Solved

IIS 6 FTP Server and access denied when connecting from any other computer besides the Server

Posted on 2006-11-08
13
631 Views
Last Modified: 2013-11-29
Basic site run down:
MS Windows SBS 2003
IIS 6
ISA Server 2004


Yesterday my client asked if I could allow their copier to send scans via ftp to a folder on the server. As the FTP component had not yet been installed I quickly added it via the Windows Components. After getting the basic FTP service going I added in a virtual directory called Scans to the FTP site which points to a folder on their storage drive for these scans.

Now I tried to access the site through ftp://server/scans to make sure I could write to it but got 'Access Denied'. I then disabled anonymous access and logged on using the administrator credentials to try and see if I could get access but I got the same thing. I checked the write permissions and it was ticked in the FTP site and Virtual Directory permissions also the folder properties had the right user permissions in order for the administrator to write in, as just standard file access writing/reading was possible. I advised my client I would continue looking into it tomorrow.

I'm now trying further to get this operational. Today I got rid of the default FTP site and tried to create the FTP site pointing directly at this Scans folder and set all the write permissions to the site and at the folder level. Now using my notebook through the VPN with WSFTP_Pro trial client I still can't put files onto the server and still get 'Access Denied'. This time I thought I would try opening an FTP connection with the same credentials on the server itself. This time I was able to make new files and folders and even copy and paste files into the ftp site. Now I'm really getting frustrated with it so I'm wondering if someone out there has also had the same problem.

Ah forgot something with the ISA server, I've added in a rule to allow traffic to FTP and FTP Server (so inbound and outbound) to the local network, vpn clients and even the network range this site operates in but it still didn't seem to make a difference.

Theres seems to be no trouble in establishing the connection to the ftp site from other computers through VPN but they just can't seem to put files onto it, but when connected to the FTP site directly on the server its possible..........
0
Comment
Question by:frenziedsoldier
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 4

Expert Comment

by:wrwiii12
ID: 17903485
Is this a domain or a workgroup?
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17903512
Sounds like your getting requests through the server because you opened port 21 for FTP, but forgot to open port 20 for data transfer.
0
 
LVL 1

Author Comment

by:frenziedsoldier
ID: 17903618
The site is a domain environment running Small Business Server 2003

As for port 20, I just tried adding that into the existing rule for ISA server to include port 20 incoming and outgoing but it hasn't made any difference
0
 
LVL 4

Expert Comment

by:wrwiii12
ID: 17903635
You might want to try opening port 21 also.  Sometimes this works because there are commands involved.
0
 
LVL 1

Author Comment

by:frenziedsoldier
ID: 17903820
Under the definition of the protocol FTP and FTP Server they list the port as 21 so its already in the list of protocols to allow.
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17903882
You only need to open tcp port 21 on firewall/router.

Also if you are using IE, make sure you have "use passive ftp" checked in the advance tab of Internet options.

Also, if the server is joined to an Active Directory domain, then you have to use this convention for username.

domain\username

so if you domain is advenureworks.local and your username is joe.

then you would enter adventureworks\joe

Cheers,
NITADMIN
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:frenziedsoldier
ID: 17904159
I have tried logging in as <domain name>\user but it still doesn't allow me. I even used one of the PC's in the office instead of using my notebook over the VPN and I still get access denied from a domain workstation, but still have no problems using it when doing it on the server.
0
 
LVL 5

Expert Comment

by:drawlin
ID: 17904179
Now maybe I am ignorant of IIS 6 ftp functionality, but I too have had similar problems.  To get the ftp server set up and functioning I had to do the following:

Create a local user account on the server (ftpscanner).  On your C: or D: drive create a folder to be your ftp root folder (d:\ftproot). In IIS manager, open the properties of your default ftp site.  Point the home directory to the D:\ftproot folder you created.  Then in the authentication checkbox, de-select annonymus, this will cause you to have to log onto it.  Now create a folder in the D:\ftproot named the same as the local account you made. (D:\ftproot\ftpscanner.  Lastly, open the properties of the D:\ftproot and D:\ftproot\ftpscanner folders and make sure that the local user ftpscanner has permissions to read and write to them.

After that, you should be able to open a command prompt on workstation and type: ftp IPAddress, you should be prompted for username.  ENter ftpscanner and enter then enter the password.  Hopefully you are in.  After that try a put command on a local file to see if you can write to the directory.

If you can do that from within the LAN, then test it from outside the LAN to test your ISA properties.

IIS ftp is kind of limited and hokey to confiure in my experience.  So there are some other ftp server products that are fairly inexpensive.  IPSwitch's ftp server even has the capability to do Secure ftp.
0
 
LVL 3

Expert Comment

by:MarkWYnne
ID: 17905043
Make sure windows integrated authentication is enabled.
Enable anonymous access for the site

Open an explorer window and enter the FTP IP.
When opened select file> log in as and enter credentials.

You can then use admin account to alter the FTP or just use anonymous access to read.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17905774
-->You only need to open tcp port 21 on firewall/router.
This is true if everyone that accesses your FTP knows to use passive FTP.
0
 
LVL 4

Expert Comment

by:Smacky311
ID: 17905815
Make sure you didnt check off Allow only anonymous connections (in IIS under server_name, ftp sites, default ftp site, properties, security accounts tab)  as this will not allow you to login with domain credentials.
0
 
LVL 8

Accepted Solution

by:
nitadmin earned 500 total points
ID: 17906884
It must be you ISA server. Check the settings on the ISA server.

Cheers,
NITADMIN
0
 
LVL 1

Author Comment

by:frenziedsoldier
ID: 17910045
I found the cause off the issue, it appears that in ISA Server 2004 if your rule covers the FTP Protocol if you right click on the rule there is an option to configure FTP. The option is to either have FTP in 'Read Only' mode or not. So once that was unticked all the ftp traffice to the server miracously started to perform uploads!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now