| Groups | Blog | Home |
iis ftp : Extremely abnormal behaviour: ftp client does show a file list in a folder occasionally
Hi Experts there,
We have been using the Standard Edition of Windows Server 2003 (with SP1, and auto updates enabled) over the past few years for common tasks of hosting company websites and serving as a FTP server. One of my staff (with his non-administrative account) regular uploads files to the server for web pages and all goes very well, as usual and as expected. But just over the past half year or so, we noticed that, sometimes, after uploading files, the ftp client software cannot show the full file list of certain folders. This behaviour is occasional and I just do not know what is wrong here. If I delete some newly uploaded files, all is back to work. Well those newly created files are just nothing special - typical HTML and image files (JPEG/GIF/ PNG), created by the same web authoring software and sent from an XP machine. Just give you an example - after an image called "Lucy_photo.jpg" is sent to a folder "tmp1", I then use SmartFTP to connect the server and to open the folder "tmp1" - the odd behaviour occurs: after a few seconds (previously very fast, given a small number of files within this folder) only a partial set of files is displayed. I also tested with another ftp client WS_FTP, almost the same problem appears - the software just cannot show any files of the folder "tmp1" - it is stuck there. After a few minutes I have to kill the client from Task Manager. If I delete this image file "Lucy_photo.jpg" from the folder "tmp1", ftp software works fine again and can display the file list quickly. It prompts me to probe the characteristics of this file "Lucy_photo.jpg", and in fact it is just like other files within the same folder - the same -rwx- file attributes and permission, and same login access by Administrator; it can be displayed on web pages remotely. What is even odd is as follows - (1) If I rename the file "Lucy_photo.jpg" to "Lucy_photo1.jpg", the ftp software can list all files again of the "tmp1" folder. (2) If I add a new file named "test.log" while still keeping "Lucy_photo.jpg" within the folder, ftp software is able to list all files within the "tmp1" folder. (3) If I rename the file "Lucy_photo1.jpg" to "Lucy_photo.zip", ftp cannot display file list again!!! (4) After trying accessing from SmartFTP for a coulple of times, I noticed that a protected operation system file called "Thumbs.db" is automatically generated within the "tmp1" folder by Server. These tests have made me wonder whether the problem stems from the specific file "Lucy_photo.jpg", server setup, or server auto updates. Previously, all worked fine with file uploading and displaying new files after refreshing in FTP software, but only in recent few months the above problem appears - it occurs occasionally! And sometimes the ftp uploading files with the Server just works as normal. Here is the ftp log reported by the Server 11:07:09 ----- [4]USER Administrator 331 0 11:07:09 ----- [4]PASS - 230 0 11:07:09 ----- [4]CWD /images/gif89a 550 3 11:07:12 ----- [4]CWD tmp1 250 0 11:09:55 ----- [4]closed - 421 121 After successfully log in, the log shows 01:07:09 ----- [4]CWD /images/gif89a 550 3 In fact, the server does not have this folder called /images/gif89a - what is this? please tell me. The last line 01:09:55 ----- [4]closed - 421 121 basically shows the time when the ftp software was killed. Just provide more information: some parts of the server - other folders not related to "tmp1" folder under the root directory - use SSL and are password protected (set up by a public-domain tool "IISPassword"). Overall, I feel they should not be related since a few months ago all worked without any problem. Really appreciate your help for solving the above reported problem.
Sorry, the title should read as -
Extremely abnormal behaviour: ftp client CANNOT show a file list occasionally
Funny... it could be from the ftp client itself auto navigating to the
folder CWD /images/gif89a have you try plain simple ftp.exe to connect and check the behavior ? after upload do a dir listing. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1172727332.507485.154600@q2g2000cwa.googlegroups.com... > Sorry, the title should read as - > Extremely abnormal behaviour: ftp client CANNOT show a file list > occasionally >
Many thanks, Bernard. Yes, the first part on /images/gif89a was indeed
from ftp client and its folder auto searching. OK, say bye bye to this confusion. I have tried ftp.exe, info as shown below - 331 Password required for Administrator. Password: 230 User Administrator logged in. ftp> binary 200 Type set to I. ftp> pwd 257 "/" is current directory. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. ----------------------? Aborting any active data connections... 425 Can't open data connection. ftp> cd tmp1 250 CWD command successful. ftp> pwd 257 "/tmp1" is current directory. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. ------------------------? It hangs there unless you forcibly discountinue it! Then I searched the web about this and found your previous contributions - it is about DOS FTP Active mode. I just do not know how to set Passive mode for the DOS FTP. I tried to test this mode swap in WS_FTP - indeed, if I select Active mode, the client produces the same hanging. We do use Firewalls on both Server and all client XP machines within the company. I note that all ftp clients used - including ftp.exe, WS_FTP and SmartFTP - are put in Firewall exceptions. The most odd thing is that the Server is just sensitive to some files being uploaded. If I rename "Lucy_photo.jpg" to "Lucy_photo1.jpg" or "Lucy1_photo.jpg" within the "tmp1" folder, both Ws_FTP and SmartFTP can show the file list very quickly, no problem. If I change the new file name back to "Lucy_photo.jpg", the problem re-occurs - both WS_FTP and SmartFTP CANNOTshow the file list of this "tmp1" folder. I also note that the problem is not really totally related to this file "Lucy_photo.jpg", as if it is within the "tmp1" folder, just only a partial list of files can be shown (e.g., in SmartFTP). Is it possible that this is to do with some net filtering solutions implemented within the larger company network? Below I am forwarding two WS_FTP log files - the first one with the "Lucy_photo.jpg" deleted in the "tmp1" folder, while the second was re- added. As soon as it is added, the ftp client cannot show file list!!! Both logs file show first login as Administrator, and then move to the folder "tmp" to test - no problem with this folder; back to the root directory, then trying to open the troubling folder "tmp1" - at this point two log files start to show difference. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 1st log - works OK WINSOCK.DLL: WinSock 2.0 WS_FTP LE 5.08 2000.01.13, Copyright =A9 1992-2000 Ipswitch, Inc. - - connecting to xxx.xxx.xx.xx:21 Connected to xxx.xxx.xx.xx port 21 220 Microsoft FTP Service USER Administrator 331 Password required for Administrator. PASS (hidden) 230 User Administrator logged in. PWD 257 "/" is current directory. Host type (I): Microsoft NT PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,140). connecting to xxx.xxx.xx.xx:5004 - - connecting to xxx.xxx.xx.xx:5004 Connected to xxx.xxx.xx.xx port 5004 LIST 125 Data connection already open; Transfer starting. Received 5202 bytes in 0.1 secs, (500.00 Kbps), transfer succeeded 226 Transfer complete. CWD tmp 250 CWD command successful. PWD 257 "/tmp" is current directory. PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,141). connecting to xxx.xxx.xx.xx:5005 - - connecting to xxx.xxx.xx.xx:5005 Connected to xxx.xxx.xx.xx port 5005 LIST 125 Data connection already open; Transfer starting. Received 212 bytes in 0.1 secs, (20.00 Kbps), transfer succeeded 226 Transfer complete. CDUP 250 CWD command successful. PWD 257 "/" is current directory. CWD tmp1 250 CWD command successful. PWD 257 "/tmp1" is current directory. PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,147). connecting to xxx.xxx.xx.xx:5011 - - connecting to xxx.xxx.xx.xx:5011 Connected to xxx.xxx.xx.xx port 5011 LIST 125 Data connection already open; Transfer starting. Received 4284 bytes in 0.1 secs, (410.00 Kbps), transfer succeeded 226 Transfer complete. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D 2st log - problem appeared in the last line WINSOCK.DLL: WinSock 2.0 WS_FTP LE 5.08 2000.01.13, Copyright =A9 1992-2000 Ipswitch, Inc. - - connecting to xxx.xxx.xx.xx:21 Connected to xxx.xxx.xx.xx port 21 220 Microsoft FTP Service USER Administrator 331 Password required for Administrator. PASS (hidden) 230 User Administrator logged in. PWD 257 "/" is current directory. Host type (I): Microsoft NT PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,144). connecting to xxx.xxx.xx.xx:5008 - - connecting to xxx.xxx.xx.xx:5008 Connected to xxx.xxx.xx.xx port 5008 LIST 125 Data connection already open; Transfer starting. Received 5202 bytes in 0.1 secs, (500.00 Kbps), transfer succeeded 226 Transfer complete. CWD tmp 250 CWD command successful. PWD 257 "/tmp" is current directory. PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,145). connecting to xxx.xxx.xx.xx:5009 - - connecting to xxx.xxx.xx.xx:5009 Connected to xxx.xxx.xx.xx port 5009 LIST 125 Data connection already open; Transfer starting. Received 212 bytes in 0.1 secs, (20.00 Kbps), transfer succeeded 226 Transfer complete. CDUP 250 CWD command successful. PWD 257 "/" is current directory. CWD tmp1 250 CWD command successful. PWD 257 "/tmp1" is current directory. PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,146). connecting to xxx.xxx.xx.xx:5010 - - connecting to xxx.xxx.xx.xx:5010 Connected to xxx.xxx.xx.xx port 5010 LIST 125 Data connection already open; Transfer starting. ----------------------- WS_FTP is hanging there now, and cannot display the FULL file list again! THANK YOU. On Mar 1, 6:37 pm, "Bernard Cheah [MVP]" [quoted text, click to view] <qbern...@hotmail.com.discuss> wrote:
> Funny... it could be from the ftp client itself auto navigating to the > folder > CWD /images/gif89a > > have you try plain simple ftp.exe to connect and check the behavior ? > > after upload do a dir listing. > > -- > Regards, > Bernard Cheahhttp://www.iis.net/http://www.iis-resources.com/http://msmvp= s=2Ecom/blogs/bernard/ >
Just to add some information further -
If I use WS_FTP for having access to the "tmp1" folder, only 2920 bytes can be transferred - i.e., a partial list of file names is transferred. If I use SmartFTP, the log info is as follows - It also shows the SAME amount of bytes was transferred, very slowly [14:14:15] CWD /tmp1 [14:14:15] 250 CWD command successful. [14:14:15] PWD [14:14:15] 257 "/tmp1" is current directory. [14:14:15] PASV [14:14:15] 227 Entering Passive Mode (xxx,xxx,xx,xx,19,142). [14:14:15] Opening data connection to xxx.xxx.xx.xx Port: 5006 [14:14:15] LIST -aL [14:14:15] 125 Data connection already open; Transfer starting. [14:14:15] 226 Transfer complete. [14:14:55] Transfer Timeout (40s). Closing data connection. [14:14:55] 2920 bytes transferred. (71 bytes/s) (00:00:40) ============= [14:15:47] NOOP [14:15:47] An established connection was aborted by the software in your host machine. [14:15:47] Server closed connection
Thanks again.
1. What do you mean that the active mode shoud work? For DOS FTP.exe at client side? Is there any specification I should set up? 2. I tested ftp.exe locally on the server, it shows as follows: C:\>ftp ftp> open xxx.xxx.xx.xx Connected to xxx.xxx.xxx.xx. 530 Connection refused, unknown IP address. 421 Service not available, closing control connection. Connection closed by remote host. ftp> Initially ftp.exe was not on the Firewall exception list. After I added ftp.exe to the exception list and run it again, the same result. If I set off the Firewall off at the server, it is still the same negative result. At this time, from the server Windows Firewall GUI, I note that "Windows Firewall is using your non-domain settings". Not quite sure about this. 3. If I set firewalls off at both ends, the ftp client can show full file list now - and it works! More tests: Firewall off at server side, on client XP side - still works; Firewall on at server side, off client XP side - not work. [quoted text, click to view] >From these, it seems this is AGAIN related to the firewall setting at the Server side.Really like to follow your more suggestions to solve the problem.
Mmm... I have no idea about the special filename issue you have.
and active mode should work, passive mode should be the one that always having problem. Simple test. if you ftp.exe locally at the server, same problem? next - off all firewall at both end. then try ftp.exe and your ftp client again. what's the test result? -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1172806778.126415.275280@n33g2000cwc.googlegroups.com... > Just to add some information further - > > If I use WS_FTP for having access to the "tmp1" folder, only 2920 > bytes can be transferred - i.e., a partial list of file names is > transferred. > > If I use SmartFTP, the log info is as follows - It also shows the SAME > amount of bytes was transferred, very slowly > > [14:14:15] CWD /tmp1 > [14:14:15] 250 CWD command successful. > [14:14:15] PWD > [14:14:15] 257 "/tmp1" is current directory. > [14:14:15] PASV > [14:14:15] 227 Entering Passive Mode (xxx,xxx,xx,xx,19,142). > [14:14:15] Opening data connection to xxx.xxx.xx.xx Port: 5006 > [14:14:15] LIST -aL > [14:14:15] 125 Data connection already open; Transfer starting. > [14:14:15] 226 Transfer complete. > [14:14:55] Transfer Timeout (40s). Closing data connection. > [14:14:55] 2920 bytes transferred. (71 bytes/s) > (00:00:40) ============= > [14:15:47] NOOP > [14:15:47] An established connection was aborted by the software in > your host machine. > [14:15:47] Server closed connection >
1) ftp.exe is active mode client. and it uses port 21 and 20. Most the
issues I have seen is active mode working but not passive mode 2) you have ip restriction configured that reject local ftp connection? check the ip restriction setting at the directory security tab 3) firewal exception list ? that's for inbound right? from client site, by default outbound not block. for host end. the firewall exception list should allow inetinfo.exe. Read few more KBs Information About the IIS File Transmission Protocol (FTP) Service http://support.microsoft.com/?id=283679 How To Configure PassivePortRange In IIS http://support.microsoft.com/?id=555022 now, in the past few able to customize the port range make configure custom port at firewall to make it works. while some also complaint that this is not working, also few issue related to RRAS. for your case - try the inetinfo.exe first. then enable firewall logging and see what's blocking. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1172820703.157595.46710@t69g2000cwt.googlegroups.com... > Thanks again. > > 1. What do you mean that the active mode shoud work? For DOS FTP.exe > at client side? Is there any specification I should set up? > > 2. I tested ftp.exe locally on the server, it shows as follows: > > C:\>ftp > ftp> open xxx.xxx.xx.xx > Connected to xxx.xxx.xxx.xx. > 530 Connection refused, unknown IP address. > 421 Service not available, closing control connection. > Connection closed by remote host. > ftp> > > Initially ftp.exe was not on the Firewall exception list. After I > added ftp.exe to the exception list and run it again, the same result. > > If I set off the Firewall off at the server, it is still the same > negative result. > > At this time, from the server Windows Firewall GUI, I note that > "Windows Firewall is using your non-domain settings". Not quite sure > about this. > > 3. If I set firewalls off at both ends, the ftp client can show full > file list now - and it works! > More tests: > Firewall off at server side, on client XP side - still works; > Firewall on at server side, off client XP side - not work. > >>From these, it seems this is AGAIN related to the firewall setting at > the Server side. > > Really like to follow your more suggestions to solve the problem. >
Now back to office after the weekend, I try to open that "tmp1" folder again in ftp clients, it works even with those suspecious file names kept within; however, as soon as I change the file name "Lucy_photo.jpg" and click a refresh button, the ftp client cannot display the full file list any more. Sigh - it works like a drunken ... 1) and 2). You are right - we do have IP restrictions and only allow a limited number of machines for access. I have now added the server IP on the access list. After adding ftp.exe in the firewall exception list, and RESTARTING the server, ftp.exe now works on the server locally and can have access to all folders and display full file lists - no problem. 3). Inetinfo.exe is now added on the firewall exception list. The same problem still persists! Even after restarting the server. 4). Enabled the firewall logging and checked each records, it seems all records display "RECEIVE" except those records related to the connection between the client machine and the server - a log below #Version: 1.5 #Software: Microsoft Windows Firewall #Time Format: Local #Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path 2007-03-05 12:13:28 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1805 21 - - - - - - - - - 2007-03-05 12:13:33 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1806 5004 - - - - - - - - - 2007-03-05 12:13:39 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1813 5005 - - - - - - - - - 2007-03-05 12:13:42 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1814 5006 - - - - - - - - - 2007-03-05 12:14:08 CLOSE TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1806 5004 - - - - - - - - - 2007-03-05 12:14:08 CLOSE TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1813 5005 - - - - - - - - - something wrong with src-port and dst-port? Thanks again.
2) for ftp.exe no need exception list, just allow it to go out.
4) did you log 'failed' packets as well? the log you posted is when the client try to do passive mode. a) first it talk to ftp port 21. b) then it uses passive mode to talk to the server port 5004 while source at local is 1805. c) all port get increment by 1 when more transaction happen. did you configure passive port range on IIS ? -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1173059790.553250.79620@v33g2000cwv.googlegroups.com... > > > > Now back to office after the weekend, I try to open that "tmp1" folder > again in ftp clients, it works even with those suspecious file names > kept within; however, as soon as I change the file name > "Lucy_photo.jpg" and click a refresh button, the ftp client cannot > display the full file list any more. Sigh - it works like a > drunken ... > > 1) and 2). You are right - we do have IP restrictions and only allow a > limited number of machines for access. I have now added the server IP > on the access list. After adding ftp.exe in the firewall exception > list, and RESTARTING the server, ftp.exe now works on the server > locally and can have access to all folders and display full file lists > - no problem. > > 3). Inetinfo.exe is now added on the firewall exception list. The same > problem still persists! Even after restarting the server. > > 4). Enabled the firewall logging and checked each records, it seems > all records display "RECEIVE" except those records related to the > connection between the client machine and the server - a log below > > #Version: 1.5 > #Software: Microsoft Windows Firewall > #Time Format: Local > #Fields: date time action protocol src-ip dst-ip src-port dst-port > size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path > > 2007-03-05 12:13:28 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1805 > 21 - - - - - - - - - > 2007-03-05 12:13:33 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1806 > 5004 - - - - - - - - - > 2007-03-05 12:13:39 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1813 > 5005 - - - - - - - - - > 2007-03-05 12:13:42 OPEN-INBOUND TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1814 > 5006 - - - - - - - - - > 2007-03-05 12:14:08 CLOSE TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1806 5004 - > - - - - - - - - > 2007-03-05 12:14:08 CLOSE TCP yyy.yyy.yy.yy xxx.xxx.xx.xx 1813 5005 - > - - - - - - - - > > something wrong with src-port and dst-port? Thanks again. >
4). In firewall logging, I enabled both "Log dropped packets" and "Log
successful connections"check boxes. Thanks for explanations on port numbers. We have not configurated passive port range on IIS. At the moment the applications listed on firewall exception list almost use default settings from software installation. Is there a good example showing the setup of passive port range on IIS or IIS FTP? I wish to try.
that's what I have posted
How To Configure PassivePortRange In IIS http://support.microsoft.com/?id=555022 I'm not seeing any dropped packet in your previous log. so ftp should be working. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1173103642.117357.313960@j27g2000cwj.googlegroups.com... > 4). In firewall logging, I enabled both "Log dropped packets" and "Log > successful connections"check boxes. > > Thanks for explanations on port numbers. > > We have not configurated passive port range on IIS. At the moment the > applications listed on firewall exception list almost use default > settings from software installation. > > Is there a good example showing the setup of passive port range on IIS > or IIS FTP? I wish to try. > >
(1). I removed ftp.exe from firewall exception list first, and then
tested ftp.exe again on the Server locally. (Inetinfo.exe is still enabled on the firewall exception list.) It works except that as soon as I issue a ftp command, a Windows Security Alert window will pop up saying "To help protect your computer, Windows Firewall has blocked some features of this program". It asked me to keep blocking or unlock. I guess this is just the way it works. (2). Then I set up the PassivePortRange In IIS, exactly as you described there. I issued a command CScript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5004-5700" The output displays all fine. Restarted the FTP service and/or the server. Next, go to a client machine for testing FTP again - the problem still persists! A log from WS_FTP is as follows: ======================================== 257 "/" is current directory. Host type (I): Microsoft NT PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,149). connecting to xxx.xxx.xx.xx:5013 - - connecting to xxx.xxx.xx.xx:5013 Connected to xxx.xxx.xx.xx port 5013 LIST 125 Data connection already open; Transfer starting. Received 5204 bytes in 0.1 secs, (500.00 Kbps), transfer succeeded 226 Transfer complete. CWD tmp1 <==== 250 CWD command successful. PWD 257 "/tmp1" is current directory. PASV 227 Entering Passive Mode (xxx,xxx,xx,xx,19,150). connecting to xxx.xxx.xx.xx:5014 - - connecting to xxx.xxx.xx.xx:5014 Connected to xxx.xxx.xx.xx port 5014 LIST 125 Data connection already open; Transfer starting. (it is hanging there after the same amount of 2920 bytes has been transferred.) ==================================================== Also tested with this cmd CScript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700" The same ftp problem. The WS_FTP log still displays something like connecting to xxx.xxx.xx.xx:5006 Connected to xxx.xxx.xx.xx port 5006 LIST 125 Data connection already open; Transfer starting. ....(hanging) // Really need enough patience for this problem. It is like an untreatable virus for some patients in life, and one just has to live with it? Any further suggestion is always appreciated. If it does not work, how could I disable this PassivePortRange setup, and go back to previous setting? Thanks.
1) yes, this is for outbound. so that's fine
2) yes. from the first log u see the port range is within the range. 3) the 2nd port range setting command is not working, you need to restart IIS FTP to take effects. Now, you problem so far, I'm seeing is port blocking, as if u disable firewall it is working. so did you unblock thos port range? next, to go back to default just delete the setting or set it to "" for none. -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1173242657.759132.102190@t69g2000cwt.googlegroups.com... > (1). I removed ftp.exe from firewall exception list first, and then > tested ftp.exe again on the Server locally. (Inetinfo.exe is still > enabled on the firewall exception list.) It works except that as soon > as I issue a ftp command, a Windows Security Alert window will pop up > saying "To help protect your computer, Windows Firewall has blocked > some features of this program". It asked me to keep blocking or > unlock. I guess this is just the way it works. > > (2). Then I set up the PassivePortRange In IIS, exactly as you > described there. I issued a command > CScript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5004-5700" > The output displays all fine. > > Restarted the FTP service and/or the server. > > Next, go to a client machine for testing FTP again - the problem still > persists! A log from WS_FTP is as follows: > > ======================================== > 257 "/" is current directory. > Host type (I): Microsoft NT > PASV > 227 Entering Passive Mode (xxx,xxx,xx,xx,19,149). > connecting to xxx.xxx.xx.xx:5013 > - - > connecting to xxx.xxx.xx.xx:5013 > Connected to xxx.xxx.xx.xx port 5013 > LIST > 125 Data connection already open; Transfer starting. > Received 5204 bytes in 0.1 secs, (500.00 Kbps), transfer succeeded > 226 Transfer complete. > CWD tmp1 <==== > 250 CWD command successful. > PWD > 257 "/tmp1" is current directory. > PASV > 227 Entering Passive Mode (xxx,xxx,xx,xx,19,150). > connecting to xxx.xxx.xx.xx:5014 > - - > connecting to xxx.xxx.xx.xx:5014 > Connected to xxx.xxx.xx.xx port 5014 > LIST > 125 Data connection already open; Transfer starting. > > (it is hanging there after the same amount of 2920 bytes has been > transferred.) > > ==================================================== > Also tested with this cmd > CScript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700" > The same ftp problem. The WS_FTP log still displays something like > connecting to xxx.xxx.xx.xx:5006 > Connected to xxx.xxx.xx.xx port 5006 > LIST > 125 Data connection already open; Transfer starting. > ...(hanging) > > // > Really need enough patience for this problem. It is like an > untreatable virus for some patients in life, and one just has to live > with it? > > Any further suggestion is always appreciated. If it does not work, how > could I disable this PassivePortRange setup, and go back to previous > setting? Thanks. > > > > > > >
2). Yes, from the first log, the port 5014 was in the PassivePortRange
"5004-5700", but it was still not working. (it was hanging there after the same amount of 2920 bytes had been transferred from that "tmp1" directory.) 3). Yeah, I will try to restart the server after the new PassivePortRange setup, but I do not expect after this things will be OK, as I already restarted the server in the above 2). After disabling the firewall, everything goes indeed well and openly. Is there a way for me to know those ports blocked, for the server locally? In fact, we did not change the server default settings very much, and they could be from the larger company network. Thanks.
Bernard, this could be my last question -
In fact, I did half right - a) Yes. b) After setting up the passive port range, I did not correspondingly configure firewall to allow inbound for those port range. I do not know how to configure that. I can add a new TCP port on the firewall exceptions list, but not a PORT RANGE. Searched the net for a bit and could not locate right info, so I'd better ask again. THANKS.
You see - you are one of few poster which stuck in this problem, few I saw
in the past has able to make this work by: a) configure exception for inetinfo.exe b) after configuring passiveportrange, configure the firewall to allow inbound for those port range. new firewall ruleset with the above two. ftp should work remotely via active/passive mode I would first test it locally, then machine on the same lan then remotely from external where it has to go through your router/firewall etc -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1173337431.881064.81340@30g2000cwc.googlegroups.com... > 2). Yes, from the first log, the port 5014 was in the PassivePortRange > "5004-5700", but it was still not working. > (it was hanging there after the same amount of 2920 bytes had been > transferred from that "tmp1" directory.) > > 3). Yeah, I will try to restart the server after the new > PassivePortRange setup, but I do not expect after this things will be > OK, as I already restarted the server in the above 2). > > After disabling the firewall, everything goes indeed well and openly. > > Is there a way for me to know those ports blocked, for the server > locally? In fact, we did not change the server default settings very > much, and they could be from the larger company network. > > Thanks. > > >
I hit this!
It's not a PASV issue, I ended up spending 30 mins with the cmdline ftp.exe but I found the problem hit "pwd" and you will see that the dir you are in for the root is probably not "/" but "UserID/" and so with your "/images" CWD commange you are reverencing from your virtual root and so you need to use just "images" from the correct dir or "/userid/images" to hit from the root, otherwise the error you get is path not found. (550) For me, this is happening on IIS6 and the users home is a network path (UNC)
I hit this,
log in and type "PWD" and you'll see that you are not referencing from "/" but "/UserID" so "/images" will fail with a 550 as it's not found use "images" from the right path or "/userid/images" to hit the file from the root IIS6 fun and games
Thanks, Paul.
The confusion about the fail message 550 in ftp log was already cleared. In my case, the ftp log shows this --- 11:07:09 ----- [4]CWD /images/gif89a 550 3 --- This was really caused by the default setting in the ftp client I am using. This is not important now for my question above.
Sorry man, been traveling. You know what :)
If (a) is in the exception list, you can skip (b) actually. there's no port range for windows firewall in 2k or 2k3. Sorry I got confuse with my firewall :) -- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1173419106.984349.209960@s48g2000cws.googlegroups.com... > Bernard, this could be my last question - > > In fact, I did half right - > > a) Yes. > b) After setting up the passive port range, I did not correspondingly > configure firewall to allow inbound for those port range. I do not > know how to configure that. I can add a new TCP port on the firewall > exceptions list, but not a PORT RANGE. Searched the net for a bit and > could not locate right info, so I'd better ask again. > > THANKS. >
Thank you, Bernard, for still 'remembering' my questions! SO DO I, a
bit late though. Never mind, and the ultimate way to resolve my problem is to either disable firewall temporarily when necessary or to rename those files of conflict. I can and have to live with that.
Zzzz.. sorry for not being helpful :)
-- Regards, Bernard Cheah http://www.iis.net/ http://www.iis-resources.com/ http://msmvps.com/blogs/bernard/ [quoted text, click to view] "kevin" <ocean_chen@hotmail.com> wrote in message news:1175754531.921384.123490@o5g2000hsb.googlegroups.com... > Thank you, Bernard, for still 'remembering' my questions! SO DO I, a > bit late though. > > Never mind, and the ultimate way to resolve my problem is to either > disable firewall temporarily when necessary or to rename those files > of conflict. I can and have to live with that. > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |