FTP client fails on Windows Server 2003 R2 (64bit)

I have recently purchased a new Dell server, running Windows 2003 R2 (64-bit).  I cannot FTP from this server using ftp.exe.  I have other users sharing the Internet connection and they are having the same problem.  Basically it sends a packet and hangs, and the receiving end thinks the client closed the connection.  This occurs with multiple FTP servers, so it's not specific to one server.

Can't even do a LS command, much less transfer a file.  From one of the FTP servers' log:

[L 3474] 04/10/2007 06:53:03 Accepted connection from [ip address]
[C 3474] 04/10/2007 06:53:10 Command "USER xxxx" received
[C 3474] 04/10/2007 06:53:13 PASSword accepted
[L 3474] 04/10/2007 06:53:13 User xxxx logged in.
[C 3474] 04/10/2007 06:53:29 Command "PORT xx, xx, xx, xx,19,137" received
[C 3474] 04/10/2007 06:53:29 PORT set to xx.xx.xx.xx - 5001 (19,137)
[C 3474] 04/10/2007 06:53:29 Command "NLST" received
[C 3474] 04/10/2007 06:53:29 NLST started successfully for path/wildcard
[C 3474] 04/10/2007 06:53:30 Transfer terminated by client closing connection
[C 3474] 04/10/2007 06:53:30 Transfer aborted

If I do try to transfer a file it sends 2920 bytes and then fails with the same sort of "client closed the connection" error.  I initially assumed it was a firewall problem but I even (briefly!) turned off the firewall and got the same results.  I use WinZip Pro to do a backup with FTP, and it fails in the same way.

The server is directly connected to the cable modem (dual homed machine) so there's no NAT externally getting iin the way.  Any thoughts?
TorqaneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
This does look like a firewall issue. Are the ftp clients behind a firewall?  Can you use a ftp client that support passive ftp?
0
TorqaneAuthor Commented:
Hi.  

Thanks for responding, however as I stated I turned the firewall off and still had the same problem.  I get the same error whether on one of the clients that shares the connection, or on the server itself.  That said, I'm going to go back and do a more comprehensive test since I also think it is likely to be firewall related.

In the case of WinZip I don't seem to have a way to set that as a passive connection.  I'll experiment with that as a solution otherwise (I could always script sending the zip file as a workaround), but one client has a separate piece of software that can't be altered so it's not a full solution for everyone.
0
giltjrCommented:
Are the ftp clients on the same physical network as the ftp server?  I realize that you turned off the firewall, but I am assuming you turned it off on the server side.

I was refering to a firewall on the client side.  With FTP there are two modes of transfers.  Active and passive.  With active ftp the FTP server actually intitates the data connection to the client, which most client side firewalls will block. With passive ftp the client initiates the data connection to the server, which most client side firewalls will allow.
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

TorqaneAuthor Commented:
No, nothing changed on the FTP server side, which is on a different network accessed across the Internet.  I am only using the FTP client on either the W2K3 server or the other PCs that are connecting through that server.  So the firewall I turned off was on the client side (i.e. the W2K3 server), no change to the receiving FTP server side.

Sorry for the confusion in terminology, but I'm only running the FTP client on this customer's side of the Internet, whether on a workstation or the W2K3 server.  My machine that's running the FTP server software is completely independent and can successfully receive files from other sites.  Basically the only thing that's different from what it was a week ago is that this W2K3 server is now the gateway to the Internet for itself and various workstations on that internal network.  None of this customer's FTP attempts to any server anywhere succeed now.
0
giltjrCommented:
O.K.  Then some whwere on the client side there is a firewall (or something else) that is blocking ftp traffic.

What you can try is using IE to connect to the ftp server.  In IE settings go to the Advanced Tab under the Browsing section make sure that the you have the bo check that says "Use Passive FTP (for firewall and DSL modem compatibility)" checked.

If this works, then there is something blocking active FTP connections.
0
TorqaneAuthor Commented:
Okay, I tried using IE with the Passive setting on (which it already was, probably due to some earlier experimentation), and that worked okay.  However at this point the command line FTP client as well as the WinZip process still fail.

I'm happy to agree with your analysis that it's firewall-related.  I do have c:\windows\system32\ftp.exe as an exception to the firewall, but I'm unclear on if that means everything related to that program is okay, or only things it initiates.

I don't suppose anyone besides me thinks this should be simpler.... ?  :)
0
giltjrCommented:
O.K.  The FTP client that comes with Windows only supports active FTP.  Something somewhere is blocking active FTP.

So you need to get an ftp client that supports passive ftp or change your firewall settings.

There are MANY out there, CuteFTP, FileZILLA, and SEAGULL FTP are just 3 that support passive.

The problem is the firewall execptions allow outbound connections, not inbound.  In order to allow active FTP you would need to setup an execption (if possible) that would all inbound traffic that has a source port of 20.  With active FTP the serer always uses the source port of 20.

My suggestion is to get a ftp client that supports passive ftp.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TorqaneAuthor Commented:
Okay, thanks for the analysis and suggestions.  In particular I wasn't aware that the command line FTP wouldn't support passive, so I'll quit beating that dead horse.

I didn't see any easy way to enable the inspection of source port # within Windows Firewall and at this point it's not worth further pursuit when there are workarounds.

I've checked with WinZip and their latest version supports passive ftp, and since that's the main non-browser-user purpose for FTP that'll do fine.  I'll inform any users who need to FTP to enable the IE switch.
0
giltjrCommented:
Thanks.  Yes, MS needs to look at themself.  Their FTP client does not support passive and their firewall does not allow you the controll needed to allow active ftp.  So you either need to get somebody elses firewall, somebody elses ftp client, or both from somebody else.

Glad to be of help.
0
TaconvinoCommented:
Just to clarify, the passive function is a server command, not a client command.  It can be activated from the normal FTP client in Windows issuing a

LITERAL PASV

command.  Try it!  It works for me.

TCV
0
giltjrCommented:
Technically it is a server command, but the client must support passive FTP.  MS ftp client does not support passive FTP, so even if you issue the command LITERAL PASV, the ftp will not work because MS's ftp client won't know what to do.

If a FTP client supports passive FTP it is generally an option that is checked if using a GUI ftp client, or the command "passive" if using a CLI ftp client.

Now, on z/OS the ftp client uses the command fwfriendly (short for firewall friendly).
0
TaconvinoCommented:
Excelent point!  My mistake.  Although, I just tried a couple of transfers using passive mode and they seem to work OK.  

TCV
0
giltjrCommented:
If you look closely you will see the 200 Port Request OK response from the server, this indicates that the transfer was done in active mode.  This is because MS ftp client only knows about active, so as soon as you issue the GET/PUT it will issue PORT and then RETR/STOR as needed.  If you run a packet capture you should see this.





0
TaconvinoCommented:
Cool!  Now I feel like I owe you some points... :-)

Thanks for the info!
TCV
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.