| Groups | Blog | Home |
iis ftp : Bug with W2K3, SP1, Windows Firewall and FTP
I don't know if this is a documented bug or if the information is wide spread, but since we spend about two days tracking this down, I think it makes sense to share this information with whoever is interested in it. This is the setup where this will occur: - Windows 2003 server with SP1 - Windows firewall turned on - IIS on the same machine - FTP within that IIS Now, add a welcome message to the ftp. As soon as this welcome message contains a <return>, your browser will hang when you navigate to the ftp-site. It does not actually hang, but returns an error much later and your ftp-site is not accessible. Remove all returns from the welcome message, and the ftp-server works just fine... Regards, Benoit Somers.
On Sat, 11 Feb 2006 11:35:30 -0800, EuroMaverick
[quoted text, click to view] <EuroMaverick@discussions.microsoft.com> wrote: >Hello people, > >I don't know if this is a documented bug or if the information is wide >spread, but since we spend about two days tracking this down, I think it >makes sense to share this information with whoever is interested in it. > >This is the setup where this will occur: >- Windows 2003 server with SP1 >- Windows firewall turned on >- IIS on the same machine >- FTP within that IIS > >Now, add a welcome message to the ftp. As soon as this welcome message >contains a <return>, your browser will hang when you navigate to the >ftp-site. It does not actually hang, but returns an error much later and your >ftp-site is not accessible. > >Remove all returns from the welcome message, and the ftp-server works just >fine... Returns don't work in a welcome message. Text/Numeric/Space and some other characters only. Technically, you can use a return but you have to use a CrLf in the message, which is not the same as hitting the Enter key.
Well yes, that's what I am saying. However, if you turn of the W2003
firewall, the returns *DO* work nicely and I think that could be considered "unexpected behaviour"... Mav. [quoted text, click to view] "Jeff Cochran" wrote:
> On Sat, 11 Feb 2006 11:35:30 -0800, EuroMaverick > <EuroMaverick@discussions.microsoft.com> wrote: > > >Hello people, > > > >I don't know if this is a documented bug or if the information is wide > >spread, but since we spend about two days tracking this down, I think it > >makes sense to share this information with whoever is interested in it. > > > >This is the setup where this will occur: > >- Windows 2003 server with SP1 > >- Windows firewall turned on > >- IIS on the same machine > >- FTP within that IIS > > > >Now, add a welcome message to the ftp. As soon as this welcome message > >contains a <return>, your browser will hang when you navigate to the > >ftp-site. It does not actually hang, but returns an error much later and your > >ftp-site is not accessible. > > > >Remove all returns from the welcome message, and the ftp-server works just > >fine... > > Returns don't work in a welcome message. Text/Numeric/Space and some > other characters only. Technically, you can use a return but you have > to use a CrLf in the message, which is not the same as hitting the > Enter key. > > Jeff
Yes, both ports are open.
I have only one system so I cannot replicate this on other equipment, but I can very clearly trigger it on my server. There is not too much on that machine either, so I am not thinking of other software immediately... Mav. [quoted text, click to view] "Jeff Cochran" wrote:
> On Sun, 19 Feb 2006 15:11:27 -0800, EuroMaverick > <EuroMaverick@discussions.microsoft.com> wrote: > > >Well yes, that's what I am saying. However, if you turn of the W2003 > >firewall, the returns *DO* work nicely and I think that could be considered > >"unexpected behaviour"... > > The firewall affecting return characters is definitely unexpected. > Both 20 and 21 open on the firewall? > > Jeff > > > > >Mav. > > > >"Jeff Cochran" wrote: > > > >> On Sat, 11 Feb 2006 11:35:30 -0800, EuroMaverick > >> <EuroMaverick@discussions.microsoft.com> wrote: > >> > >> >Hello people, > >> > > >> >I don't know if this is a documented bug or if the information is wide > >> >spread, but since we spend about two days tracking this down, I think it > >> >makes sense to share this information with whoever is interested in it. > >> > > >> >This is the setup where this will occur: > >> >- Windows 2003 server with SP1 > >> >- Windows firewall turned on > >> >- IIS on the same machine > >> >- FTP within that IIS > >> > > >> >Now, add a welcome message to the ftp. As soon as this welcome message > >> >contains a <return>, your browser will hang when you navigate to the > >> >ftp-site. It does not actually hang, but returns an error much later and your > >> >ftp-site is not accessible. > >> > > >> >Remove all returns from the welcome message, and the ftp-server works just > >> >fine... > >> > >> Returns don't work in a welcome message. Text/Numeric/Space and some > >> other characters only. Technically, you can use a return but you have > >> to use a CrLf in the message, which is not the same as hitting the > >> Enter key. > >> > >> Jeff > >> >
On Sun, 19 Feb 2006 15:11:27 -0800, EuroMaverick
[quoted text, click to view] <EuroMaverick@discussions.microsoft.com> wrote: >Well yes, that's what I am saying. However, if you turn of the W2003 >firewall, the returns *DO* work nicely and I think that could be considered >"unexpected behaviour"... The firewall affecting return characters is definitely unexpected. Both 20 and 21 open on the firewall? Jeff [quoted text, click to view] >
>Mav. > >"Jeff Cochran" wrote: > >> On Sat, 11 Feb 2006 11:35:30 -0800, EuroMaverick >> <EuroMaverick@discussions.microsoft.com> wrote: >> >> >Hello people, >> > >> >I don't know if this is a documented bug or if the information is wide >> >spread, but since we spend about two days tracking this down, I think it >> >makes sense to share this information with whoever is interested in it. >> > >> >This is the setup where this will occur: >> >- Windows 2003 server with SP1 >> >- Windows firewall turned on >> >- IIS on the same machine >> >- FTP within that IIS >> > >> >Now, add a welcome message to the ftp. As soon as this welcome message >> >contains a <return>, your browser will hang when you navigate to the >> >ftp-site. It does not actually hang, but returns an error much later and your >> >ftp-site is not accessible. >> > >> >Remove all returns from the welcome message, and the ftp-server works just >> >fine... >> >> Returns don't work in a welcome message. Text/Numeric/Space and some >> other characters only. Technically, you can use a return but you have >> to use a CrLf in the message, which is not the same as hitting the >> Enter key. >> >> Jeff >>
I'm encountering a bad behavior with Windows Firewall on too. With the
Windows Firewall on, the FTP sessions (using the command line FTP on the client) would be disconnected (the message says something about connection disconnect by server) in about less than 1 minute, but the IIS manager would still show the session is active. If the Windows Firewall is off, everything is well. [quoted text, click to view] "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... > Hello people, > > I don't know if this is a documented bug or if the information is wide > spread, but since we spend about two days tracking this down, I think it > makes sense to share this information with whoever is interested in it. > > This is the setup where this will occur: > - Windows 2003 server with SP1 > - Windows firewall turned on > - IIS on the same machine > - FTP within that IIS > > Now, add a welcome message to the ftp. As soon as this welcome message > contains a <return>, your browser will hang when you navigate to the > ftp-site. It does not actually hang, but returns an error much later and > your > ftp-site is not accessible. > > Remove all returns from the welcome message, and the ftp-server works just > fine... > > Regards, > > Benoit Somers. >
Weird indeed. same behavior if you try connect via ftp.exe on the machine itself ?? -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... > I'm encountering a bad behavior with Windows Firewall on too. With the > Windows Firewall on, the FTP sessions (using the command line FTP on the > client) would be disconnected (the message says something about connection > disconnect by server) in about less than 1 minute, but the IIS manager > would still show the session is active. If the Windows Firewall is off, > everything is well. > > > "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in message > news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >> Hello people, >> >> I don't know if this is a documented bug or if the information is wide >> spread, but since we spend about two days tracking this down, I think it >> makes sense to share this information with whoever is interested in it. >> >> This is the setup where this will occur: >> - Windows 2003 server with SP1 >> - Windows firewall turned on >> - IIS on the same machine >> - FTP within that IIS >> >> Now, add a welcome message to the ftp. As soon as this welcome message >> contains a <return>, your browser will hang when you navigate to the >> ftp-site. It does not actually hang, but returns an error much later and >> your >> ftp-site is not accessible. >> >> Remove all returns from the welcome message, and the ftp-server works >> just >> fine... >> >> Regards, >> >> Benoit Somers. >> > >
You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and let
you know the outcome. [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... > > Weird indeed. same behavior if you try connect via ftp.exe on the machine > itself ?? > > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >> I'm encountering a bad behavior with Windows Firewall on too. With the >> Windows Firewall on, the FTP sessions (using the command line FTP on the >> client) would be disconnected (the message says something about >> connection disconnect by server) in about less than 1 minute, but the IIS >> manager would still show the session is active. If the Windows Firewall >> is off, everything is well. >> >> >> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in message >> news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>> Hello people, >>> >>> I don't know if this is a documented bug or if the information is wide >>> spread, but since we spend about two days tracking this down, I think it >>> makes sense to share this information with whoever is interested in it. >>> >>> This is the setup where this will occur: >>> - Windows 2003 server with SP1 >>> - Windows firewall turned on >>> - IIS on the same machine >>> - FTP within that IIS >>> >>> Now, add a welcome message to the ftp. As soon as this welcome message >>> contains a <return>, your browser will hang when you navigate to the >>> ftp-site. It does not actually hang, but returns an error much later and >>> your >>> ftp-site is not accessible. >>> >>> Remove all returns from the welcome message, and the ftp-server works >>> just >>> fine... >>> >>> Regards, >>> >>> Benoit Somers. >>> >> >> > >
As for the FTP MMC connection status, I believe it is not refresh realtime.
so it may take someting to reflect even after the client has disconnected. -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... > You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and let > you know the outcome. > > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >> >> Weird indeed. same behavior if you try connect via ftp.exe on the machine >> itself ?? >> >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>> I'm encountering a bad behavior with Windows Firewall on too. With the >>> Windows Firewall on, the FTP sessions (using the command line FTP on the >>> client) would be disconnected (the message says something about >>> connection disconnect by server) in about less than 1 minute, but the >>> IIS manager would still show the session is active. If the Windows >>> Firewall is off, everything is well. >>> >>> >>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in message >>> news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>> Hello people, >>>> >>>> I don't know if this is a documented bug or if the information is wide >>>> spread, but since we spend about two days tracking this down, I think >>>> it >>>> makes sense to share this information with whoever is interested in it. >>>> >>>> This is the setup where this will occur: >>>> - Windows 2003 server with SP1 >>>> - Windows firewall turned on >>>> - IIS on the same machine >>>> - FTP within that IIS >>>> >>>> Now, add a welcome message to the ftp. As soon as this welcome message >>>> contains a <return>, your browser will hang when you navigate to the >>>> ftp-site. It does not actually hang, but returns an error much later >>>> and your >>>> ftp-site is not accessible. >>>> >>>> Remove all returns from the welcome message, and the ftp-server works >>>> just >>>> fine... >>>> >>>> Regards, >>>> >>>> Benoit Somers. >>>> >>> >>> >> >> > >
here is a refresh button. I could see the connection time updated after I
clicked the button. BTW, the client I used was the Microsoft FTP.exe. [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... > As for the FTP MMC connection status, I believe it is not refresh > realtime. so it may take someting to reflect even after the client has > disconnected. > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and let >> you know the outcome. >> >> >> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >> news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>> >>> Weird indeed. same behavior if you try connect via ftp.exe on the >>> machine itself ?? >>> >>> >>> -- >>> Regards, >>> Bernard Cheah >>> http://www.iis-resources.com/ >>> http://www.iiswebcastseries.com/ >>> http://msmvps.com/blogs/bernard/ >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>> I'm encountering a bad behavior with Windows Firewall on too. With the >>>> Windows Firewall on, the FTP sessions (using the command line FTP on >>>> the client) would be disconnected (the message says something about >>>> connection disconnect by server) in about less than 1 minute, but the >>>> IIS manager would still show the session is active. If the Windows >>>> Firewall is off, everything is well. >>>> >>>> >>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>> Hello people, >>>>> >>>>> I don't know if this is a documented bug or if the information is wide >>>>> spread, but since we spend about two days tracking this down, I think >>>>> it >>>>> makes sense to share this information with whoever is interested in >>>>> it. >>>>> >>>>> This is the setup where this will occur: >>>>> - Windows 2003 server with SP1 >>>>> - Windows firewall turned on >>>>> - IIS on the same machine >>>>> - FTP within that IIS >>>>> >>>>> Now, add a welcome message to the ftp. As soon as this welcome message >>>>> contains a <return>, your browser will hang when you navigate to the >>>>> ftp-site. It does not actually hang, but returns an error much later >>>>> and your >>>>> ftp-site is not accessible. >>>>> >>>>> Remove all returns from the welcome message, and the ftp-server works >>>>> just >>>>> fine... >>>>> >>>>> Regards, >>>>> >>>>> Benoit Somers. >>>>> >>>> >>>> >>> >>> >> >> > >
From the Windows Firewall log, it looks like that the Firewall closes the
port 21 connection for some reasons. The client then gets the connection disconnected by remote host/service not available, and since the server did not get a proper response from the client, it is still waiting for the next command (that's why the session is still going) until the session times out. So the real question is why is the Windows Firewall doing this? Oh, I also tested it from the server itself. Since the Firewall is not involved in this case, everything went fine. Any thought on this Windows Firewall behavior? [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... > Well, even with the refresh button. it's only as 'real' as you thought. > it will only 'clear' from the list when the tcp connection no longer > appear when you do 'netstat -an' at command prompt. > that's what I have tested in the past. > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >> here is a refresh button. I could see the connection time updated after >> I clicked the button. BTW, the client I used was the Microsoft FTP.exe. >> >> >> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >> news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>> As for the FTP MMC connection status, I believe it is not refresh >>> realtime. so it may take someting to reflect even after the client has >>> disconnected. >>> >>> -- >>> Regards, >>> Bernard Cheah >>> http://www.iis-resources.com/ >>> http://www.iiswebcastseries.com/ >>> http://msmvps.com/blogs/bernard/ >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and >>>> let you know the outcome. >>>> >>>> >>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>> news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>> >>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>> machine itself ?? >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Bernard Cheah >>>>> http://www.iis-resources.com/ >>>>> http://www.iiswebcastseries.com/ >>>>> http://msmvps.com/blogs/bernard/ >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>>> I'm encountering a bad behavior with Windows Firewall on too. With >>>>>> the Windows Firewall on, the FTP sessions (using the command line FTP >>>>>> on the client) would be disconnected (the message says something >>>>>> about connection disconnect by server) in about less than 1 minute, >>>>>> but the IIS manager would still show the session is active. If the >>>>>> Windows Firewall is off, everything is well. >>>>>> >>>>>> >>>>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>>>> Hello people, >>>>>>> >>>>>>> I don't know if this is a documented bug or if the information is >>>>>>> wide >>>>>>> spread, but since we spend about two days tracking this down, I >>>>>>> think it >>>>>>> makes sense to share this information with whoever is interested in >>>>>>> it. >>>>>>> >>>>>>> This is the setup where this will occur: >>>>>>> - Windows 2003 server with SP1 >>>>>>> - Windows firewall turned on >>>>>>> - IIS on the same machine >>>>>>> - FTP within that IIS >>>>>>> >>>>>>> Now, add a welcome message to the ftp. As soon as this welcome >>>>>>> message >>>>>>> contains a <return>, your browser will hang when you navigate to the >>>>>>> ftp-site. It does not actually hang, but returns an error much later >>>>>>> and your >>>>>>> ftp-site is not accessible. >>>>>>> >>>>>>> Remove all returns from the welcome message, and the ftp-server >>>>>>> works just >>>>>>> fine... >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Benoit Somers. >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Well, even with the refresh button. it's only as 'real' as you thought.
it will only 'clear' from the list when the tcp connection no longer appear when you do 'netstat -an' at command prompt. that's what I have tested in the past. -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... > here is a refresh button. I could see the connection time updated after I > clicked the button. BTW, the client I used was the Microsoft FTP.exe. > > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >> As for the FTP MMC connection status, I believe it is not refresh >> realtime. so it may take someting to reflect even after the client has >> disconnected. >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and >>> let you know the outcome. >>> >>> >>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>> news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>> >>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>> machine itself ?? >>>> >>>> >>>> -- >>>> Regards, >>>> Bernard Cheah >>>> http://www.iis-resources.com/ >>>> http://www.iiswebcastseries.com/ >>>> http://msmvps.com/blogs/bernard/ >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>> I'm encountering a bad behavior with Windows Firewall on too. With >>>>> the Windows Firewall on, the FTP sessions (using the command line FTP >>>>> on the client) would be disconnected (the message says something about >>>>> connection disconnect by server) in about less than 1 minute, but the >>>>> IIS manager would still show the session is active. If the Windows >>>>> Firewall is off, everything is well. >>>>> >>>>> >>>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>>> Hello people, >>>>>> >>>>>> I don't know if this is a documented bug or if the information is >>>>>> wide >>>>>> spread, but since we spend about two days tracking this down, I think >>>>>> it >>>>>> makes sense to share this information with whoever is interested in >>>>>> it. >>>>>> >>>>>> This is the setup where this will occur: >>>>>> - Windows 2003 server with SP1 >>>>>> - Windows firewall turned on >>>>>> - IIS on the same machine >>>>>> - FTP within that IIS >>>>>> >>>>>> Now, add a welcome message to the ftp. As soon as this welcome >>>>>> message >>>>>> contains a <return>, your browser will hang when you navigate to the >>>>>> ftp-site. It does not actually hang, but returns an error much later >>>>>> and your >>>>>> ftp-site is not accessible. >>>>>> >>>>>> Remove all returns from the welcome message, and the ftp-server works >>>>>> just >>>>>> fine... >>>>>> >>>>>> Regards, >>>>>> >>>>>> Benoit Somers. >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Hey Bernard, I found your Microsoft Help and Support article on configuring
PassivePortRange in IIS, and I also found this one on Windows 2003 Server w/SP1 Firewall that basically says to do the same thing. Does it make sense? http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... > From the Windows Firewall log, it looks like that the Firewall closes the > port 21 connection for some reasons. The client then gets the connection > disconnected by remote host/service not available, and since the server > did not get a proper response from the client, it is still waiting for the > next command (that's why the session is still going) until the session > times out. So the real question is why is the Windows Firewall doing this? > > Oh, I also tested it from the server itself. Since the Firewall is not > involved in this case, everything went fine. Any thought on this Windows > Firewall behavior? > > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >> Well, even with the refresh button. it's only as 'real' as you thought. >> it will only 'clear' from the list when the tcp connection no longer >> appear when you do 'netstat -an' at command prompt. >> that's what I have tested in the past. >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>> here is a refresh button. I could see the connection time updated after >>> I clicked the button. BTW, the client I used was the Microsoft FTP.exe. >>> >>> >>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>> news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>> As for the FTP MMC connection status, I believe it is not refresh >>>> realtime. so it may take someting to reflect even after the client has >>>> disconnected. >>>> >>>> -- >>>> Regards, >>>> Bernard Cheah >>>> http://www.iis-resources.com/ >>>> http://www.iiswebcastseries.com/ >>>> http://msmvps.com/blogs/bernard/ >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and >>>>> let you know the outcome. >>>>> >>>>> >>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>> news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>>> >>>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>>> machine itself ?? >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Bernard Cheah >>>>>> http://www.iis-resources.com/ >>>>>> http://www.iiswebcastseries.com/ >>>>>> http://msmvps.com/blogs/bernard/ >>>>>> >>>>>> >>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>>>> I'm encountering a bad behavior with Windows Firewall on too. With >>>>>>> the Windows Firewall on, the FTP sessions (using the command line >>>>>>> FTP on the client) would be disconnected (the message says something >>>>>>> about connection disconnect by server) in about less than 1 minute, >>>>>>> but the IIS manager would still show the session is active. If the >>>>>>> Windows Firewall is off, everything is well. >>>>>>> >>>>>>> >>>>>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>>>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>>>>> Hello people, >>>>>>>> >>>>>>>> I don't know if this is a documented bug or if the information is >>>>>>>> wide >>>>>>>> spread, but since we spend about two days tracking this down, I >>>>>>>> think it >>>>>>>> makes sense to share this information with whoever is interested in >>>>>>>> it. >>>>>>>> >>>>>>>> This is the setup where this will occur: >>>>>>>> - Windows 2003 server with SP1 >>>>>>>> - Windows firewall turned on >>>>>>>> - IIS on the same machine >>>>>>>> - FTP within that IIS >>>>>>>> >>>>>>>> Now, add a welcome message to the ftp. As soon as this welcome >>>>>>>> message >>>>>>>> contains a <return>, your browser will hang when you navigate to >>>>>>>> the >>>>>>>> ftp-site. It does not actually hang, but returns an error much >>>>>>>> later and your >>>>>>>> ftp-site is not accessible. >>>>>>>> >>>>>>>> Remove all returns from the welcome message, and the ftp-server >>>>>>>> works just >>>>>>>> fine... >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Benoit Somers. >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
I actually re-read those articles, and I realized that since ftp.exe is
using active, the PassivePortRange wouldn't fix the problem... [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... > Hey Bernard, I found your Microsoft Help and Support article on > configuring PassivePortRange in IIS, and I also found this one on Windows > 2003 Server w/SP1 Firewall that basically says to do the same thing. Does > it make sense? > > http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >> From the Windows Firewall log, it looks like that the Firewall closes the >> port 21 connection for some reasons. The client then gets the connection >> disconnected by remote host/service not available, and since the server >> did not get a proper response from the client, it is still waiting for >> the next command (that's why the session is still going) until the >> session times out. So the real question is why is the Windows Firewall >> doing this? >> >> Oh, I also tested it from the server itself. Since the Firewall is not >> involved in this case, everything went fine. Any thought on this Windows >> Firewall behavior? >> >> >> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >> news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>> Well, even with the refresh button. it's only as 'real' as you thought. >>> it will only 'clear' from the list when the tcp connection no longer >>> appear when you do 'netstat -an' at command prompt. >>> that's what I have tested in the past. >>> >>> -- >>> Regards, >>> Bernard Cheah >>> http://www.iis-resources.com/ >>> http://www.iiswebcastseries.com/ >>> http://msmvps.com/blogs/bernard/ >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>>> here is a refresh button. I could see the connection time updated >>>> after I clicked the button. BTW, the client I used was the Microsoft >>>> FTP.exe. >>>> >>>> >>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>> news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>> As for the FTP MMC connection status, I believe it is not refresh >>>>> realtime. so it may take someting to reflect even after the client has >>>>> disconnected. >>>>> >>>>> -- >>>>> Regards, >>>>> Bernard Cheah >>>>> http://www.iis-resources.com/ >>>>> http://www.iiswebcastseries.com/ >>>>> http://msmvps.com/blogs/bernard/ >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that and >>>>>> let you know the outcome. >>>>>> >>>>>> >>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>>> news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>>>> >>>>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>>>> machine itself ?? >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Bernard Cheah >>>>>>> http://www.iis-resources.com/ >>>>>>> http://www.iiswebcastseries.com/ >>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>> >>>>>>> >>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>>>>> I'm encountering a bad behavior with Windows Firewall on too. With >>>>>>>> the Windows Firewall on, the FTP sessions (using the command line >>>>>>>> FTP on the client) would be disconnected (the message says >>>>>>>> something about connection disconnect by server) in about less than >>>>>>>> 1 minute, but the IIS manager would still show the session is >>>>>>>> active. If the Windows Firewall is off, everything is well. >>>>>>>> >>>>>>>> >>>>>>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>>>>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>>>>>> Hello people, >>>>>>>>> >>>>>>>>> I don't know if this is a documented bug or if the information is >>>>>>>>> wide >>>>>>>>> spread, but since we spend about two days tracking this down, I >>>>>>>>> think it >>>>>>>>> makes sense to share this information with whoever is interested >>>>>>>>> in it. >>>>>>>>> >>>>>>>>> This is the setup where this will occur: >>>>>>>>> - Windows 2003 server with SP1 >>>>>>>>> - Windows firewall turned on >>>>>>>>> - IIS on the same machine >>>>>>>>> - FTP within that IIS >>>>>>>>> >>>>>>>>> Now, add a welcome message to the ftp. As soon as this welcome >>>>>>>>> message >>>>>>>>> contains a <return>, your browser will hang when you navigate to >>>>>>>>> the >>>>>>>>> ftp-site. It does not actually hang, but returns an error much >>>>>>>>> later and your >>>>>>>>> ftp-site is not accessible. >>>>>>>>> >>>>>>>>> Remove all returns from the welcome message, and the ftp-server >>>>>>>>> works just >>>>>>>>> fine... >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Benoit Somers. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Geezz. didn't know the reproduce my article.
Now - can you post the firewall log? I can't repro this. I have firewall enable and I can connect fine. and only idle timeout after 900 seconds. -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >I actually re-read those articles, and I realized that since ftp.exe is >using active, the PassivePortRange wouldn't fix the problem... > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >> Hey Bernard, I found your Microsoft Help and Support article on >> configuring PassivePortRange in IIS, and I also found this one on Windows >> 2003 Server w/SP1 Firewall that basically says to do the same thing. >> Does it make sense? >> >> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>> From the Windows Firewall log, it looks like that the Firewall closes >>> the port 21 connection for some reasons. The client then gets the >>> connection disconnected by remote host/service not available, and since >>> the server did not get a proper response from the client, it is still >>> waiting for the next command (that's why the session is still going) >>> until the session times out. So the real question is why is the Windows >>> Firewall doing this? >>> >>> Oh, I also tested it from the server itself. Since the Firewall is not >>> involved in this case, everything went fine. Any thought on this >>> Windows Firewall behavior? >>> >>> >>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>> news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>> Well, even with the refresh button. it's only as 'real' as you thought. >>>> it will only 'clear' from the list when the tcp connection no longer >>>> appear when you do 'netstat -an' at command prompt. >>>> that's what I have tested in the past. >>>> >>>> -- >>>> Regards, >>>> Bernard Cheah >>>> http://www.iis-resources.com/ >>>> http://www.iiswebcastseries.com/ >>>> http://msmvps.com/blogs/bernard/ >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>> here is a refresh button. I could see the connection time updated >>>>> after I clicked the button. BTW, the client I used was the Microsoft >>>>> FTP.exe. >>>>> >>>>> >>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>> news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>> As for the FTP MMC connection status, I believe it is not refresh >>>>>> realtime. so it may take someting to reflect even after the client >>>>>> has disconnected. >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Bernard Cheah >>>>>> http://www.iis-resources.com/ >>>>>> http://www.iiswebcastseries.com/ >>>>>> http://msmvps.com/blogs/bernard/ >>>>>> >>>>>> >>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that >>>>>>> and let you know the outcome. >>>>>>> >>>>>>> >>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>> message news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>>>>> >>>>>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>>>>> machine itself ?? >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Bernard Cheah >>>>>>>> http://www.iis-resources.com/ >>>>>>>> http://www.iiswebcastseries.com/ >>>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>>> >>>>>>>> >>>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>>>>>> I'm encountering a bad behavior with Windows Firewall on too. >>>>>>>>> With the Windows Firewall on, the FTP sessions (using the command >>>>>>>>> line FTP on the client) would be disconnected (the message says >>>>>>>>> something about connection disconnect by server) in about less >>>>>>>>> than 1 minute, but the IIS manager would still show the session is >>>>>>>>> active. If the Windows Firewall is off, everything is well. >>>>>>>>> >>>>>>>>> >>>>>>>>> "EuroMaverick" <EuroMaverick@discussions.microsoft.com> wrote in >>>>>>>>> message news:60BB5F4B-BDD8-4C26-9108-5AFAF30C3D19@microsoft.com... >>>>>>>>>> Hello people, >>>>>>>>>> >>>>>>>>>> I don't know if this is a documented bug or if the information is >>>>>>>>>> wide >>>>>>>>>> spread, but since we spend about two days tracking this down, I >>>>>>>>>> think it >>>>>>>>>> makes sense to share this information with whoever is interested >>>>>>>>>> in it. >>>>>>>>>> >>>>>>>>>> This is the setup where this will occur: >>>>>>>>>> - Windows 2003 server with SP1 >>>>>>>>>> - Windows firewall turned on >>>>>>>>>> - IIS on the same machine >>>>>>>>>> - FTP within that IIS >>>>>>>>>> >>>>>>>>>> Now, add a welcome message to the ftp. As soon as this welcome >>>>>>>>>> message >>>>>>>>>> contains a <return>, your browser will hang when you navigate to >>>>>>>>>> the >>>>>>>>>> ftp-site. It does not actually hang, but returns an error much >>>>>>>>>> later and your >>>>>>>>>> ftp-site is not accessible. >>>>>>>>>> >>>>>>>>>> Remove all returns from the welcome message, and the ftp-server >>>>>>>>>> works just >>>>>>>>>> fine... >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>>> Benoit Somers. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Here is the log. At 22:56:06, the port 21 was closed, and when I entered a
"dir" command at the client FTP prompt, I got "Connection closed by remote host." message. 2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712 72 - - - - - - - RECEIVE 2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 21 - - - - - - - - - 2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712 72 - - - - - - - RECEIVE 2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20 4373 - - - - - - - - - 2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20 4376 - - - - - - - - - 2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712 72 - - - - - - - RECEIVE 2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20 4382 - - - - - - - - - 2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20 4384 - - - - - - - - - 2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20 4386 - - - - - - - - - 2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20 4388 - - - - - - - - - 2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712 72 - - - - - - - RECEIVE 2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712 72 - - - - - - - RECEIVE 2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712 72 - - - - - - - RECEIVE 2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712 72 - - - - - - - RECEIVE 2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712 72 - - - - - - - RECEIVE 2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357 21 - - - - - - - - - 2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712 72 - - - - - - - RECEIVE 2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712 72 - - - - - - - RECEIVE 2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712 72 - - - - - - - RECEIVE 2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20 4373 - - - - - - - - - 2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 21 - - - - - - - - - 2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20 4376 - - - - - - - - - 2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20 4382 - - - - - - - - - [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:eUhqFusYGHA.3328@TK2MSFTNGP02.phx.gbl... > Geezz. didn't know the reproduce my article. > Now - can you post the firewall log? > I can't repro this. I have firewall enable and I can connect fine. and > only idle timeout after 900 seconds. > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >>I actually re-read those articles, and I realized that since ftp.exe is >>using active, the PassivePortRange wouldn't fix the problem... >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >>> Hey Bernard, I found your Microsoft Help and Support article on >>> configuring PassivePortRange in IIS, and I also found this one on >>> Windows 2003 Server w/SP1 Firewall that basically says to do the same >>> thing. Does it make sense? >>> >>> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>>> From the Windows Firewall log, it looks like that the Firewall closes >>>> the port 21 connection for some reasons. The client then gets the >>>> connection disconnected by remote host/service not available, and since >>>> the server did not get a proper response from the client, it is still >>>> waiting for the next command (that's why the session is still going) >>>> until the session times out. So the real question is why is the Windows >>>> Firewall doing this? >>>> >>>> Oh, I also tested it from the server itself. Since the Firewall is not >>>> involved in this case, everything went fine. Any thought on this >>>> Windows Firewall behavior? >>>> >>>> >>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>> news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>>> Well, even with the refresh button. it's only as 'real' as you >>>>> thought. >>>>> it will only 'clear' from the list when the tcp connection no longer >>>>> appear when you do 'netstat -an' at command prompt. >>>>> that's what I have tested in the past. >>>>> >>>>> -- >>>>> Regards, >>>>> Bernard Cheah >>>>> http://www.iis-resources.com/ >>>>> http://www.iiswebcastseries.com/ >>>>> http://msmvps.com/blogs/bernard/ >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>> here is a refresh button. I could see the connection time updated >>>>>> after I clicked the button. BTW, the client I used was the Microsoft >>>>>> FTP.exe. >>>>>> >>>>>> >>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>>> news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>>> As for the FTP MMC connection status, I believe it is not refresh >>>>>>> realtime. so it may take someting to reflect even after the client >>>>>>> has disconnected. >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Bernard Cheah >>>>>>> http://www.iis-resources.com/ >>>>>>> http://www.iiswebcastseries.com/ >>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>> >>>>>>> >>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that >>>>>>>> and let you know the outcome. >>>>>>>> >>>>>>>> >>>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>>> message news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>>>>>> >>>>>>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>>>>>> machine itself ?? >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> Bernard Cheah >>>>>>>>> http://www.iis-resources.com/ >>>>>>>>> http://www.iiswebcastseries.com/ >>>>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>>>> >>>>>>>>> >>>>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>>>> news:ORvcyC1WGHA.752@TK2MSFTNGP02.phx.gbl... >>>>>>>>>> I'm encountering a bad behavior with Windows Firewall on too. >>>>>>>>>> With the Windows Firewall on, the FTP sessions (using the command >>>>>>>>>> line FTP on the client) would be disconnected (the message says >>>>>>>>>> something about connection disconnect by server) in about less >>>>>>>>>> than 1 minute, but the IIS manager would still show the session
I only enabled the FTP Server service in advance settings. I also tried
adding a port 20 one for data, but it was no help. [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:%23RSSuL7YGHA.1220@TK2MSFTNGP02.phx.gbl... > what is closed, not dropped :) > I have no clue already. how do you enable access for ftp in the firewall > setting? > just the 'network connection setting' in the firewall advanced tab or you > have exceptions define for inetinfo.exe ? > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:u%23UI$e3YGHA.1200@TK2MSFTNGP03.phx.gbl... >> Here is the log. At 22:56:06, the port 21 was closed, and when I entered >> a "dir" command at the client FTP prompt, I got "Connection closed by >> remote host." message. >> >> 2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >> 21 - - - - - - - - - >> 2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4373 - - - - - - - - - >> 2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4376 - - - - - - - - - >> 2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4382 - - - - - - - - - >> 2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4384 - - - - - - - - - >> 2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4386 - - - - - - - - - >> 2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20 >> 4388 - - - - - - - - - >> 2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357 >> 21 - - - - - - - - - >> 2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712 >> 72 - - - - - - - RECEIVE >> 2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20 >> 4373 - - - - - - - - - >> 2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >> 21 - - - - - - - - - >> 2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20 >> 4376 - - - - - - - - - >> 2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20 >> 4382 - - - - - - - - - >> >> >> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >> news:eUhqFusYGHA.3328@TK2MSFTNGP02.phx.gbl... >>> Geezz. didn't know the reproduce my article. >>> Now - can you post the firewall log? >>> I can't repro this. I have firewall enable and I can connect fine. and >>> only idle timeout after 900 seconds. >>> >>> -- >>> Regards, >>> Bernard Cheah >>> http://www.iis-resources.com/ >>> http://www.iiswebcastseries.com/ >>> http://msmvps.com/blogs/bernard/ >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >>>>I actually re-read those articles, and I realized that since ftp.exe is >>>>using active, the PassivePortRange wouldn't fix the problem... >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >>>>> Hey Bernard, I found your Microsoft Help and Support article on >>>>> configuring PassivePortRange in IIS, and I also found this one on >>>>> Windows 2003 Server w/SP1 Firewall that basically says to do the same >>>>> thing. Does it make sense? >>>>> >>>>> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>>>>> From the Windows Firewall log, it looks like that the Firewall closes >>>>>> the port 21 connection for some reasons. The client then gets the >>>>>> connection disconnected by remote host/service not available, and >>>>>> since the server did not get a proper response from the client, it is >>>>>> still waiting for the next command (that's why the session is still >>>>>> going) until the session times out. So the real question is why is >>>>>> the Windows Firewall doing this? >>>>>> >>>>>> Oh, I also tested it from the server itself. Since the Firewall is >>>>>> not involved in this case, everything went fine. Any thought on this >>>>>> Windows Firewall behavior? >>>>>> >>>>>> >>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>>> news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>>>>> Well, even with the refresh button. it's only as 'real' as you >>>>>>> thought. >>>>>>> it will only 'clear' from the list when the tcp connection no longer >>>>>>> appear when you do 'netstat -an' at command prompt. >>>>>>> that's what I have tested in the past. >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Bernard Cheah >>>>>>> http://www.iis-resources.com/ >>>>>>> http://www.iiswebcastseries.com/ >>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>> >>>>>>> >>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>>>> here is a refresh button. I could see the connection time updated >>>>>>>> after I clicked the button. BTW, the client I used was the >>>>>>>> Microsoft FTP.exe. >>>>>>>> >>>>>>>> >>>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>>> message news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>>>>> As for the FTP MMC connection status, I believe it is not refresh >>>>>>>>> realtime. so it may take someting to reflect even after the client >>>>>>>>> has disconnected. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> Bernard Cheah >>>>>>>>> http://www.iis-resources.com/ >>>>>>>>> http://www.iiswebcastseries.com/ >>>>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>>>> >>>>>>>>> >>>>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>>>>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that >>>>>>>>>> and let you know the outcome.
what is closed, not dropped :)
I have no clue already. how do you enable access for ftp in the firewall setting? just the 'network connection setting' in the firewall advanced tab or you have exceptions define for inetinfo.exe ? -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message
news:u%23UI$e3YGHA.1200@TK2MSFTNGP03.phx.gbl... > Here is the log. At 22:56:06, the port 21 was closed, and when I entered > a "dir" command at the client FTP prompt, I got "Connection closed by > remote host." message. > > 2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 > 21 - - - - - - - - - > 2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4373 - - - - - - - - - > 2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4376 - - - - - - - - - > 2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4382 - - - - - - - - - > 2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4384 - - - - - - - - - > 2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4386 - - - - - - - - - > 2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20 > 4388 - - - - - - - - - > 2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357 > 21 - - - - - - - - - > 2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712 > 72 - - - - - - - RECEIVE > 2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20 > 4373 - - - - - - - - - > 2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 > 21 - - - - - - - - - > 2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20 > 4376 - - - - - - - - - > 2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20 > 4382 - - - - - - - - - > > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:eUhqFusYGHA.3328@TK2MSFTNGP02.phx.gbl... >> Geezz. didn't know the reproduce my article. >> Now - can you post the firewall log? >> I can't repro this. I have firewall enable and I can connect fine. and >> only idle timeout after 900 seconds. >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >>>I actually re-read those articles, and I realized that since ftp.exe is >>>using active, the PassivePortRange wouldn't fix the problem... >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >>>> Hey Bernard, I found your Microsoft Help and Support article on >>>> configuring PassivePortRange in IIS, and I also found this one on >>>> Windows 2003 Server w/SP1 Firewall that basically says to do the same >>>> thing. Does it make sense? >>>> >>>> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>>>> From the Windows Firewall log, it looks like that the Firewall closes >>>>> the port 21 connection for some reasons. The client then gets the >>>>> connection disconnected by remote host/service not available, and >>>>> since the server did not get a proper response from the client, it is >>>>> still waiting for the next command (that's why the session is still >>>>> going) until the session times out. So the real question is why is the >>>>> Windows Firewall doing this? >>>>> >>>>> Oh, I also tested it from the server itself. Since the Firewall is >>>>> not involved in this case, everything went fine. Any thought on this >>>>> Windows Firewall behavior? >>>>> >>>>> >>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>>> news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>>>> Well, even with the refresh button. it's only as 'real' as you >>>>>> thought. >>>>>> it will only 'clear' from the list when the tcp connection no longer >>>>>> appear when you do 'netstat -an' at command prompt. >>>>>> that's what I have tested in the past. >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Bernard Cheah >>>>>> http://www.iis-resources.com/ >>>>>> http://www.iiswebcastseries.com/ >>>>>> http://msmvps.com/blogs/bernard/ >>>>>> >>>>>> >>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>> news:%232uxMmAYGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>>> here is a refresh button. I could see the connection time updated >>>>>>> after I clicked the button. BTW, the client I used was the >>>>>>> Microsoft FTP.exe. >>>>>>> >>>>>>> >>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>> message news:uM8cPHsXGHA.3448@TK2MSFTNGP04.phx.gbl... >>>>>>>> As for the FTP MMC connection status, I believe it is not refresh >>>>>>>> realtime. so it may take someting to reflect even after the client >>>>>>>> has disconnected. >>>>>>>> >>>>>>>> -- >>>>>>>> Regards, >>>>>>>> Bernard Cheah >>>>>>>> http://www.iis-resources.com/ >>>>>>>> http://www.iiswebcastseries.com/ >>>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>>> >>>>>>>> >>>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>>> news:OvNjv8LXGHA.3492@TK2MSFTNGP05.phx.gbl... >>>>>>>>> You mean running FTP on the IIS/FTP server? Hmmm...I'll try that >>>>>>>>> and let you know the outcome. >>>>>>>>> >>>>>>>>> >>>>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>>>> message news:ebu2U74WGHA.4212@TK2MSFTNGP02.phx.gbl... >>>>>>>>>> >>>>>>>>>> Weird indeed. same behavior if you try connect via ftp.exe on the >>>>>>>>>> machine itself ?? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Regards, >>>>>>>>>> Bernard Cheah >>>>>>>>>> http://www.iis-resources.com/
Bernard,
Are you running SP1? [quoted text, click to view] "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message
news:eYfrSlFZGHA.3684@TK2MSFTNGP05.phx.gbl... >I can't find the 'utimate windows firewall troubleshooting kb' :) > I saw it few days ago. Now, part of the step. if some unknown issue is > blocking the incoming request. > create an exception for the program. in your case will be inetinfo.exe > > ensure your ICF is on, then exception is allowed. > > -- > Regards, > Bernard Cheah > http://www.iis-resources.com/ > http://www.iiswebcastseries.com/ > http://msmvps.com/blogs/bernard/ > > > "Jimmy Chu" <reply@newsgroup.com> wrote in message > news:ODxdj%238YGHA.3740@TK2MSFTNGP03.phx.gbl... >>I only enabled the FTP Server service in advance settings. I also tried >>adding a port 20 one for data, but it was no help. >> >> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >> news:%23RSSuL7YGHA.1220@TK2MSFTNGP02.phx.gbl... >>> what is closed, not dropped :) >>> I have no clue already. how do you enable access for ftp in the firewall >>> setting? >>> just the 'network connection setting' in the firewall advanced tab or >>> you have exceptions define for inetinfo.exe ? >>> >>> -- >>> Regards, >>> Bernard Cheah >>> http://www.iis-resources.com/ >>> http://www.iiswebcastseries.com/ >>> http://msmvps.com/blogs/bernard/ >>> >>> >>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>> news:u%23UI$e3YGHA.1200@TK2MSFTNGP03.phx.gbl... >>>> Here is the log. At 22:56:06, the port 21 was closed, and when I >>>> entered a "dir" command at the client FTP prompt, I got "Connection >>>> closed by remote host." message. >>>> >>>> 2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >>>> 21 - - - - - - - - - >>>> 2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4373 - - - - - - - - - >>>> 2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4376 - - - - - - - - - >>>> 2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4382 - - - - - - - - - >>>> 2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4384 - - - - - - - - - >>>> 2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4386 - - - - - - - - - >>>> 2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20 >>>> 4388 - - - - - - - - - >>>> 2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357 >>>> 21 - - - - - - - - - >>>> 2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712 >>>> 72 - - - - - - - RECEIVE >>>> 2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>>> 4373 - - - - - - - - - >>>> 2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >>>> 21 - - - - - - - - - >>>> 2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>>> 4376 - - - - - - - - - >>>> 2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>>> 4382 - - - - - - - - - >>>> >>>> >>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>>> news:eUhqFusYGHA.3328@TK2MSFTNGP02.phx.gbl... >>>>> Geezz. didn't know the reproduce my article. >>>>> Now - can you post the firewall log? >>>>> I can't repro this. I have firewall enable and I can connect fine. and >>>>> only idle timeout after 900 seconds. >>>>> >>>>> -- >>>>> Regards, >>>>> Bernard Cheah >>>>> http://www.iis-resources.com/ >>>>> http://www.iiswebcastseries.com/ >>>>> http://msmvps.com/blogs/bernard/ >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >>>>>>I actually re-read those articles, and I realized that since ftp.exe >>>>>>is using active, the PassivePortRange wouldn't fix the problem... >>>>>> >>>>>> >>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>> news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >>>>>>> Hey Bernard, I found your Microsoft Help and Support article on >>>>>>> configuring PassivePortRange in IIS, and I also found this one on >>>>>>> Windows 2003 Server w/SP1 Firewall that basically says to do the >>>>>>> same thing. Does it make sense? >>>>>>> >>>>>>> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >>>>>>> >>>>>>> >>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>>> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>>>>>>> From the Windows Firewall log, it looks like that the Firewall >>>>>>>> closes the port 21 connection for some reasons. The client then >>>>>>>> gets the connection disconnected by remote host/service not >>>>>>>> available, and since the server did not get a proper response from >>>>>>>> the client, it is still waiting for the next command (that's why >>>>>>>> the session is still going) until the session times out. So the >>>>>>>> real question is why is the Windows Firewall doing this? >>>>>>>> >>>>>>>> Oh, I also tested it from the server itself. Since the Firewall is >>>>>>>> not involved in this case, everything went fine. Any thought on >>>>>>>> this Windows Firewall behavior? >>>>>>>> >>>>>>>> >>>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>>> message news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>>>>>>> Well, even with the refresh button. it's only as 'real' as you >>>>>>>>> thought. >>>>>>>>> it will only 'clear' from the list when the tcp connection no >>>>>>>>> longer appear when you do 'netstat -an' at command prompt. >>>>>>>>> that's what I have tested in the past. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> Bernard Cheah >>>>>>>>> http://www.iis-resources.com/ >>>>>>>>> http://www.iiswebcastseries.com/ >>>>>>>>> http://msmvps.com/blogs/bernard/ >>>>>>>>> >>>>>>>>> >>>>>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message
I can't find the 'utimate windows firewall troubleshooting kb' :) I saw it few days ago. Now, part of the step. if some unknown issue is blocking the incoming request. create an exception for the program. in your case will be inetinfo.exe ensure your ICF is on, then exception is allowed. -- Regards, Bernard Cheah http://www.iis-resources.com/ http://www.iiswebcastseries.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "Jimmy Chu" <reply@newsgroup.com> wrote in message news:ODxdj%238YGHA.3740@TK2MSFTNGP03.phx.gbl... >I only enabled the FTP Server service in advance settings. I also tried >adding a port 20 one for data, but it was no help. > > "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message > news:%23RSSuL7YGHA.1220@TK2MSFTNGP02.phx.gbl... >> what is closed, not dropped :) >> I have no clue already. how do you enable access for ftp in the firewall >> setting? >> just the 'network connection setting' in the firewall advanced tab or you >> have exceptions define for inetinfo.exe ? >> >> -- >> Regards, >> Bernard Cheah >> http://www.iis-resources.com/ >> http://www.iiswebcastseries.com/ >> http://msmvps.com/blogs/bernard/ >> >> >> "Jimmy Chu" <reply@newsgroup.com> wrote in message >> news:u%23UI$e3YGHA.1200@TK2MSFTNGP03.phx.gbl... >>> Here is the log. At 22:56:06, the port 21 was closed, and when I >>> entered a "dir" command at the client FTP prompt, I got "Connection >>> closed by remote host." message. >>> >>> 2006-04-18 22:54:14 DROP UDP 206.190.85.61 255.255.255.255 1215 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:54:15 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >>> 21 - - - - - - - - - >>> 2006-04-18 22:54:29 DROP UDP 206.190.85.61 255.255.255.255 1218 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:54:35 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4373 - - - - - - - - - >>> 2006-04-18 22:54:39 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4376 - - - - - - - - - >>> 2006-04-18 22:54:44 DROP UDP 206.190.85.61 255.255.255.255 1219 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:54:45 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4382 - - - - - - - - - >>> 2006-04-18 22:54:50 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4384 - - - - - - - - - >>> 2006-04-18 22:54:51 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4386 - - - - - - - - - >>> 2006-04-18 22:54:54 OPEN TCP 206.190.85.61 68.190.234.108 20 >>> 4388 - - - - - - - - - >>> 2006-04-18 22:54:59 DROP UDP 206.190.85.61 255.255.255.255 1220 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:55:14 DROP UDP 206.190.85.61 255.255.255.255 1221 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:55:29 DROP UDP 206.190.85.61 255.255.255.255 1222 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:55:44 DROP UDP 206.190.85.61 255.255.255.255 1223 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:55:59 DROP UDP 206.190.85.61 255.255.255.255 1224 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:56:06 CLOSE TCP 68.190.234.108 206.190.85.61 4357 >>> 21 - - - - - - - - - >>> 2006-04-18 22:56:14 DROP UDP 206.190.85.61 255.255.255.255 1225 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:56:29 DROP UDP 206.190.85.61 255.255.255.255 1226 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:56:44 DROP UDP 206.190.85.61 255.255.255.255 1227 712 >>> 72 - - - - - - - RECEIVE >>> 2006-04-18 22:56:47 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>> 4373 - - - - - - - - - >>> 2006-04-18 22:56:48 OPEN-INBOUND TCP 68.190.234.108 206.190.85.61 4357 >>> 21 - - - - - - - - - >>> 2006-04-18 22:56:50 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>> 4376 - - - - - - - - - >>> 2006-04-18 22:56:57 CLOSE TCP 206.190.85.61 68.190.234.108 20 >>> 4382 - - - - - - - - - >>> >>> >>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in message >>> news:eUhqFusYGHA.3328@TK2MSFTNGP02.phx.gbl... >>>> Geezz. didn't know the reproduce my article. >>>> Now - can you post the firewall log? >>>> I can't repro this. I have firewall enable and I can connect fine. and >>>> only idle timeout after 900 seconds. >>>> >>>> -- >>>> Regards, >>>> Bernard Cheah >>>> http://www.iis-resources.com/ >>>> http://www.iiswebcastseries.com/ >>>> http://msmvps.com/blogs/bernard/ >>>> >>>> >>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>> news:%23pJo4jrYGHA.1888@TK2MSFTNGP02.phx.gbl... >>>>>I actually re-read those articles, and I realized that since ftp.exe is >>>>>using active, the PassivePortRange wouldn't fix the problem... >>>>> >>>>> >>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>> news:uns$pzpYGHA.1192@TK2MSFTNGP04.phx.gbl... >>>>>> Hey Bernard, I found your Microsoft Help and Support article on >>>>>> configuring PassivePortRange in IIS, and I also found this one on >>>>>> Windows 2003 Server w/SP1 Firewall that basically says to do the same >>>>>> thing. Does it make sense? >>>>>> >>>>>> http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html >>>>>> >>>>>> >>>>>> "Jimmy Chu" <reply@newsgroup.com> wrote in message >>>>>> news:uPJlX5jYGHA.1228@TK2MSFTNGP02.phx.gbl... >>>>>>> From the Windows Firewall log, it looks like that the Firewall >>>>>>> closes the port 21 connection for some reasons. The client then >>>>>>> gets the connection disconnected by remote host/service not >>>>>>> available, and since the server did not get a proper response from >>>>>>> the client, it is still waiting for the next command (that's why the >>>>>>> session is still going) until the session times out. So the real >>>>>>> question is why is the Windows Firewall doing this? >>>>>>> >>>>>>> Oh, I also tested it from the server itself. Since the Firewall is >>>>>>> not involved in this case, everything went fine. Any thought on >>>>>>> this Windows Firewall behavior? >>>>>>> >>>>>>> >>>>>>> "Bernard Cheah [MVP]" <qbernard@hotmail.com.discuss> wrote in >>>>>>> message news:ey49yJhYGHA.4168@TK2MSFTNGP05.phx.gbl... >>>>>>>> Well, even with |