Urgent: Windows 2003 SP1 Disables Passive FTP Connections - How do I reinable them?

Posted on 2005-05-12
Last Modified: 2011-10-03
I have a web server running Windows 2003 that allows some users to transfer files via FTP to the server.  This server has been configured this way and running just fine for over a year.  Two days ago, I installed SP1 on the server, and all of a sudden getting complaints from users that they couldn't connect to their FTP sites.  After much troubleshooting, I found out that the server had disabled any passive FTP connections.  If the user connects via an active connetion, it works fine, but all passive connections (which most all clients use) will not allow a connection (it will just hang).  I do have a firewall in place in front of the server that was configured properly before to handle FTP connections, so unless SP1 simply changes the allowed ports and I need to reconfigure my firewall, then the problem is with the service pack.  Please don't tell me to only allow active connections because I have a business need to allow passive connections for my clients.  Any suggestions on how I can reinable passive connection capabilities?
Question by:bmccleary
    LVL 13

    Accepted Solution

    Disable the windows FTP service and run another FTP program or :

    Registry Path
    Data Type
    Default Value
     0 (disabled)
     This entry is disabled by default to prevent a security problem in the FTP protocol specification. Because EnablePortAttack is disabled by default, you should enable this flag if you want users to connect by using other ports as specified in the FTP RFC. The FTP service specification allows passive connections to be established based on the port address given by the client. This can allow malicious users to execute destructive commands in the FTP service. The problem occurs when the FTP service makes a connection to a client using a port other than FTP Data port (20) and that port number is less than IP_PORT_RESERVED (1024). EnablePortAttack controls whether or not such an attack should be allowed. By default, the service does not make any connections to port numbers lower than IP_PORT_RESERVED (other than 20).
    LVL 10

    Expert Comment

    have a look at either:

    Global FTP settings
    1. In IIS Manager, expand the local computer, right-click the FTP Sites folder, and click Properties.
    Individual FTP site settings
    1.In IIS Manager, expand the FTP Sites folder, right-click the FTP site whose settings you want to change, and click Properties.

    Author Comment

    Thanks for the information, but that doesn't help me... the properties section for FTP doesn't deal at all with active/passive settings... I wish it was that easy.

    I am looking at your solution now... thanks.


    Author Comment

    Eat me...
    I don't have any entry named EnablePortAttach under the registry key you provided.  Any other thoughts?
    LVL 13

    Expert Comment

    Add the entry.
    LVL 13

    Expert Comment

    It's a dword value, I have it in my install (i just checked).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now