYMPTOMS
.. When you try to connect to the server by using a VPN connection, you
receive the following error message:
Error 800: Unable to establish connection.
.. You cannot create a Remote Desktop Protocol (RDP) connection to the
server.
.. You cannot connect to shares on the server from a computer on the local
area network.
.. You cannot join a client computer to the domain.
.. You cannot connect to Microsoft Exchange Server from a computer that is
running Microsoft Outlook.
.. You can only connect to Web sites that are hosted on the server or on the
Internet by using a secure sockets layer (SSL) connection. In this scenario,
you cannot connect to a Web site that does not use SSL encryption.
.. You experience slow network performance.
.. You cannot create an outgoing FTP connection from the server.
.. The DHCP Server service crashes.
.. Clients experience slow domain logons.
.. Network Address Translation (NAT) clients that are located behind Windows
SBS 2003 experience intermittent connection failures.
.. You experience intermittent RPC communications failures.
.. Clients that are configured as SecureNat clients may be unable to connect
to the Internet.
.. Some Outlook clients may be unable to connect to Exchange.
.. You cannot run the Configure E-mail and Internet Connection Wizard
successfully.
.. Microsoft Internet Security and Acceleration (ISA) Server blocks RPC
communications.
.. Clients cannot visit the http://companyweb Web site.
.. You cannot browse Internet Information Services (IIS) Virtual Directories.

CAUSE
This problem occurs because of a problem that exists in NAT in Windows
Server 2003. This problem is exposed when you enable one of the following
features on a network adapter that meets the NDIS 5.2 specification or a
later version of this specification:

.. Receive Side Scaling (RSS)
.. TCP/IP offloading

Windows Server 2003 SP2 and the Windows Server 2003 Scalable Networking Pack
include features to implement stateful and stateless offloading. The
offloading feature accelerates the Windows networking stack. The networking
update that is included in Windows Server 2003 SP2 and in the Windows Server
2003 Scalable Networking Pack includes the following features:

.. TCP Chimney Offload
.. Receive Side Scaling
.. Network Direct Memory Access (NetDMA)

A problem exists that affects NAT when you have Receive Side Scaling
enabled. Therefore, after you install Windows Server 2003 SP2 or the Windows
Server 2003 Scalable Networking Pack on a computer, you experience the
symptoms that are mentioned in the "Symptoms" section.

RESOLUTION
The following file is available for download from the Microsoft Download
Center:

Download the 936594 package now
(http://www.microsoft.com/downloads/details.aspx?FamilyId=50A878A3-EC91-40FC
-BA6F-BB5C9982AED8).
[..]
Source: http://support.microsoft.com/kb/936594/en-us

--
Tobias Redelberger
StarNET Services (HomeOffice)
Schoenbornstr. 57
D-97440 Werneck
Tel: +49 (9722) 4835
Mobil: +49 (179) 25 98 341
Email: T.Redelberger@xxxxxxxxxxxxxxxxxxxx

.

Follow-Ups:
- Re: FTP mit ISA 2004
  - From: Bernd Unkel

References:
- FTP mit ISA 2004
  - From: Bernd Unkel

Prev by Date: Re: FTP mit ISA 2004
Next by Date: Re: SecureNat Authentifizierung auf Benutzerebene
Previous by thread: Re: FTP mit ISA 2004
Next by thread: Re: FTP mit ISA 2004
Index(es):
- Date
- Thread

Relevant Pages

Re: Replikation W2K <-> W2K3
... In einer neu installierten Windows Server 2003 Domain hat die Gruppe ... Do you have satisfying disk space that will allow you to complete ...
(microsoft.public.de.german.windows.server.active_directory)
Re: been hit by hacker, servudaemon installed
... Every single one of the web servers and internet server operating systems ... Windows, Apache, you name it. ... commands they entered in your IIS server logs. ...
(microsoft.public.inetserver.iis.security)
Re: Qffentliche_Ordner_und_Mailgroups_?= verschieben
... nun muss ich alles auf den neuen Server ... Dann datest Du zuerst den Exchange auf 2003 ab und dann das Windows ... Domain hat die Gruppe 'Enterprise Domain Controllers' automatisch ... Do you have satisfying disk space that will allow you to complete ...
(microsoft.public.de.exchange)
Re: been hit by hacker, servudaemon installed
... >Every single one of the web servers and internet server ... >Windows, Apache, you name it. ... >commands they entered in your IIS server logs. ...
(microsoft.public.inetserver.iis.security)
Re: login attempts
... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
(microsoft.public.win2000.security)