Re: FTP on IIS6.0 Not Working

From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 03/03/04 

Date: Wed, 3 Mar 2004 14:44:23 +0800

what tool do you use to login ?
have you try ftp.exe command line util to login from remote machine ?

if you are sure 21/20 ports is open, you should be able to use ftp.exe
to login and do dir list. 

-- 
Regards,
Bernard Cheah
http://support.microsoft.com/
Please respond to newsgroups only ...
"Jenna" <stilesj AT meachamapel DOT com> wrote in message
news:Oh6t8GJAEHA.220@TK2MSFTNGP09.phx.gbl...
> Thank you for your response, Bernard.
> I have ISA configured exactly as in MS KB 294679, which opens 21 and 20
for
> FTP.  This was already set up before the upgrade to IIS 6.0 and was
working
> before, as well.
>
> I could try the passiveportrange thing and configure it on ISA, however we
> have a Cisco Router, as well.  It is configured to allow traffic on 20 and
> 21, but I wouldn't guarantee the higher ports for that.
>
> This was all working fine before our upgrade to Windows 2003 and IIS 6.0,
> which is why my concern that there's potentially another setting in IIS
that
> changed to mess this up.  I'm also thinking this because it does appear to
> authenticate me okay with my user name and password, and the log indicates
> this, as well.  It just won't let me see or do anything and appears to
just
> close the connection with a time out, based on the log.
>
> Actually, here's the most recent log of my attempts, if it helps from the
> MSFTPSVC1 folder in my LogFiles directory:
> #Software: Microsoft Internet Information Services 6.0
> #Version: 1.0
> #Date: 2004-03-02 17:27:48
> #Fields: time c-ip cs-username s-ip s-port cs-method cs-uri-stem sc-status
> sc-win32-status cs(User-Agent)
> 17:28:19 127.0.0.1 username 10.0.0.4 21 [10]USER username 331 0 -
> 17:28:19 127.0.0.1 username 10.0.0.4 21 [10]PASS - 230 0 -
> 17:28:19 127.0.0.1 username 10.0.0.4 21 [11]USER username 331 0 -
> 17:28:19 127.0.0.1 username 10.0.0.4 21 [11]PASS - 230 0 -
> 17:28:19 127.0.0.1 username 10.0.0.4 21 [11]CWD /library 250 0 -
> 17:28:50 127.0.0.1 username 10.0.0.4 21 [11]CWD /library 250 0 -
> 17:28:55 127.0.0.1 username 10.0.0.4 21 [12]USER username 331 0 -
> 17:28:55 127.0.0.1 username 10.0.0.4 21 [12]PASS - 230 0 -
> 17:28:55 127.0.0.1 username 10.0.0.4 21 [12]CWD /library 250 0 -
> 17:29:11 127.0.0.1 username 10.0.0.4 21 [11]CWD /library 250 0 -
> 17:30:28 127.0.0.1 username 10.0.0.4 21 [10]closed - 421 121 -
> 17:31:28 127.0.0.1 username 10.0.0.4 21 [11]closed - 421 121 -
>
> So, if I'm reading this correctly, it authenticates me okay and even
appears
> to open the folder okay and you can see the internal ip, so it must be
> resolving okay.  Am I reading something wrong?  What am I missing?
> Thanks so much for your help!
>
>
> "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> news:%23rfsvaAAEHA.2632@TK2MSFTNGP12.phx.gbl...
> > Great. looks like is ISA ports blocking issue,  now -
> >
> > do you configure FTP running other than default port 21 ?
> > FTP Error: 500 Invalid PORT Command
> > http://support.microsoft.com/?id=281193
> >
> > active mode uses 21 and 20, passive mode by default use
> > dynamic port range from 1024 to 5000.
> >
> > check if your ISA allow connection for port 21/20. this should
> > solve active mode connection.
> >
> > For passive mode, you configure passiveportrange in IIS 6.0.
> > then open the port range in ISA..
> > How To Configure PassivePortRange In IIS
> > http://support.microsoft.com/?id=555022
> >
> >
> > -- 
> > Regards,
> > Bernard Cheah
> > http://support.microsoft.com/
> > Please respond to newsgroups only ...
> >
> >
> > "Bernard" <qbernard@hotmail.com.discuss> wrote in message
> > news:#bF1#K0$DHA.1548@TK2MSFTNGP12.phx.gbl...
> > > Wow.. you have many problems.
> > > Can we start one by one ?
> > >
> > > a) first, test everything locally first.
> > > can you login locally using ftp.exe -> ftp localhost ? or ftp yourip ?
> > >
> > > b) so you have ISA running in the same box with IIS 6 ?
> > >
> > > c) from remote machine, can you login via ftp.exe to your IIS server?
> > > try login and dir listing.
> > > any problem ?
> > >
> > > d) if you use IE to connect, any problems ?
> > >
> > >
> > > -- 
> > > Regards,
> > > Bernard Cheah
> > > http://support.microsoft.com/
> > > Please respond to newsgroups only ...
> > >
> > >
> > > "Jenna" <stilesj AT meachamapel DOT com> wrote in message
> > > news:OLQ8YOW$DHA.4080@TK2MSFTNGP09.phx.gbl...
> > > > Okay, bear with me on this...I feel like I've tried everything and
> can't
> > > get
> > > > this to work!
> > > >
> > > > I had virtual directories set up for an FTP site on our server and
> they
> > > were
> > > > working fine.  They we upgraded the server from Windows 2000 Server
to
> > > > Windows Server 2003 (also Exchange 2000 to Exchange 2003) and from
> > IIS5.0
> > > to
> > > > IIS6.0.
> > > > I guess IIS had a little trouble updating at the time and when it
got
> > > > updated my FTP virtual directories got wiped out.  No problem, I
said,
> > > I'll
> > > > just recreate them.
> > > > Well, I have recreated them and they are inaccessible from remote
> > > computers
> > > > over the internet (I can get on from a computer on the LAN).
> > > > What happens is when I type in the address, it asks for my password
> > > normally
> > > > and even accepts my user name and password, but then breaks down
with
> > this
> > > > message:
> > > > 200 Type set to A
> > > > 500 Invalid PORT command
> > > > 500 LPRT 6,16,0,0,0,0,0,0,0,0,67,0,0,0,0,0,133,96,2,13,29
> > > >
> > > > I was originally referred to KB281193.  I'm not sure how this
article
> > > > provides a solution, though, and the LPRT response I get is clearly
> not
> > > like
> > > > the 6 number example shown.
> > > > The attempt above was without Passive Mode checked in IE.  With
> Passive
> > > Mode
> > > > checked, it just times out after entering the user name and
password.
> > > > I am running ISA Server 2000, but this was set up before the upgrade
> to
> > > > IIS6.0 and I believe all the settings are fine here to allow access.
> I
> > > have
> > > > gone through articles 310110 and 294679 just to be sure.  When I
> > followed
> > > > the "Publish the FTP Site" instructions in 310110, I got an event
log
> > > error:
> > > > Web Proxy Service failed to bind its socket to 10.0.1.2 port 80.
> Could
> > be
> > > > another service using same port or a NIC that's not functional.
> > > > (The NIC is fine and the service continues to run after this
message.)
> > > >
> > > > When following article 294679, it mentions changing the
> EnablePortAttack
> > > > value to 1.  However, I cannot find this variable (or, I believe the
> IIS
> > > > help file mentioned another name for it in 6.0) in the registry
> > anywhere.
> > > > Is this something that I'm supposed to create, or does the fact that
> its
> > > > missing mean that IIS6.0 is not properly installed?
> > > >
> > > > I also read some information about setting the PassivePortRange
> > > (KB555022),
> > > > but am not sure how this would help.
> > > >
> > > > Another note that may or may not be helpful:  I'm setting up the
> virtual
> > > > directories on FTP as a path to another server.  I have it set up to
> use
> > > the
> > > > user's authentication so that it uses their permissions when
accessing
> > the
> > > > folder.  This does cause an error in the event log upon creation and
> > > > reboots:
> > > > Unable to add virtual root '/foldername' for the directory
> > > > '\\server\foldername' due to the following error: Access is denied.
> > > > Despite this I can still access this from a computer on the LAN.  If
I
> > > > assign to use a specific user's permissions, I don't get that error,
> but
> > > > there's too much access then, and I still can't access remotely.
> > > >
> > > > Finally, I've been considering doing a VPN using PPTP for a more
> secure
> > > > option instead...is this relatively easy and should I just try that
> and
> > > give
> > > > up on FTP?
> > > > Thanks, anyone, for some help or advice...this is driving me crazy!
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: IIS / Web Services Security threats
    ... > believe the weblogic designated ports are open in firewall. ... > Sec configuration may make the network little secure. ... >>> My security team thinks allowing communication between the two IIS ...
    (microsoft.public.dotnet.framework.webservices)
  • RE: SBS Web Remote Webworkplace Login
    ... I checked the IIS log and Metadata, I found IIS setting are not correctly ... Microsoft CSS Online Newsgroup Support ... SBS Web Remote Webworkplace Login ...
    (microsoft.public.windows.server.sbs)
  • Re: Very good break in
    ... IIS is not running on this machine. ... netBIOS ports are blocked at the edge. ... of course there are no iis logs. ... just installing patches is not enough to secure a computer... ...
    (microsoft.public.win2000.security)
  • Re: Can login domain be set to a default?
    ... need for specifying a login domain. ... accounts of the IIS box (and the login process needs a way to ... cannot specify a default domain for Windows integrated authentication ... > The internal domain for the three servers is different than the web site ...
    (microsoft.public.windows.server.security)
  • Re: Can login domain be set to a default?
    ... the default is set in IIS mgr. ... server gets to be privy to the name and pwd, ... > suggest and set the default login domain in clear text mode. ... >>> When users access a secured web site I manage the normal Windows login ...
    (microsoft.public.windows.server.security)