Re: FTP on IIS6.0 Not Working

From: Jenna (stilesj)
Date: 03/01/04 

Date: Mon, 1 Mar 2004 12:21:49 -0500

I had disabled socket pooling previously, but when I checked again per the
article you sent, it appeared to be enabled again. I went through the
instructions in that article again, and checked several times and now it
only shows as listening on the internal and external ip addresses and not
0.0.0.0.

I still can't find an entry for EnablePortAttack, if that's a problem. The
registry just has the following keys under Parameters:
(Default) REG_SZ (value not set)
AllowGuestAccess REG_DWORD 0x00000000 (0)
InstallPath REG_SZ C:\WINNT\system32\inetsrv
MajorVersion REG_DWORD 0x00000006 (6)
MinorVersion REG_DWORD 0x00000000 (0)

Using ftp.exe to the external ip (from inside the LAN) lets me log in, but
when I try ls, it says
500 Invalid PORT command
150 Opening ASCII mode data connection for file list.
Then it times out.

Using ftp.exe to the internal ip (from inside the LAN) lets me log in and
run ls or dir with no problems.

I will try again from a remote location tonight and see if the socket
pooling disabling made a difference there.

"Paul Lynch" <paul.lynch@nospam.com> wrote in message
news:i93640t8vaafsg1ukdhb7fuq4dojbrp8s3@4ax.com...
> On Fri, 27 Feb 2004 13:57:41 -0500, "Jenna" <stilesj AT meachamapel
> DOT com> wrote:
>
> >Okay, bear with me on this...I feel like I've tried everything and can't
get
> >this to work!
> >
> >I had virtual directories set up for an FTP site on our server and they
were
> >working fine. They we upgraded the server from Windows 2000 Server to
> >Windows Server 2003 (also Exchange 2000 to Exchange 2003) and from IIS5.0
to
> >IIS6.0.
> >I guess IIS had a little trouble updating at the time and when it got
> >updated my FTP virtual directories got wiped out. No problem, I said,
I'll
> >just recreate them.
> >Well, I have recreated them and they are inaccessible from remote
computers
> >over the internet (I can get on from a computer on the LAN).
> >What happens is when I type in the address, it asks for my password
normally
> >and even accepts my user name and password, but then breaks down with
this
> >message:
> >200 Type set to A
> >500 Invalid PORT command
> >500 LPRT 6,16,0,0,0,0,0,0,0,0,67,0,0,0,0,0,133,96,2,13,29
> >
> >I was originally referred to KB281193. I'm not sure how this article
> >provides a solution, though, and the LPRT response I get is clearly not
like
> >the 6 number example shown.
> >The attempt above was without Passive Mode checked in IE. With Passive
Mode
> >checked, it just times out after entering the user name and password.
> >I am running ISA Server 2000, but this was set up before the upgrade to
> >IIS6.0 and I believe all the settings are fine here to allow access. I
have
> >gone through articles 310110 and 294679 just to be sure. When I followed
> >the "Publish the FTP Site" instructions in 310110, I got an event log
error:
> >Web Proxy Service failed to bind its socket to 10.0.1.2 port 80. Could
be
> >another service using same port or a NIC that's not functional.
> >(The NIC is fine and the service continues to run after this message.)
> >
> >When following article 294679, it mentions changing the EnablePortAttack
> >value to 1. However, I cannot find this variable (or, I believe the IIS
> >help file mentioned another name for it in 6.0) in the registry anywhere.
> >Is this something that I'm supposed to create, or does the fact that its
> >missing mean that IIS6.0 is not properly installed?
> >
> >I also read some information about setting the PassivePortRange
(KB555022),
> >but am not sure how this would help.
> >
> >Another note that may or may not be helpful: I'm setting up the virtual
> >directories on FTP as a path to another server. I have it set up to use
the
> >user's authentication so that it uses their permissions when accessing
the
> >folder. This does cause an error in the event log upon creation and
> >reboots:
> >Unable to add virtual root '/foldername' for the directory
> >'\\server\foldername' due to the following error: Access is denied.
> >Despite this I can still access this from a computer on the LAN. If I
> >assign to use a specific user's permissions, I don't get that error, but
> >there's too much access then, and I still can't access remotely.
> >
> >Finally, I've been considering doing a VPN using PPTP for a more secure
> >option instead...is this relatively easy and should I just try that and
give
> >up on FTP?
> >Thanks, anyone, for some help or advice...this is driving me crazy!
> >
>
> Jenna,
>
> In addition to Bernard's suggestions, try disabling socket spooling as
> per this article :
>
> Publishing FTP server on ISA
> http://www.isaserver.org/tutorials/Publishing_FTP_server_on_ISA.html
>
>
> Regards,
>
> Paul Lynch
> MCSE

Loading