• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Urgent: Windows 2003 SP1 Disables Passive FTP Connections - How do I reinable them?

I have a web server running Windows 2003 that allows some users to transfer files via FTP to the server.  This server has been configured this way and running just fine for over a year.  Two days ago, I installed SP1 on the server, and all of a sudden getting complaints from users that they couldn't connect to their FTP sites.  After much troubleshooting, I found out that the server had disabled any passive FTP connections.  If the user connects via an active connetion, it works fine, but all passive connections (which most all clients use) will not allow a connection (it will just hang).  I do have a firewall in place in front of the server that was configured properly before to handle FTP connections, so unless SP1 simply changes the allowed ports and I need to reconfigure my firewall, then the problem is with the service pack.  Please don't tell me to only allow active connections because I have a business need to allow passive connections for my clients.  Any suggestions on how I can reinable passive connection capabilities?
0
bmccleary
Asked:
bmccleary
  • 3
  • 2
1 Solution
 
eatmeimadanishCommented:
Disable the windows FTP service and run another FTP program or :

EnablePortAttack
 
Registry Path
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters
 
Data Type
 REG_DWORD
 
Default Value
 0 (disabled)
 
Range
 0,1
 
Description
 This entry is disabled by default to prevent a security problem in the FTP protocol specification. Because EnablePortAttack is disabled by default, you should enable this flag if you want users to connect by using other ports as specified in the FTP RFC. The FTP service specification allows passive connections to be established based on the port address given by the client. This can allow malicious users to execute destructive commands in the FTP service. The problem occurs when the FTP service makes a connection to a client using a port other than FTP Data port (20) and that port number is less than IP_PORT_RESERVED (1024). EnablePortAttack controls whether or not such an attack should be allowed. By default, the service does not make any connections to port numbers lower than IP_PORT_RESERVED (other than 20).
 
0
 
Seelan NaidooMicrosoft Systems AdminCommented:
have a look at either:

Global FTP settings
1. In IIS Manager, expand the local computer, right-click the FTP Sites folder, and click Properties.
 
Individual FTP site settings
1.In IIS Manager, expand the FTP Sites folder, right-click the FTP site whose settings you want to change, and click Properties.
 
0
 
bmcclearyAuthor Commented:
Sean,
Thanks for the information, but that doesn't help me... the properties section for FTP doesn't deal at all with active/passive settings... I wish it was that easy.

eatme...
I am looking at your solution now... thanks.

0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
bmcclearyAuthor Commented:
Eat me...
I don't have any entry named EnablePortAttach under the registry key you provided.  Any other thoughts?
0
 
eatmeimadanishCommented:
Add the entry.
0
 
eatmeimadanishCommented:
It's a dword value, I have it in my install (i just checked).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now