problems with FTP

Are you testing it out with a browser by any chance or a ftp client.

Based on what you are saying, as savone asked, it sounds as if you are using a browser which may be configured to pass your real userid and password when connecting to a ftp server that is in the same domain (based on IP address) as your are.  When you on a different domain, it may be attempting to use anonymous.

Have you tried using a command like or GUI FTP client instead of a browser.

Assuming you are using IE for your FTP connection, go to the Tools menu, Internet Options..., Advanced tab, Browsing section, and make sure "Use Passive FTP" is selected.

Cheers,
-Jon

at windows command prompt type:
ftp
open <yourserveraddres>
it wil ask you for username: anonymous
as a password type: a@a.a
if it let you go further type 'ls' or 'dir'

and post responses here.

Create a new user account on windows, try to do the same steps as you have already done before and if you are using IE then i'd take The--Captain's suggest on that.
Just try to list the open ports here, and what program you are using to connect ftp.

Just download a free ftp client if you dont have one already.  Use passive mode and enter the correct username and password.  It sounds to me like you are using a browser and you will receive that error.  Another thing you can do is if you try it with the browser and get that error.  Right click in the blank part of the browser window and select Login As..  Put your username and password and off you go!

Thank you all for the responses.  Unfortunately nothing has worked....

I have verified my settings in IE, and the same thing happens when using Firefox.


When attempting to connect via command prompt, I get the following:

Connected to (domain)
Connection closed by remote host

When it gives me the "connected to" message, I am unable to do anything until it gives me the "connection closed" message...


When attempting to connect via FTP client (i used WS_FTP), I get the following:

Connecting to (server)
Connected to (server)
Error reading response from server
Conection closed by remote host


Any other ideas?

Thanks!

Hi, I've had this problem before too. I'm not sure if this will solve your problem but what I did was I changed the permission settings on my folder for all access. And then I used this program called SmartFTP and connected anonymously. Once you put a check next to connect anonymously to your FTP server the password is provided for you.
Then you should be able to connect. Hope it works.

Hello Appleman,
Do you have the IIS snap-in for XP installed and, also have you installed the ftp service...note that it is not installed by default, even with IIS, just because you can get to it locally does not mean the service is properly setup, or that IIS is either for that matter.
IF you set it up in IIS so that the ftp site you are working with is the default ftp site, so that you can just type in ftp://computername and hit enter.
You have to allow anonymous logins as well, until you can verify connection. Also move to security after You verify functionality.

Also Try to make sure to use this command after following the above steps and make sure you have windows cd ready.
Click Start --> Run --> sfc/scannow
After finishing the installation restart and try to connect again.

I'd recommend deploying a sniffer at this point.

Cheers,
-Jon

hi all,

has anyone found a solution to appleman's problem yet? coz I m facing exactly same problem..

I have a dlink wireless router... and XP SP2 on my machine
port 21,20-69-1024 etc are forwarded to my machine running ftp server.
ftp root folder is network shared with everyone read access on.
xp-firewall is configured to allow traffic on above mentioned ports.
ftp application is also allowed outgoing connections in xp-firewall.
Avast Anivirus which cleverly updated itself in the background with a port blocker service, has been completely disabled.

All in All have done everything seemingly possible. But nothing works.

Doesn't matter what client I use, IE or Smartftp, result is same. Have enabled PASV on both. LAN FTP connection has no problems.

SmartFTP shows an interesting error message.
ERROR   ->  An established connection was aborted by the software in your host machine.
ERROR   ->  Connection closed.

Googlling it tells that it is the antivirus application blocking something. I have completely disabled my Avast Anivirus and yet same error message.

have spent hours on it...  someone help please...

How much time elapeses between the time you get the "connecting to server" until you get "connecting disconnected?"

At this point I agree with "The--Captain", you need to get a sniffer.  A very good free one is Ethereal.

I would also suggest that you look at the logs from the FTP server, or have whomever has access to these logs look at them and see what it may say.

OK ... Some things have changed

When checking the installed Windows components, I discovered that although IIS was installed, the FTP component was not.  I proceeded to install and then ran the 'sfc /scannow' command as suggested.  After rebooting and trying to access from remote computer, it still fails.  This time the errors are:

(in IE)
Windows cannot access this folder.  Make sure you typed the file name correctly and that you have permission to access the folder.
Details: The operation timed out

(in CMD prompt)
connect :Unknown error number

(in WS_FTP)
Error reading response from server
Connection closed by remote host


My FTP server has stopped running as well (I'm using BulletProof).  When I go to start it, I now get the message stating port 21 is already in use.


Also, when checking the event logs, there are a couple of messages:

Event ID:   3004
Source:   LoadPerf
The Last Counter registry value could not be read or was the incorrect data type. The Win32 status returned by the call is the first DWORD in Data section.

Event ID:   3011
Source:   LoadPerf
Unloading the performance counter strings for service MSFTPSVC (FTP Publishing) failed. The Error code is the first DWORD in Data section.


I am now going to download a sniffer and run that.  I'll get back to you with my findings.

Thanks for everyones help with this :)

What exactly am I looking for with the sniffer?  I have ran it while trying to connect to the FTP and then I also ran it without trying to connect.  Both results are very similar.

Also, the log on the FTP server is empty.  The only connection attempt it shows is the times I have connected locally.
I was able to start the 3rd party server I will be using by going into the Microsoft IIS FTP site that is now setup and stopping it.

And when connecting from the outside, it takes 20 seconds before the error pops up.

IE takes a few secs (5-6) before popping up with the error and smartftp makes the connection and after max 2 secs throws the error I mentioned above.

I am using a 3rd party ftp server. Have tried Netfile and Cerberus FTP Server both. Its not the fault of these ftp servers as they were running fine a month ago. I think it is some windows update or soemthing which is causing these issues. Don't know for sure.

Appleman - Have you checked your antivirus software?. On one site I found that Mcaffee and norton both were monitoring access on posrt 21 and causing this problem to some users however the site also says that they have provided patch thru their  liveupdate feature and it shouldn't be a problem anymore. Jut to be double sure If you have any antivirus running then try disabling it.

I am still googling on it. :((

Hello appleman
My guessing that is have something to do with the ftp server registry....

If a function fails, the application can call the Win32 Internet function GetLastError to retrieve the specific error code for the failure. In addition, the FTP and Gopher protocols let servers return additional error information. For these protocols, applications can use the InternetGetLastResponseInfo function to retrieve error text.
Both GetLastError and InternetGetLastResponseInfo operate on a per-thread basis. If two threads call Internet functions at the same time, error information will be returned for each of the individual threads so that there is no conflict between the threads.
Have a look Here:
http://www.graphcomp.com/info/specs/ms/inetr001.htm

this is the registry path for the FTP
Registry Path :  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters
Default Value  0 (disabled), if you want to enable it, or if it was disabled and you want to enable it just change the value to(1).

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4bcadb65-e584-44ed-8016-c239e598065e.mspx

Download this zip file, extract it and run it:-
http://www.updatestage.com/xtras/downloads/support/win32err.zip
This Lets you look up Win32 API error codes. MasterApp Win Xtra returns standard API error codes.
 
http://www.updatestage.com/xtras/downloads/support/win32sys.zip
Microsoft system files needed by Win32 Error. Download only if you don't already have them in Windows\System:
RICHTX32.OCX
vb40032.dll

Now you can do a search on the file and check if its exist, or you can goto dos prompt and do dir to view the files if they were hiden in the explorer.
Start --> run --> cmd
c:
cd\
cd windows
dir rich*.ocx vb40*.dll /s /a
if one of the files is missing then download the .zip file and extract the missing file to %rootsystem%\system32.

Also open the registry:-
Click Start, Run and enter REGEDIT   Go to:
And naviage to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
In the right pane, you will see values named www, ftp, gopher, mosaic and others
ftp.microsoft.com and adds the appropriate http:// or ftp:// portion of the URL.  You can add your own definitions. An example would be your personal web site.  
Say the URL is http://johnsmith.freewebsites.com.  You wouldn't be able to type in johnsmith.freewebsites.com in the address bar of IE, as IE wouldn't know how to translate johnsmith.  Add a new String value to the above key, named johnsmith and set the value to http://   Now, IE will be able to translate johnsmith.freewebsites.com and add the http:// portion automatically.  

http://www.kellys-korner-xp.com/xp_h.htm

ok heres where I'm at now....

I have proceeded to uninstall/reinstall the Windows IIS components.  Once done, I went in and completely removed the default FTP site that IIS creates.  Once I did that, the errors being generated in the event log went away.

I followed the instructions given by moh10ly and discovered that neither of the files mentioned existed on the system.  I downloaded and copied them both to my system32 directory.

My FTP server sucessfully starts and it can be accessed locally.  When attempting to access from a remote location, it continues to give the following errors:

(in IE)
Windows cannot access this folder.  Make sure you typed the file name correctly and that you have permission to access the folder.
Details: The operation timed out

(in CMD prompt)
connect :Unknown error number

(in WS_FTP)
Error reading response from server
Connection closed by remote host


One thing I notice which may be relevant is that I am unable to ping port 21 remotely.  I can successfully ping the IP, but as soon as I put :21 after it, I immediately get the following error returned:

Ping request could not find host (server).  Please check the name and try again.

I should be able to ping it that way right?

Most ping commands will not allow you to ping a specific port, it not like the telnet command where you can specify the destination port.  You may want to look at tooks like Superscan or nmap, that can detect open ports.  In the sniffer trace you should see something like:

#1  client:1024      TCP-SYN >         srv:21
#2  client:1024    <TCP-SYN-ACK     srv:21
#3  client:1024      TCP-ACK >         srv:21
#4  client:1024     <TCP                  srv:21
#5  client:1024       TCP-ACK>         srv:21
#6  client:1024     <TCP                  srv:21
#7  client:1024       TCP-ACK>         srv:21

Where client is your PC, 1024 is any port 1024 or higher, srv is the ftp server and 21 is port 21.  Depending on what sniffer you are using #4 and #6 may have FTP, also depending on the "welcome" message from the FTP server you may not see #6 and #7.

I can't remember, have you tried to connect to the ftp server from the ftp server?  Open command prompt and enter "ftp localhost"?

Appleman can you adjust the registry key in this path

Click Start --> Run - >> type Regedit

Navigate to the key below
 
Registry Path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters
The default value in the registry is always 0 (disabled), Change it to 1 to enable the port attack.
Save the registry after changing, and then log of, and log in check if anything changed with the IE.
Now this should allow port attack.

Check this also
http://support.microsoft.com/default.aspx?kbid=842242

appleman

At this point you sure your ftp server is working as you can connect to it locally. Don't make any changes with ftp service until solve the problem with connecting from remote. Now you have the problem with connectivity not with the ftp server. Can you give more details on your network topology - what devices are in use, I mean between ftp server and remote client (firewall, router, modem, etc.) What settings they have, protocols used, addresses?

It seems you have NAT somewhere and FTP ports aren't translated to your server. You have to forward TCP ports 20,21 to your FTP server.

Regards.

Here are some useful links about FTP from inside:

http://www.hn.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/ssh/ch11_02.htm
http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html

Registry modification suggested has been made.  No change.

As for the topology, the computer is sitting by itself connected directly to a Motorola Surboard SB5120 modem.  Thats it... no router, no firewall.

NAT shouldnt be being used for anything that I'm aware of, but if it is, how would I find that out?

When looking at my sniffer results, I see no mention of port 21 or FTP in any line.  Im using Ethereal.

I have a Dlink WAP/router/Modem with Ip 192.168.1.1.

I have forwarded the ports 20-21 and PASV ports 1025-1030 to my local machine 192.168.1.3.
Windows firewall is disabled on my local machine. I am using netfile FTP server at the moment. It used to work fine a month ago.

Using smartftp
ftp localhost works fine.
ftp 192.168.1.3 works fine
ftp 192.168.1.1 throws this error..
ERROR   ->  No connection could be made because the target machine actively refused it.
ERROR   ->  Connection closed.

When I try to connect the router from internet using smartftp it throws the same error..  And when I use IE it shows the same message as the one appleman is fedup with.

Can anyone help here..?

To Navin,

I would not expect your router to forward from behind it.  That is when you attempt to ftp to 192.168.1.1 from a PC that is also on the 192.169.1.1  it will not do port forwarding.  It should only do port forwarding from hosts that are on the WAN side of the WAP/Router.

Is your  Dlink WAP/router/Modem actually what physically connects you to the Internet?  Or is it really just a WAP/Router and you have a seperate cable/DSL modem?  What model DLink box do you have?

Appleman.

I have resolved my issue which was throwing same error as yours..

My research on internet leaded to following explanations..

1) Manual PASV options needn't to be set on FTP server. It is relevant to FTP clients running behind a firewall and NAT router's forwarding of PASV ports isn't mandatory. Forwarding 20 and 21 will just do the job.

2) I did a reset in my router with factory loaded settings and started with forwarding only 20-21 for FTP and TCP1214/UDP6346 for DC++.

I can now successfully login from remote locations. I am only not able to FTP the WANIP from LAN side which I was able to do earlier(somehow). BUt I can do LAN FTP to LAN IP and remote FTP to WAN IP successfully.

Even my antivirus's LAN shield and Peer Guardian isn't causing any problems whatsoever. I have opened up port 20-21 in Windows Firewall as well. Everything looks OK now. I know it may sound illogical but I reboot my machine everytime I do any changes in windows firewall. I have had problems before with It and sometimes It registers the changes only after a reboot.

I have winxp with SP2 and Faststream netfile FTP server. Haven't changed anything in registry since IIS FTP service is not installed on my machine.

So My suggestion is it has only to do with your PORTs. Folder permissions and other stuff has nothing to do with it. Just try to start from scratch, reset everything and play with port 20 and 21 only. It will work.

Hello Appleman
It seems the FTP account is locked. And you could not sign in using FTP On IE or the mentioned program by navin_uk .

I think the account will be unlocked after a certain amount of time, as can you can configure it with Windows accounts.

Edit: the time that elapsed allowing you to sign in again is very short; maybe two minutes.
check this link below.

https://www.experts-exchange.com/questions/20837745/ftp-connect-Unknown-error-number.html

The one thing I am certain of is that the FTP account is not locked.  Not on the server side anyway.  If that was the case, It would exist in a log somewhere stating that.  If a sniffer isnt even showing traffic on port 21, thats a pretty good indication that no traffic is coming through, right?  No traffic, no way to lock the account.  And remember, when I access locally, it works just fine...

As much as I wanted to avoid this, because of all the previous postings regarding IIS and the Windows FTP environment, I have decided to eliminate the 3rd party server from the equation and use glorious Windows for all its worth.
I started from scratch by completely uninstalling my 3rd party server and all IIS components.  Reinstalled IIS with FTP, setup the site, configured my accounts (even allowed for annonymous access), and accessed locally on my first try.  As soon as I try to get in remotely, I get the same errors.

I agree with Navin UK, this sure does seem like a port issue.  I just dont know what could be blocking it though....

Once again, Im raising the points here in hopes of someone having an answer.  Im beginning to feel abandoned so maybe more points will do the trick :p

How to know if port 21 is blocked ???
Your PC and/or router did not allow a connection to this service/port, in fact it does not appear to even exist. Most likely your ISP, proxy server, firewall or router has blocked or masked this port.

http://www.digconsys.com/testdir/portscan.html

Appleman, You can try a proxy server and connect to that through port 80 and through that to port 21.

Also have you checked your ISP? Id be rather worried if they blocked port 21.

Also Check this site, and see the program in it, there's a download link inside... It's a port detective.
http://www.portdetective.com/results.html

Appleman,

I think there is definitely something running on your machine which is capturing port 21 requests from WAN Side but not forwarding it to your ftp server. It looks like the conflict between a proxy server and your FTP server. There might be some Proxy server running on your machine or something else which is accepting port 21 connections but doing nothing after that.

I will suggest you again. Check everything again.. minutely check all your services thru control panel...

Also check all the programs in the memory using "Security Task Manager". Its a free tool.

Its definitely a Port conflict.

Ok I am definately looking at port issue.  I run the scans suggested by moh10ly and port 21 is certainly blocked....

Now, is there a tool available that will tell me what process/application/device/whatever is causing this?  I have gone through and killed processes and used the tool suggested by navin_uk and the problem persists.  Now that I know SOMETHING is blocking the port, I just have to determine what.  I have again confirmed with my ISP that port 21 is not blocked on their end and I cant find anything obvious on my end....

Where did you run the scan from?

What is between where you ran the scan from and where the ftp server is?

Appleman,

Thanks to moh10ly , using fport utility I can now check easily which applications are running on which port. I believe you have by now discovered which thing is occupying your port 21. Just in case the matter isn't resolved yet I have an alternative solution for your problem. I have just tested this thing with my router and this trick works fine. I have forwarded the port21 of my router to port 4343 ( Any Random Unoccupierd port) on my machine where I have configured my FTP server to listen FTP requests on 4343. I am using netfile FTP server. So If you can't sort out Port21 on your machine then you can use this option as a last resort. Atleast for outsiders It won't make any difference. They would still be sending normal ftp requests to port 21. :))

Good Luck!!

Appleman,

Check your modem manual as it will be the point where ports are blocking. Check NAT section and make ports TCP 20,21 be forwarded to your FTP server.

Regards.

I appologize for the delayed response.  I had to leave town for a couple of days but am back again.....

Well guys, things are now working, and its possible that they have been working for some time now.  When I began my troubleshooting of this, I had two other people on outside networks give it a try with no success.  I thought this had confirmed the issue was with my computer at home hosting the FTP server.  After that point, all my connectivity testing was done from the same computer at my office.  Last night I was unable to get remoted into that computer to continue testing, so I was forced to access another remote system.  When I tested FTP access, it worked.  When I was able to gain access to the original system I was testing from, it didnt work.  These are two different computers that exist within the same domain, the only thing different between the two is the subnet and physical location (one being in Las Vegas the other in Reno).

This morning I checked the router configuration on my Vegas network and found that all inbound/outbound calls to port 21 had been silenced.  After further research, I found that this change was made only a month ago when I had someone come in to configure the router on the Vegas side for a redundant point-to-point.  He thought it to be good practice to make changes such as this without informing anyone.  Sad that so many problems can be caused by one person's assumptions....

Regardless, I am functioning again and am most appriciative of all the excellent help I have received.  For point distribution, so many of you helped, but it seems to have all come down to the topology that I was so quick to dismiss.  I have never split points rewarded, but I feel its worthwhile in this case (just give me a minute to figure out how lol)
Thanks again!

You should split point for who'll help you to figure it out ;).
jk.

Sorry guys, I was expecting an option to only give a certain amount of points, but that didnt happen.  as soon as I selected accept and gave a grade, all point were given to moh10ly.

Although I dont feel the points should have been given solely to one person, I dont guess there is anything that can be done now.  My thanks goes out to you all!

Regards

Appleman,

Congrats!! :))

>He thought it to be good practice to make changes such as this without informing anyone.

Ouch.  What an idiot.  I see what I consider to be ridiculous configs on client routers all the time, but I leave it alone because:

A.  They are not paying me to "fix" their ridiculous config
B.  You never know what will break if you adjust a portion of the config that you are not contracted to adjust.

BTW, if you ever need to "ping" TCP ports in the future, check out hping - If you can't find a native windows version you can get it running under cygwin.  Also, tcptraceroute will perform traceroute-like behaviour on a specific TCP port (but may also require cygwin).

Cheers,
-Jon

I appriciate the offer Jon, but my previous posting was done in haste.  Upon actually reading over everything again, I think the points were given out just as they should have been.

Thanks again!

Appleman,

One thing I didn't understand , how come you then found port 21 blocked on your FTP server machine.. ?

you said:-
"Ok I am definately looking at port issue.  I run the scans suggested by moh10ly and port 21 is certainly blocked...."

Does the scan still show same result on your ftp machine?