RE: Telnet/ftp problems SBS2000

Dear Peter:
Thank you for posting here. I am sorry for the delayed response due to
weekend. Please understand that the newsgroups are staffed weekdays by
Microsoft Support professionals to answer your systems and applications
questions. Your understanding is greatly appreciated!

>From your description, I understand that you cannot use ftp service to
access the outside resource. However, the connection can be established but
then you received a message saying that the remote server disconnected you.
If I am off base, please feel free to let me know.

Before we go any further, could you do me a favor and gather the following
information in order to narrow down this issue:

1. Please make sure your client computers are configured as both Firewall
Client and Web Proxy Client.
To be a Firewall client, the workstation needs to have the ISA Firewall
Client software installed.
To be a Web Proxy client, the workstation should configure its web browser
(e.g. IE) to use the ISA server as the proxy server.

2. Open IE, click Tools->Internet Options, and then click Advanced. You
will find two options "Enable folder view for FTP sites" and "Use Passive
FTP". Please help to perform the following steps:
a. Check the option "Enable folder view for FTP sites", then use IE to
access the FTP site ftp://ftp.microsoft.com , can you access the shares?

b. Uncheck the option "Enable folder view for FTP sites" and check the
option "Use Passive FTP", then try again.

c. Uncheck the option "Enable folder view for FTP sites" and uncheck the
option "Use Passive FTP", then try again.

Does one of the steps work normally? This can help us make sure whether ISA
server blocks the FTP traffic.

3. Since you mentioned that you could connect to the ftp site, it appears
that the control connection has been successfully established, but the data
connection was refused. So could you tell me which mode does this ftp site
use, active mode or passive mode? Does this FTP site use a non-standard
port? (other than port 21)

4. Make sure the FTP Access Filter is enabled.
To do so, please open ISA management console, navigate to
servername\Extensions\Application Filters, on the right pane, double click
FTP Access Filter. Double check if the option "Enable this filter" is
checked.

5. Does FTP service ever work before? If it works fine before, what changes
had been made before the issue occurred?

In addition, I would like to provide some information in regard to the two
modes of FTP service.

For your reference:
Technically, FTP uses TCP as transport protocol to provide reliable
end-to-end connections. Two connections are used: the first is the control
connection and the second is the data connection that is managing the data
transfer. The user who initiates the control connection assumes the client
function, while the server function is provided by the remote host. When an
FTP client wants to exchange files with an FTP server, the FTP client must
first set up the control connection. The client makes a TCP connection from
a random unprivileged port N (N > 1023) to the FTP server's well known
command port 21 (the IANA assigned port number). After that the data
connection will be established and then the file transfer begins.

There are two FTP modes: Active Mode and Passive Mode.

In active mode, the client sends a PORT command to the server. Basically
this command tells the server to which host (IP address) and port number
(unprivileged port > 1023) the server must connect back for the data
connection. After accepting the Port command, the server will then
establish the data connection from its local data port 20 (the IANA
assigned port number) to the IP address and port number learned from the
PORT command.

In passive mode, the client sends a PASV command to the server. Basically
this command asks the server to "listen" on a data port (which is not its
default data port 20) and to wait for a connection rather than to initiate
one. If the server supports the passive mode, it will send a reply to this
command including the host (IP address) and port number (unprivileged port
> 1023) this server is listening on. The client will then establish the
data connection from a local random unprivileged port (> 1023) to the IP
address and port number learned from the PASV reply.

It is important to note that the data connection will only be established
upon receipt of the reply to the Transfer Service commands such as LIST,
RETR, STOR. So, the FTP mode must be selected by the client before sending
the appropriate Transfer Service command.


Regarding the SMTP issue, can you send/receive email normally? If not, did
it work before?
I would like to suggestion that we make a further investigation after the
first issue is resolved or initiate a new thread. Do you agree?

(It is recommended that we focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner. Thanks for
your understanding.)

Hope the above information helps. If you have any questions or concerns,
please feel free to let me know.
Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Peter Smith" <psmith@xxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Telnet/ftp problems SBS2000
| Date: Sun, 21 Aug 2005 15:07:30 +0100
| Lines: 24
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <eXaOfjlpFHA.1412@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: userdb097.dsl.pipex.com 62.190.225.97
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:146359
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| help!!!
|
| I support a number of small SBS systems but I have one with a problem
that I
| just can't resolve. I cannot telnet or ftp from the clients even though
the
| firewall client is running. I've tried this from one of the other SBS
| systems and I know it should all work. This is what you see happen in the
| command window:
|
| Ping works, tracert works.
| ftp to outside appears to connect and then immediately you get a message
| saying the remote server disconnected you
| telnet to an smtp server on port 25 and this happens:
| the screen is cleared and then a message to press any key to continue....
| If you do you get an underline character at the beginning of the under
the p
| of press.
| If you press a key again you get connection to host lost....
|
| I have re-run the Internet Connection Wizard to make sure everything is
| standard but it makes no difference.
|
| Pete Smith
|
|
|
|

.

Relevant Pages

  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
    ... someone pointed out to me that tftp is not ftp. ... Standard FTP commands run over port 21, file xfers use port 20; ... When a client behind a firewall initiates an FTP connection ...
    (SuSE)
  • Re: Telnet/ftp problems SBS2000
    ... | through the server to get internet access everything works. ... | client uses an internet backup company to backup his really vital data, ... I understand that you cannot use ftp service to ... the connection can be established ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Telnet/ftp problems SBS2000
    ... the client became desperate so we had to find a ... the software communicates on port 308. ... So I don't really know if telnet or ftp ... the connection can be established ...
    (microsoft.public.windows.server.sbs)