Re: Access to external FTP server

Hi Jim:
Thank you for your reply.

I am sorry for the delayed response and the inconvenience this issue has
brought to you. I want to clarify that I have spent several hours in
performing research and test on my side. This issue appears to be very
tough and may need a deep investigation. From the ISA log and ISAinfo we
are not able to find out the root cause. (What we obtain is just a clue
which indicates the data connection is terminated with an error)

Since you can use WS_FTP to upload to and download from the previous FTP
site, the FTP access rule in ISA should be correct. From your latest
description, I want to confirm some information with you:

1. You mentioned that file upload is denied no matter you use IE or WS_FTP
client, then can you download file from the problematic file? If file
download works fine, you may need to check whether the 'Read Only' checkbox
in FTP protocol definition is cleared in ISA2004 management console.

You can try the following steps:

Open ISA2004 management console, find 'SBS FTP Outbound Access Rule' from
Firewall Policy, double-click it, switch to 'Protocols' pane, click
'Filtering' and select 'Configure FTP'. In the 'Configures FTP protocol
policy' dialog box, remove the checkmark in the 'Read Only' checkbox. Does
this problem persist?

2. Open a command prompt window on your client computer. At the command
prompt enter ftp and press ENTER. Next, at the FTP command prompt, enter
'open <IP address of the FTP server>' and press ENTER. Enter the user name
anonymous at the FTP command prompt and press ENTER, then enter a password.
After logging on enter dir. A list of files appears at the command prompt.
Try using the 'get' command to download a file (e.g. 'get abc.txt'). Will
this download be successful? Next, use the put command to upload a file to
the site (e.g. 'upload c:\abc.txt' the file exists in your local computer).
Will this upload be successful? You may have a try at your convenience and
tell me the result.

3. If the issue persists, in order to make a deep investigation, would you
please tell us the IP address/URL of the problematic FTP site? However, you
may also offer us a temporarily username/password to logon. In this way, I
can do the test from my side and capture the network package when this
problem is reproduced. I appreciate your understanding and cooperation.:)

I will try my best to work with you to resolve this issue. If anything is
unclear, please don't hesitate to let me know, I am glad to be of
assistance.

Have a nice day, Jim!:)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Jim G" <Jim G@xxxxxxxx>
| References: <ObfTBQgjFHA.3692@xxxxxxxxxxxxxxxxxxxx>
<t5nygpojFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
<eAW0oN7jFHA.3568@xxxxxxxxxxxxxxxxxxxx>
<2mjKoeRkFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Access to external FTP server
| Date: Mon, 25 Jul 2005 18:32:39 -0400
| Lines: 252
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <OMx3EjWkFHA.3064@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: cpe-65-27-242-218.cinci.res.rr.com 65.27.242.218
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:138647
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward,
|
| Here's the connection log from WS_FTP Pro.
|
| WINSOCK.DLL: WinSock 2.0
| WS_FTP Pro, Version 8.03, 2003.12.16
| Connecting to nn.nnn.nnn.nnn:21
| Connected to nn.nnn.nnn.:21 in 0.000000 seconds, Waiting for Server
Response
| 220 Microsoft FTP Service
| Host type (1): Automatic detect
| USER userid
| 331 Password required for userid.
| PASS (hidden)
| 230 User userid logged in.
| SYST
| 215 Windows_NT
| Host type (2): Microsoft NT
| Sending "FEAT" command to determine what features this server supports.
| FEAT
| 211-FEAT
| SIZE
| MDTM
| 211 END
| Finished interpreting "FEAT" response.
| Sending the FEAT command is optional. You can disable it in the site
| options of the profile.
| PWD
| 257 "/userid" is current directory.
| TYPE A
| 200 Type set to A.
| PASV
| 227 Entering Passive Mode (nn,nnn,nnn,nnn,14,93).
| connecting data channel to nn.nnn.nnn.nnn:14,93(3677)
| data channel connected to nn.nnn.nnn.nnn:14,93(3677)
| LIST
| 125 Data connection already open; Transfer starting.
| transferred 9557 bytes in 0.171 seconds, 436.350 Kbps ( 54.544 Kbps),
| transfer succeeded.
| 226 Transfer complete.
|
| "Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:2mjKoeRkFHA.3672@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Jim:
| > Thank you for your reply.
| >
| > I am sorry for the delayed response due to weekend. Please understand
that
| > the newsgroups are staffed weekdays by Microsoft Support professionals
to
| > answer your systems and applications questions. Your understanding is
| > greatly appreciated!
| >
| > In the ISA log, I found the code 0x80074e20 which means a graceful
| > shutdown
| > (0x80074e21 means an abnormal shutdown). I read the log file and notice
| > that the connection to the port 21 of the FTP server is established
| > successfully, but terminate when try to establish a data connection.
| >
| > We need to determine if the issue occurs on our product. I would suggest
| > you perform a test to access the FTP server by using IE. If the problem
| > also occurs in IE, we may need to gather the network traffic data.
| >
| > Please help to perform the following test:
| >
| > 1. Configure ISA's internal NIC as the proxy in Internet Options |
| > Connections tab | LAN Settings button.
| >
| > 2. Check "Enable Folder View" in Internet Options | Advanced button, and
| > then click OK.
| >
| > 3. Use IE to access the problematic FTP site, does the problem still
| > occur?
| > You may need to input username and password in File | Login as...
| >
| > 4. Uncheck "Enable Folder View" in Internet Options | Advanced button,
and
| > then click OK.
| >
| > 5. Use IE to access the problematic FTP site, does the problem still
| > occur?
| >
| > I look forward to hearing from you. If anything is unclear, please feel
| > free to let me know, I am glad to be of assistance.
| > Have a good day!:)
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | From: "Jim G" <Jim G@xxxxxxxx>
| > | References: <ObfTBQgjFHA.3692@xxxxxxxxxxxxxxxxxxxx>
| > <t5nygpojFHA.2700@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: Access to external FTP server
| > | Date: Sat, 23 Jul 2005 14:21:57 -0400
| > | Lines: 96
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <eAW0oN7jFHA.3568@xxxxxxxxxxxxxxxxxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: cpe-65-27-242-218.cinci.res.rr.com 65.27.242.218
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:138312
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Edward,
| > |
| > | I just responded to your questions and sent you the requested log
files.
| > |
| > | Thanks,
| > |
| > | Jim G
| > |
| > | "Edward Tian" <v-edtian@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:t5nygpojFHA.2700@xxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hi Jim:
| > | > Please also send the ISA logs directly to my mailbox:
| > | > v-edtian@xxxxxxxxxxxxx
| > | >
| > | > Thank you very much.
| > | > Have a nice weekend! :)
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
| > issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
| > check
| > | > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although
| > we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > | > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > | > rights.
| > | >
| > | > --------------------
| > | > | From: "Jim G" <Jim G@xxxxxxxxxxxxx>
| > | > | Subject: Access to external FTP server
| > | > | Date: Thu, 21 Jul 2005 10:53:48 -0400
| > | > | Lines: 20
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| > | > | Message-ID: <ObfTBQgjFHA.3692@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: station.aici.com 162.95.80.214
| > | > | Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.windows.server.sbs:137808
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | I'm using Ipswitch WS_FTP Pro to upload my web site to my
external
| > web
| > | > host.
| > | > | I just switched hosting companies. I can upload to and download
from
| > my
| > | > | previous site but not to and from the new site (host). I get "550
| > Access
| > | > is
| > | > | Denied." I get the same error using My Network Places in Windows
XP
| > Pro
| > | > SP2.
| > | > |
| > | > | My workaround is to use a workstation "outside" my SBS 2003 SP1
| > domain -
| > | > | plugged into the router in front of the SBS box.
| > | > |
| > | > | I checked the settings in WS_FTP. There are no differences between
| > the
| > | > two
| > | > | sites.
| > | > |
| > | > | When I upgraded to ISA2004, I had to modify the FTP
rules/settings
| > to
| > | > allow
| > | > | WS_FTP to access my old site. This should work for the new site -
| > any
| > | > site
| > | > | really.
| > | > |
| > | > | What can I check?
| > | > |
| > | > | Jim G
| > | > |
| > | > |
| > | > |
| > | >
| > |
| > |
| > |
| >
|
|
|

.

Loading