« Previous Next »

• 02-20-2009, 1:42 PM

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66

  Need help with Public FTP site please Reply Contact Hello, I am trying to setup a public FTp site and  am having trouble undestanding the concept here. I want to create the FTProot folder and under that folder have the users folders as I have normally done in the past. I want the user to dial in the default IP or host name of the ftp site and when promted enter their creds and then taken to their folder and not be able to navigate up. I have read and watched the vids on FTP including this one http://learn.iis.net/page.aspx/305/configuring-ftp-user-isolation/ But I am having no success. I was using Filezilla before because it was much easier to manage. You just created the user and set the directory and you were done. I now would like to use the native ftp in IIS7. I have to misunderstanding something Thanks Joseph

• 02-20-2009, 9:42 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964

  Re: Need help with Public FTP site please Reply Contact Did you follow the section for the Configuring User Isolation Settings for All Directories section?  You need to create the 'LocalUser' vdir, then create the user vdirs.  What I did was create a folder called c:\domains\ftproot, then map the LocalUser to this path.  Then created a folder below for each user.  What I would suggest is download process monitor, filter on the PID and see what errors you are getting.  I posted a blog post on using process monitor. http://weblogs.asp.net/steveschofield/archive/2009/02/20/530-user-cannot-log-in-home-directory-inaccessible-ftp-7-0-user-isolation-and-process-monitor.aspx Also, I would enable auditing to see if anything is in the security event log. http://weblogs.asp.net/steveschofield/archive/2008/03/07/detecting-permission-issues-using-auditing-and-process-monitor.aspx   Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-21-2009, 2:03 AM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66	Re: Need help with Public FTP site please Reply Contact Helo Steve,  Thanks so much for your help here! I managed to get the site to work but I think that it is not correct. I will look at the suggested URL's that you posted and I will read in depth about it. I thought that MS was going to get the FTP thing sorted out. Geeezzz what a scenario. thanks so much for your time   Joseph

• 02-21-2009, 6:30 AM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964

  Re: Need help with Public FTP site please Reply Contact I agree the user isolation trick seems a little hokey compared to other products.  I've only implemented ws-ftp server besides working with IIS FTP.  i like the fact the new one has SSL support along with other stuff.  The 7.5 FTP will have a way for people to write code against it.  Hope the article helps, I've been meaning to do something with process monitor for a while. :) Take care. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-21-2009, 10:25 AM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66	Re: Need help with Public FTP site please Reply Contact Hello Steve, I have antoher question. How do you access a FTP site via SSL? Come to think of it I never done it? I set the cert in IIS manager but is there a special port ot URL? Thank you Joe

• 02-21-2009, 12:43 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964

  Re: Need help with Public FTP site please Reply Contact Here is an article. http://learn.iis.net/page.aspx/304/using-ftp-over-ssl/ You can use port 21 and you'll have to open PASV ports.  The standard port is 990 for FTP over SSL, but the IIS 7.0 allows for port 21 over SSL, which is nice.  I'm sure other programs allow for changing the port, I've never tested.  http://www.auditmypc.com/port/udp-port-990.asp Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-22-2009, 10:25 AM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66	Re: Need help with Public FTP site please Reply Contact Thanks again Steve, I think I am going to stick with FileZilla for now as I am having more issues with this FTP server. I am getting: Server sent passive reply with unroutable address..   Have you seen this before? I only get it with SSL connections and I get not dir listing.

• 02-22-2009, 12:44 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964

  Re: Need help with Public FTP site please Reply Contact I've seen a similar issue where the DIR listing doesn't work.  http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/ You have to set PASV (passive) ports in IIS and on your firewall.   After your client connects, it connects on a pasv port.  I normally use 4900-4910 for starters.  This can depend on how many concurrent connections you expect. The one reason why I like using FTP 7.0 w/SSL is I can use with Active Directory or local accounts, which can be used for other logins.  Mileage may vary.  Good luck! Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-22-2009, 1:08 PM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66

  Re: Need help with Public FTP site please Reply Contact Hello Steve, thanks for the reply, No doubt I like MS FTP too and I have AD on my network. I read that article and I only have the IP available to me... the ports are shaded out. I guess this is because I do not have the firewall on at all. I am behind a Cisco and a Firebox  that only have 21, 990 open at this time. Do you think that I should try openning these ports on that firewall. Of course this sounds like a rediculous question but non-the-less I asked.   Thanks Joseph

• 02-22-2009, 1:44 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964	Re: Need help with Public FTP site please Reply Contact I would try 4900-4910 and configure the FTP ports and test from outside. After you connect remotely, it should show in the FTP logs what pasv port is being connected to.   Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-22-2009, 1:59 PM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66	Re: Need help with Public FTP site please Reply Contact Ok sounds like a great idea. Do you happen to know why my ports are shaded out in IIS manager for the FTP site? Is it because my Windows Firewall is not on?   Thanks I will try from outside later I do appreciate your time Steve   Joseph

• 02-22-2009, 5:03 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964	Re: Need help with Public FTP site please Reply Contact You have to set the ports at the computer level, not site level.  You have to s Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-22-2009, 5:33 PM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66	Re: Need help with Public FTP site please Reply Contact Thanks Steve  Ok I am aware of that but if Windows Firewall is Off, there are no ports blocked.There is no Firewall. I have it off in the services section set to manual My ports at the site level are shaded out for the FTP

• 02-22-2009, 7:35 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 3,964	Re: Need help with Public FTP site please Reply Contact Is there a firewall on your external router?  Cisco or Firebox device?   Here is the picture inside IIS manager I'm trying to mention. http://www.iislogs.com/images/ftpsslports.jpg     Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 02-23-2009, 3:10 PM

  In reply to

  Cosmopoet Joined on 10-25-2007, 8:44 PM Posts 66

  Re: Need help with Public FTP site please Reply Contact Hello Steve,  I think that i forgot to say this. I can access the site NON SSL and get directory listings I just cannot do it SSL Also I finally looked at the logs like I was supposed to do and the data ports are constantly changing sometimes it is 49900-49925 and other times it is 65000 - 65003 See: 2009-02-23 20:28:52 - DB108\Administrator 10.10.111.9 62654 DataChannelClosed - - 258 15 3fd82ff5-13d5-4888-ac09-  2009-02-23 03:21:54 75.147.211.xx DB108\Administrator 10.10.111.9 49948 DataChannelClosed - - 64 0 4b08a95b-d480 *************************************************************************************************************** Here is the FTP Client feedback:  Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Waiting to retry... Status: Delaying connection due to previously failed connection attempt... Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Waiting to retry... Error: Connection attempt interrupted by user Status: Resolving address of ftp.archive Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER administrator Status: TLS/SSL connection established. Response: 331 Password required for administrator. Command: PASS ********** Response: 230 User logged in. Command: SYST Response: 215 Windows_NT Command: FEAT Response: 211-Extended features supported: Response:  LANG EN* Response:  UTF8 Response:  AUTH TLS;TLS-C;SSL;TLS-P; Response:  PBSZ Response:  PROT C;P; Response:  CCC Response:  HOST Response:  SIZE Response:  MDTM Response: 211 END Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (10,10,111,9,244,190). Status: Server sent passive reply with unroutable address. Using server address instead. Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER administrator Status: TLS/SSL connection established. Response: 331 Password required for administrator. Command: PASS ********** Response: 230 User logged in. Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (75,147,211,xx,244,191). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER administrator Status: TLS/SSL connection established. Response: 331 Password required for administrator. Command: PASS ********** Response: 230 User logged in. Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (75,147,211,xx,244,193). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Directory listing aborted by user Status: Disconnected from server Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER administrator Status: TLS/SSL connection established. Response: 331 Password required for administrator. Command: PASS ********** Response: 230 User logged in. Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (75,147,211,xx,244,194). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Directory listing aborted by user Status: Disconnected from server Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER administrator Status: TLS/SSL connection established. Response: 331 Password required for administrator. Command: PASS ********** Response: 230 User logged in. Command: SYST Response: 215 Windows_NT Command: FEAT Response: 211-Extended features supported: Response:  LANG EN* Response:  UTF8 Response:  AUTH TLS;TLS-C;SSL;TLS-P; Response:  PBSZ Response:  PROT C;P; Response:  CCC Response:  HOST Response:  SIZE Response:  MDTM Response: 211 END Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (75,147,211,xx,244,195). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing Status: Resolving address of ftp.archive. Status: Connecting to 75.147.211.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: USER anonymous Response: 331 Anonymous access allowed, send identity (e-mail name) as password. Command: PASS ************** Response: 230 User logged in. Command: SYST Response: 215 Windows_NT Command: FEAT Response: 211-Extended features supported: Response:  LANG EN* Response:  UTF8 Response:  AUTH TLS;TLS-C;SSL;TLS-P; Response:  PBSZ Response:  PROT C;P; Response:  CCC Response:  HOST Response:  SIZE Response:  MDTM Response: 211 END Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (75,147,211,xx,244,196). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing Thanks for that arial view :) helped tremendously. I did that and I still cannot get a listing. I have done this on another server 08 box with FileZilla to test if I was crazy and it works fine. Do you think that I need to delete this FTP site and start over? I can show pics also if you need to see them. Thanks Joseph