Solved

FTP client fails on Windows Server 2003 R2 (64bit)

Posted on 2007-04-10
14
5,188 Views
Last Modified: 2013-11-29
I have recently purchased a new Dell server, running Windows 2003 R2 (64-bit).  I cannot FTP from this server using ftp.exe.  I have other users sharing the Internet connection and they are having the same problem.  Basically it sends a packet and hangs, and the receiving end thinks the client closed the connection.  This occurs with multiple FTP servers, so it's not specific to one server.

Can't even do a LS command, much less transfer a file.  From one of the FTP servers' log:

[L 3474] 04/10/2007 06:53:03 Accepted connection from [ip address]
[C 3474] 04/10/2007 06:53:10 Command "USER xxxx" received
[C 3474] 04/10/2007 06:53:13 PASSword accepted
[L 3474] 04/10/2007 06:53:13 User xxxx logged in.
[C 3474] 04/10/2007 06:53:29 Command "PORT xx, xx, xx, xx,19,137" received
[C 3474] 04/10/2007 06:53:29 PORT set to xx.xx.xx.xx - 5001 (19,137)
[C 3474] 04/10/2007 06:53:29 Command "NLST" received
[C 3474] 04/10/2007 06:53:29 NLST started successfully for path/wildcard
[C 3474] 04/10/2007 06:53:30 Transfer terminated by client closing connection
[C 3474] 04/10/2007 06:53:30 Transfer aborted

If I do try to transfer a file it sends 2920 bytes and then fails with the same sort of "client closed the connection" error.  I initially assumed it was a firewall problem but I even (briefly!) turned off the firewall and got the same results.  I use WinZip Pro to do a backup with FTP, and it fails in the same way.

The server is directly connected to the cable modem (dual homed machine) so there's no NAT externally getting iin the way.  Any thoughts?
0
Comment
Question by:Torqane
  • 7
  • 4
  • 3
14 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 18887027
This does look like a firewall issue. Are the ftp clients behind a firewall?  Can you use a ftp client that support passive ftp?
0
 

Author Comment

by:Torqane
ID: 18888464
Hi.  

Thanks for responding, however as I stated I turned the firewall off and still had the same problem.  I get the same error whether on one of the clients that shares the connection, or on the server itself.  That said, I'm going to go back and do a more comprehensive test since I also think it is likely to be firewall related.

In the case of WinZip I don't seem to have a way to set that as a passive connection.  I'll experiment with that as a solution otherwise (I could always script sending the zip file as a workaround), but one client has a separate piece of software that can't be altered so it's not a full solution for everyone.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18889023
Are the ftp clients on the same physical network as the ftp server?  I realize that you turned off the firewall, but I am assuming you turned it off on the server side.

I was refering to a firewall on the client side.  With FTP there are two modes of transfers.  Active and passive.  With active ftp the FTP server actually intitates the data connection to the client, which most client side firewalls will block. With passive ftp the client initiates the data connection to the server, which most client side firewalls will allow.
0
 

Author Comment

by:Torqane
ID: 18889218
No, nothing changed on the FTP server side, which is on a different network accessed across the Internet.  I am only using the FTP client on either the W2K3 server or the other PCs that are connecting through that server.  So the firewall I turned off was on the client side (i.e. the W2K3 server), no change to the receiving FTP server side.

Sorry for the confusion in terminology, but I'm only running the FTP client on this customer's side of the Internet, whether on a workstation or the W2K3 server.  My machine that's running the FTP server software is completely independent and can successfully receive files from other sites.  Basically the only thing that's different from what it was a week ago is that this W2K3 server is now the gateway to the Internet for itself and various workstations on that internal network.  None of this customer's FTP attempts to any server anywhere succeed now.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18892374
O.K.  Then some whwere on the client side there is a firewall (or something else) that is blocking ftp traffic.

What you can try is using IE to connect to the ftp server.  In IE settings go to the Advanced Tab under the Browsing section make sure that the you have the bo check that says "Use Passive FTP (for firewall and DSL modem compatibility)" checked.

If this works, then there is something blocking active FTP connections.
0
 

Author Comment

by:Torqane
ID: 18895595
Okay, I tried using IE with the Passive setting on (which it already was, probably due to some earlier experimentation), and that worked okay.  However at this point the command line FTP client as well as the WinZip process still fail.

I'm happy to agree with your analysis that it's firewall-related.  I do have c:\windows\system32\ftp.exe as an exception to the firewall, but I'm unclear on if that means everything related to that program is okay, or only things it initiates.

I don't suppose anyone besides me thinks this should be simpler.... ?  :)
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 18899348
O.K.  The FTP client that comes with Windows only supports active FTP.  Something somewhere is blocking active FTP.

So you need to get an ftp client that supports passive ftp or change your firewall settings.

There are MANY out there, CuteFTP, FileZILLA, and SEAGULL FTP are just 3 that support passive.

The problem is the firewall execptions allow outbound connections, not inbound.  In order to allow active FTP you would need to setup an execption (if possible) that would all inbound traffic that has a source port of 20.  With active FTP the serer always uses the source port of 20.

My suggestion is to get a ftp client that supports passive ftp.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:Torqane
ID: 18900434
Okay, thanks for the analysis and suggestions.  In particular I wasn't aware that the command line FTP wouldn't support passive, so I'll quit beating that dead horse.

I didn't see any easy way to enable the inspection of source port # within Windows Firewall and at this point it's not worth further pursuit when there are workarounds.

I've checked with WinZip and their latest version supports passive ftp, and since that's the main non-browser-user purpose for FTP that'll do fine.  I'll inform any users who need to FTP to enable the IE switch.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18901349
Thanks.  Yes, MS needs to look at themself.  Their FTP client does not support passive and their firewall does not allow you the controll needed to allow active ftp.  So you either need to get somebody elses firewall, somebody elses ftp client, or both from somebody else.

Glad to be of help.
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21264053
Just to clarify, the passive function is a server command, not a client command.  It can be activated from the normal FTP client in Windows issuing a

LITERAL PASV

command.  Try it!  It works for me.

TCV
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21264149
Technically it is a server command, but the client must support passive FTP.  MS ftp client does not support passive FTP, so even if you issue the command LITERAL PASV, the ftp will not work because MS's ftp client won't know what to do.

If a FTP client supports passive FTP it is generally an option that is checked if using a GUI ftp client, or the command "passive" if using a CLI ftp client.

Now, on z/OS the ftp client uses the command fwfriendly (short for firewall friendly).
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21264437
Excelent point!  My mistake.  Although, I just tried a couple of transfers using passive mode and they seem to work OK.  

TCV
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21265456
If you look closely you will see the 200 Port Request OK response from the server, this indicates that the transfer was done in active mode.  This is because MS ftp client only knows about active, so as soon as you issue the GET/PUT it will issue PORT and then RETR/STOR as needed.  If you run a packet capture you should see this.





0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21265527
Cool!  Now I feel like I owe you some points... :-)

Thanks for the info!
TCV
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now