?
Solved

Urgent: Windows 2003 SP1 Disables Passive FTP Connections - How do I reinable them?

Posted on 2005-05-12
6
Medium Priority
?
278 Views
Last Modified: 2011-10-03
I have a web server running Windows 2003 that allows some users to transfer files via FTP to the server.  This server has been configured this way and running just fine for over a year.  Two days ago, I installed SP1 on the server, and all of a sudden getting complaints from users that they couldn't connect to their FTP sites.  After much troubleshooting, I found out that the server had disabled any passive FTP connections.  If the user connects via an active connetion, it works fine, but all passive connections (which most all clients use) will not allow a connection (it will just hang).  I do have a firewall in place in front of the server that was configured properly before to handle FTP connections, so unless SP1 simply changes the allowed ports and I need to reconfigure my firewall, then the problem is with the service pack.  Please don't tell me to only allow active connections because I have a business need to allow passive connections for my clients.  Any suggestions on how I can reinable passive connection capabilities?
0
Comment
Question by:bmccleary
  • 3
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
eatmeimadanish earned 2000 total points
ID: 13988345
Disable the windows FTP service and run another FTP program or :

EnablePortAttack
 
Registry Path
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters
 
Data Type
 REG_DWORD
 
Default Value
 0 (disabled)
 
Range
 0,1
 
Description
 This entry is disabled by default to prevent a security problem in the FTP protocol specification. Because EnablePortAttack is disabled by default, you should enable this flag if you want users to connect by using other ports as specified in the FTP RFC. The FTP service specification allows passive connections to be established based on the port address given by the client. This can allow malicious users to execute destructive commands in the FTP service. The problem occurs when the FTP service makes a connection to a client using a port other than FTP Data port (20) and that port number is less than IP_PORT_RESERVED (1024). EnablePortAttack controls whether or not such an attack should be allowed. By default, the service does not make any connections to port numbers lower than IP_PORT_RESERVED (other than 20).
 
0
 
LVL 10

Expert Comment

by:Seelan Naidoo
ID: 13988658
have a look at either:

Global FTP settings
1. In IIS Manager, expand the local computer, right-click the FTP Sites folder, and click Properties.
 
Individual FTP site settings
1.In IIS Manager, expand the FTP Sites folder, right-click the FTP site whose settings you want to change, and click Properties.
 
0
 

Author Comment

by:bmccleary
ID: 13989381
Sean,
Thanks for the information, but that doesn't help me... the properties section for FTP doesn't deal at all with active/passive settings... I wish it was that easy.

eatme...
I am looking at your solution now... thanks.

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bmccleary
ID: 13989473
Eat me...
I don't have any entry named EnablePortAttach under the registry key you provided.  Any other thoughts?
0
 
LVL 13

Expert Comment

by:eatmeimadanish
ID: 13990560
Add the entry.
0
 
LVL 13

Expert Comment

by:eatmeimadanish
ID: 13990579
It's a dword value, I have it in my install (i just checked).
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Integration Management Part 2
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question