July 5, 2008 02:58pm pdt

1. giltjr 79,023
2. omarfarid 13,200
3. keith_al... 6,500
4. Shift-3 6,000
5. AllKnowing1 5,600
6. Addihul 5,000
7. meverest 4,000
7. naughton 4,000
9. RubalJ 3,500
10. daveslash 3,000
11. SagiEDoc 2,900
12. rwaldicott 2,580
13. knightEk... 2,500
14. FishMonger 2,400
15. mcse2007 2,250

1. giltjr 214,135
2. lrmoore 213,372
3. RobWill 119,806
4. stevenlewis 80,874
5. pseudocyber 77,635
6. rsivanandan 50,598
7. JFrederi... 35,520
8. sciwriter 31,930
9. Joesmail 30,746
10. snerkel 29,776
11. grblades 27,480
12. harbor235 25,610
13. garycase 24,400
14. calvinetter 24,170
15. chicagoan 23,912

12.17.2007 at 08:53AM PST, ID: 23028331

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.0

FTP blocked on client but works on Gateway Server

Zones: File Transfer Protocol (FTP), Windows Networking, Windows XP Operating System

Tags: ftp, 12031, error, blocked, server

When I access FTP sites on my Windows XP Pro SP2 machine I get "Internet Explorer cannot display the web page". The same problem occurs on different clients and different FTP sites including ftp://ftp.microsoft.com/. Normal HTTP access is OK. I ran the network diagnostic program on XP and it reports "FTP (Passive): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset ".

I'm using a windows server 2003 standard edtion SP2 as a gateway. It has a broadband router connected to one NIC and the internal network connected to the other. I have routing and remote access enabled with a static route, and NAT.

Strange thing is I can access FTP sites from my gateway windows server, but not from any clients or other servers. I've tried disabling virus scan/firewall on my client but it didn't help.

Any suggestions would be gladly received! Thanks, Peter.

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: Peter_Cull

Solution Provided By: dragonjim

Participating Experts: 4

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

12.17.2007 at 09:45AM PST, ID: 20486474

Rank: Master

dragonjim:

Any firewalls that might be blocking port 21?
Also, you have your gateway pointing to the correct IP.

Sounds like the request is not going out to MS ... or the site is not allowed in. Based on the fact you can connect at Gateway, and not clients -- I'd suspect a firewall on your local clients.

Assisted Solution

12.17.2007 at 10:10AM PST, ID: 20486655

Peter_Cull:

Hi dragonjim,
I don't think it's a firewall on the client as I can connect my laptop directly to the broadband router and access FTP sites OK without changing anything on the laptop or router. On the server I have symantec antivirus but not symantec firewall. Within Routing and Remote access there is NAT/Basic firewall but as far as I can tell this only restricts inbound traffic. Not sure where else to check.
Regards, Peter.

12.17.2007 at 10:29AM PST, ID: 20486769

simcasuro:

Check the network connection settings of NIC that is connected to internal network. I mean Firewall setting for that NIC.

Assisted Solution

12.17.2007 at 10:34AM PST, ID: 20486794

simcasuro:

And on the NAT setting make sure you have not blocked any ftp ports (21 by default, or others for ssl), or applied any filters for them.

Assisted Solution

12.17.2007 at 10:39AM PST, ID: 20486826

Rank: Master

dragonjim:

did you configure (or by default) ANY restrictions on the NAT device? Double check settings, you wouldn't be the first (nor the last) to say its not firewalled.

-- Is the laptop the machine you are posting about? Or does this bring in a second machine that functions properly on the NAT router?

If laptop is a 2nd computer... Then I'd strongly suspect XP's internal firewall or any 3rd party firewalls installed on the problem machine.

Try disabling any client side firewalls (troubleshooting only)... FTP to MS, if it works, re-enable.

Let us know if it worked with firewall down.

Assisted Solution

12.17.2007 at 10:59AM PST, ID: 20486948

Rank: Sage

RobWill:

Can you connect to the FTP site from a command prompt, to rule out any IE configuration problems?
If not familiar with doing so;
Go to a command prompt (DOS window)
enter: ftp ftp.microsoft.com
should get a request for user name, enter: anonymous
request for password, enter: any email address
To exit enter: quit

Assisted Solution

12.20.2007 at 05:27AM PST, ID: 20506379

Peter_Cull:

Hi Guys,
Thanks for the input. Answers to the best of my knowledge are:
- Standard windows firewall not applied to internal NIC or NIC connected to broadband router (this is disabled as we use routing and remote access).
- Routing and remote access NAT/Basic firewall has no inbound or outbound filters on internal or internet NIC.
- Port 21 open in NAT/Basic firewall.
- No restrictions on NAT device except for NAT/BASIC firewall (port 21 open). Not sure where else to check.
- This problem affects all clients when connected to the network. However I can connect laptop directly to broadband router and without changing anything FTP works OK. I assume problem is server related.
- FTP from command window asks for username but then immediately disconnects after entering "anonymous" with message "connection closed by remote host".

Hope this helps. Many thanks, Peter.

12.20.2007 at 11:35AM PST, ID: 20509253

Rank: Master

dragonjim:

On the off chance... Try opening ports:

20 FTP data port
21 FTP command (already open)
989 (secure FTP SSL)
990 (secure FTP SSL)

It sounds likes something on your gateway setup.

Assisted Solution

12.20.2007 at 12:35PM PST, ID: 20509693

Peter_Cull:

Hi,

I opened ports 20,989 and 990 (in addition to 21 already open) on the NAT/Basic firewall in RRAS but it didn't help. When I tried FTP site the packet rejected count in NAT/BASIC firewall didn't go up so I doubt this is blocking it.

As I understand it RRAS NAT/Basic firewall deals with inbound connections only, so would changing this help? When users are off the system I'll reconfigure the interface for a short time to open all ports and see it that fixes it.

Is there something else blocking ports on the server? Is there a bug in Win Server 2003 NAT/Routing?

Going to find a brick wall to bang my head against....

12.20.2007 at 12:45PM PST, ID: 20509767

Rank: Master

dragonjim:

What is getting me: YOU ARE COMMUNICATING... I'd be tempted to suggest a port forward from your gateway may need to be set, but the REMOTE HOST (Microsoft) is terminating... they are getting the request -- and perhaps not the credentials.

Not sure why, may need to sleep in on for a day or two -- unless opening up EVERYTHING works.

-- When connecting to MS ...
1) Use "anonymous" as name
2) It immediately disconnects any machine?

{your post}
- FTP from command window asks for username but then immediately disconnects after entering "anonymous" with message "connection closed by remote host".

Accepted Solution

12.21.2007 at 02:43AM PST, ID: 20512574

Peter_Cull:

Dragonjim,
Sorry this is proving such a hassle.
We had a very similar problem before with SMTP traffic. When telnet'ing from outside on port 25 you saw a welcome message from our exchange server then the connection dropped immediately with the same "connection closed by remote host" message. That time I fixed it by restarting RRAS and re-booting our broadband router. I'll try that again tonight.
Thanks, Peter.

01.07.2008 at 02:24PM PST, ID: 20603862

Rank: Sage

RobWill:

I had a similar problem with an SBS with 2 NIC's. On the client machine I stopped the "application layer gateway" service in the services management console, and it solved the problem. If this does resolve the problem, change the service from automatic to disabled.

Assisted Solution

01.08.2008 at 07:49AM PST, ID: 20609495

Peter_Cull:

Hi,
Sorry that didn't help. I stopped the service but got the same problem when accessing FTP.MICROSOFT.COM in IE7. I'll leave this open for another week then if no solution found will raise a ticket with MS Professional services. They do no win no fee!
Thanks anyway for your help.
Regards, Peter.

gerdwilhelmi

01.30.2008 at 04:05AM PST, ID: 20776295

Hi everybody !
I have the excact same problem. No XP SP2 client can FTP anywhere, but the SBS 2003 R2 DC can. I do not have ISA installed, just RRAS. POrts 20 and 21 are open and the client machine local firewall is diisable (for now). I can FTP out to ftp.microsoft.com, but get ther immediate disconnection message when I enter the anonymous user name from the dos prompt.

Doesn't ftp need a data port in additon to the connection port 21 ? I read comments on the web saying the "return" port is really a temporary port in the range of 1000 to 5000 and you can never tell where the data comes back, thus the behavior that I can get to the site, but can't logon or communicate ?
I have ALG service running on the server.....documentation says that the only app supporting this service is FTP. Any insight if I need this service for anything else? Can I trial and error and shut it down ?
Just poking around......I have been pretty desparate to get this resolved !!

Any help is welcome
Gerd

RobWill

01.30.2008 at 04:41AM PST, ID: 20776487

Gerd, you will need to open your own question. On Experts-exchange suggestions are for the original question/poster only. This is primarily so that a thread will not continue indefinitely. Also this particular question has been closed.
Following link will outline posting questions and other common topics if you need a hand.
http://www.experts-exchange.com/help.jsp#hs7

For the record, the only incoming "un-solicited" traffic is on port 21, so only that port needs to be opened, though FTP actually uses 4 ports (2 are random). Most firewalls, such as the workstations' Windows firewall, will allow outgoing traffic by default. If you have a 3rd party firewall however, such as ZoneAlarm or Symantec Security suite it may need other ports opened.

Walk through the above solutions and see if any apply to your problem and/or post your own question and we will be glad to help.
Cheers !
--Rob

20080236-EE-VQP-29 / EE_QW_2_20070628