IIS 6 FTP Server and access denied when connecting from any other computer besides the Server

Basic site run down:
MS Windows SBS 2003
IIS 6
ISA Server 2004


Yesterday my client asked if I could allow their copier to send scans via ftp to a folder on the server. As the FTP component had not yet been installed I quickly added it via the Windows Components. After getting the basic FTP service going I added in a virtual directory called Scans to the FTP site which points to a folder on their storage drive for these scans.

Now I tried to access the site through ftp://server/scans to make sure I could write to it but got 'Access Denied'. I then disabled anonymous access and logged on using the administrator credentials to try and see if I could get access but I got the same thing. I checked the write permissions and it was ticked in the FTP site and Virtual Directory permissions also the folder properties had the right user permissions in order for the administrator to write in, as just standard file access writing/reading was possible. I advised my client I would continue looking into it tomorrow.

I'm now trying further to get this operational. Today I got rid of the default FTP site and tried to create the FTP site pointing directly at this Scans folder and set all the write permissions to the site and at the folder level. Now using my notebook through the VPN with WSFTP_Pro trial client I still can't put files onto the server and still get 'Access Denied'. This time I thought I would try opening an FTP connection with the same credentials on the server itself. This time I was able to make new files and folders and even copy and paste files into the ftp site. Now I'm really getting frustrated with it so I'm wondering if someone out there has also had the same problem.

Ah forgot something with the ISA server, I've added in a rule to allow traffic to FTP and FTP Server (so inbound and outbound) to the local network, vpn clients and even the network range this site operates in but it still didn't seem to make a difference.

Theres seems to be no trouble in establishing the connection to the ftp site from other computers through VPN but they just can't seem to put files onto it, but when connected to the FTP site directly on the server its possible..........
LVL 1
frenziedsoldierAsked:
Who is Participating?
 
nitadminConnect With a Mentor Commented:
It must be you ISA server. Check the settings on the ISA server.

Cheers,
NITADMIN
0
 
wrwiii12Commented:
Is this a domain or a workgroup?
0
 
Smacky311Commented:
Sounds like your getting requests through the server because you opened port 21 for FTP, but forgot to open port 20 for data transfer.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
frenziedsoldierAuthor Commented:
The site is a domain environment running Small Business Server 2003

As for port 20, I just tried adding that into the existing rule for ISA server to include port 20 incoming and outgoing but it hasn't made any difference
0
 
wrwiii12Commented:
You might want to try opening port 21 also.  Sometimes this works because there are commands involved.
0
 
frenziedsoldierAuthor Commented:
Under the definition of the protocol FTP and FTP Server they list the port as 21 so its already in the list of protocols to allow.
0
 
nitadminCommented:
You only need to open tcp port 21 on firewall/router.

Also if you are using IE, make sure you have "use passive ftp" checked in the advance tab of Internet options.

Also, if the server is joined to an Active Directory domain, then you have to use this convention for username.

domain\username

so if you domain is advenureworks.local and your username is joe.

then you would enter adventureworks\joe

Cheers,
NITADMIN
0
 
frenziedsoldierAuthor Commented:
I have tried logging in as <domain name>\user but it still doesn't allow me. I even used one of the PC's in the office instead of using my notebook over the VPN and I still get access denied from a domain workstation, but still have no problems using it when doing it on the server.
0
 
drawlinCommented:
Now maybe I am ignorant of IIS 6 ftp functionality, but I too have had similar problems.  To get the ftp server set up and functioning I had to do the following:

Create a local user account on the server (ftpscanner).  On your C: or D: drive create a folder to be your ftp root folder (d:\ftproot). In IIS manager, open the properties of your default ftp site.  Point the home directory to the D:\ftproot folder you created.  Then in the authentication checkbox, de-select annonymus, this will cause you to have to log onto it.  Now create a folder in the D:\ftproot named the same as the local account you made. (D:\ftproot\ftpscanner.  Lastly, open the properties of the D:\ftproot and D:\ftproot\ftpscanner folders and make sure that the local user ftpscanner has permissions to read and write to them.

After that, you should be able to open a command prompt on workstation and type: ftp IPAddress, you should be prompted for username.  ENter ftpscanner and enter then enter the password.  Hopefully you are in.  After that try a put command on a local file to see if you can write to the directory.

If you can do that from within the LAN, then test it from outside the LAN to test your ISA properties.

IIS ftp is kind of limited and hokey to confiure in my experience.  So there are some other ftp server products that are fairly inexpensive.  IPSwitch's ftp server even has the capability to do Secure ftp.
0
 
MarkWYnneCommented:
Make sure windows integrated authentication is enabled.
Enable anonymous access for the site

Open an explorer window and enter the FTP IP.
When opened select file> log in as and enter credentials.

You can then use admin account to alter the FTP or just use anonymous access to read.
0
 
Smacky311Commented:
-->You only need to open tcp port 21 on firewall/router.
This is true if everyone that accesses your FTP knows to use passive FTP.
0
 
Smacky311Commented:
Make sure you didnt check off Allow only anonymous connections (in IIS under server_name, ftp sites, default ftp site, properties, security accounts tab)  as this will not allow you to login with domain credentials.
0
 
frenziedsoldierAuthor Commented:
I found the cause off the issue, it appears that in ISA Server 2004 if your rule covers the FTP Protocol if you right click on the rule there is an option to configure FTP. The option is to either have FTP in 'Read Only' mode or not. So once that was unticked all the ftp traffice to the server miracously started to perform uploads!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.