?
Solved

FTP client fails on Windows Server 2003 R2 (64bit)

Posted on 2007-04-10
14
Medium Priority
?
5,262 Views
Last Modified: 2013-11-29
I have recently purchased a new Dell server, running Windows 2003 R2 (64-bit).  I cannot FTP from this server using ftp.exe.  I have other users sharing the Internet connection and they are having the same problem.  Basically it sends a packet and hangs, and the receiving end thinks the client closed the connection.  This occurs with multiple FTP servers, so it's not specific to one server.

Can't even do a LS command, much less transfer a file.  From one of the FTP servers' log:

[L 3474] 04/10/2007 06:53:03 Accepted connection from [ip address]
[C 3474] 04/10/2007 06:53:10 Command "USER xxxx" received
[C 3474] 04/10/2007 06:53:13 PASSword accepted
[L 3474] 04/10/2007 06:53:13 User xxxx logged in.
[C 3474] 04/10/2007 06:53:29 Command "PORT xx, xx, xx, xx,19,137" received
[C 3474] 04/10/2007 06:53:29 PORT set to xx.xx.xx.xx - 5001 (19,137)
[C 3474] 04/10/2007 06:53:29 Command "NLST" received
[C 3474] 04/10/2007 06:53:29 NLST started successfully for path/wildcard
[C 3474] 04/10/2007 06:53:30 Transfer terminated by client closing connection
[C 3474] 04/10/2007 06:53:30 Transfer aborted

If I do try to transfer a file it sends 2920 bytes and then fails with the same sort of "client closed the connection" error.  I initially assumed it was a firewall problem but I even (briefly!) turned off the firewall and got the same results.  I use WinZip Pro to do a backup with FTP, and it fails in the same way.

The server is directly connected to the cable modem (dual homed machine) so there's no NAT externally getting iin the way.  Any thoughts?
0
Comment
Question by:Torqane
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 18887027
This does look like a firewall issue. Are the ftp clients behind a firewall?  Can you use a ftp client that support passive ftp?
0
 

Author Comment

by:Torqane
ID: 18888464
Hi.  

Thanks for responding, however as I stated I turned the firewall off and still had the same problem.  I get the same error whether on one of the clients that shares the connection, or on the server itself.  That said, I'm going to go back and do a more comprehensive test since I also think it is likely to be firewall related.

In the case of WinZip I don't seem to have a way to set that as a passive connection.  I'll experiment with that as a solution otherwise (I could always script sending the zip file as a workaround), but one client has a separate piece of software that can't be altered so it's not a full solution for everyone.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18889023
Are the ftp clients on the same physical network as the ftp server?  I realize that you turned off the firewall, but I am assuming you turned it off on the server side.

I was refering to a firewall on the client side.  With FTP there are two modes of transfers.  Active and passive.  With active ftp the FTP server actually intitates the data connection to the client, which most client side firewalls will block. With passive ftp the client initiates the data connection to the server, which most client side firewalls will allow.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:Torqane
ID: 18889218
No, nothing changed on the FTP server side, which is on a different network accessed across the Internet.  I am only using the FTP client on either the W2K3 server or the other PCs that are connecting through that server.  So the firewall I turned off was on the client side (i.e. the W2K3 server), no change to the receiving FTP server side.

Sorry for the confusion in terminology, but I'm only running the FTP client on this customer's side of the Internet, whether on a workstation or the W2K3 server.  My machine that's running the FTP server software is completely independent and can successfully receive files from other sites.  Basically the only thing that's different from what it was a week ago is that this W2K3 server is now the gateway to the Internet for itself and various workstations on that internal network.  None of this customer's FTP attempts to any server anywhere succeed now.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18892374
O.K.  Then some whwere on the client side there is a firewall (or something else) that is blocking ftp traffic.

What you can try is using IE to connect to the ftp server.  In IE settings go to the Advanced Tab under the Browsing section make sure that the you have the bo check that says "Use Passive FTP (for firewall and DSL modem compatibility)" checked.

If this works, then there is something blocking active FTP connections.
0
 

Author Comment

by:Torqane
ID: 18895595
Okay, I tried using IE with the Passive setting on (which it already was, probably due to some earlier experimentation), and that worked okay.  However at this point the command line FTP client as well as the WinZip process still fail.

I'm happy to agree with your analysis that it's firewall-related.  I do have c:\windows\system32\ftp.exe as an exception to the firewall, but I'm unclear on if that means everything related to that program is okay, or only things it initiates.

I don't suppose anyone besides me thinks this should be simpler.... ?  :)
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 18899348
O.K.  The FTP client that comes with Windows only supports active FTP.  Something somewhere is blocking active FTP.

So you need to get an ftp client that supports passive ftp or change your firewall settings.

There are MANY out there, CuteFTP, FileZILLA, and SEAGULL FTP are just 3 that support passive.

The problem is the firewall execptions allow outbound connections, not inbound.  In order to allow active FTP you would need to setup an execption (if possible) that would all inbound traffic that has a source port of 20.  With active FTP the serer always uses the source port of 20.

My suggestion is to get a ftp client that supports passive ftp.
0
 

Author Comment

by:Torqane
ID: 18900434
Okay, thanks for the analysis and suggestions.  In particular I wasn't aware that the command line FTP wouldn't support passive, so I'll quit beating that dead horse.

I didn't see any easy way to enable the inspection of source port # within Windows Firewall and at this point it's not worth further pursuit when there are workarounds.

I've checked with WinZip and their latest version supports passive ftp, and since that's the main non-browser-user purpose for FTP that'll do fine.  I'll inform any users who need to FTP to enable the IE switch.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 18901349
Thanks.  Yes, MS needs to look at themself.  Their FTP client does not support passive and their firewall does not allow you the controll needed to allow active ftp.  So you either need to get somebody elses firewall, somebody elses ftp client, or both from somebody else.

Glad to be of help.
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21264053
Just to clarify, the passive function is a server command, not a client command.  It can be activated from the normal FTP client in Windows issuing a

LITERAL PASV

command.  Try it!  It works for me.

TCV
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21264149
Technically it is a server command, but the client must support passive FTP.  MS ftp client does not support passive FTP, so even if you issue the command LITERAL PASV, the ftp will not work because MS's ftp client won't know what to do.

If a FTP client supports passive FTP it is generally an option that is checked if using a GUI ftp client, or the command "passive" if using a CLI ftp client.

Now, on z/OS the ftp client uses the command fwfriendly (short for firewall friendly).
0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21264437
Excelent point!  My mistake.  Although, I just tried a couple of transfers using passive mode and they seem to work OK.  

TCV
0
 
LVL 57

Expert Comment

by:giltjr
ID: 21265456
If you look closely you will see the 200 Port Request OK response from the server, this indicates that the transfer was done in active mode.  This is because MS ftp client only knows about active, so as soon as you issue the GET/PUT it will issue PORT and then RETR/STOR as needed.  If you run a packet capture you should see this.





0
 
LVL 6

Expert Comment

by:Taconvino
ID: 21265527
Cool!  Now I feel like I owe you some points... :-)

Thanks for the info!
TCV
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article summaries thoughts and ideas from two years of sustained use. It provides good reasoning to make the jump to Windows 10.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question