How can I get this server to allow FTP connections again?

Posted on 2008-10-14
Medium Priority
Last Modified: 2013-12-09
This is a bit complicated.  Here is the setup.

1) Server - running FileZilla FTP Server and running GREAT.
2) Client 1 - running ftp.exe to connect through the web via a batch file and running GREAT.
3) Client 2 - running ftp.exe to connect through the web via a batch file and running GREAT.
4) Client 3 - Cannot connect via ftp.exe

I inherited the machine in question from a security nut who ONLY wanted files coming to and from the server (Client 3 is running a ColdFusion app) via shared drives in remote desktop.  I think he has tried to completely block FTP usage in OR out from that machine.  It is running Windows 2003 Standard Edition with SP1.

Unfortunately, the ColdFusion application has gotten WAY to big to manage with the unreliable connection provided by RDC.  It's slow as well, but I can live with that.  What I CAN'T live with is the fact that if it fails during any part of a file copy it gives the same stupid error as when copying files in windows, and just stops where it is.  It is now taking 4-5 one hour tries to get everything.

So, the solution (and this is IMPORTANT becuase the machine is ancient and I need backups of the SQL server data) is to schedule a .bat file that zips up the needed data and FTP's it off site.  BUT, no ftp client will connect from the server in either active or passive mode.

The FTP server is running in active mode, and only has port 21 open to it.  Both of the other machines I am running this process on (which I built) are humming right along, but this one fails every time.

Here is what I am doing:

Command Line:
Open [servername]

The server acknowledged the connection, and shows me as being logged in, but I cannot LIST or change directories or get or put files.

I also cannot find any Symantec or Norton or other firewall that would be blocking stuff and Windows Firewall is disable for now, so I am suspicious that the registry holds the answer, but obvously uncertain, or why post this.

I have also tried several windows command line clients.  Cannot connect via FTP to ANY server successfully and get so muich as a DIR or LIST to work.  Forget about GET and PUT.

Any help MUCH appreciated.  This is low-level difficult stuff, so high points.

Thanks Experts!
Question by:climberboy
  • 5
  • 3

Expert Comment

ID: 22717684
FTP is generally a pain in arse protocol that doesnt really run on only port 21.
From memory FTP requires either the Server or the client to allow incoming connections on ports above 1024. This is because port 21 is only used for the initial connection and FTP command. Data transfer occurs on an additional connection between server and client on a port somewhere above port 1024.

If the server is to support passive mode from clients then it should be configured to allow incoming connections on ports above 1024. Passive mode returns the risk of opening ports above 1024 back to the server. If the server does not support passive then it expects to be able to connect back to the client on ports above 1024 to transfer data. Either way incoming connections on ports above 1024 need to be open on either the server or the client for the FTP connection to work.

if you research FTP ports on the net you will find some nice diagrams to give you a better idea of how the ftp process works. It can get complicated when you have source and destination ports as well as the direction of traffic to consider so it might take a little while to get your head around it.

Judging your situation the server does not support passive therefore the client is not allowing connections back to ports above 1024.  It has to be a firewall somewhere blocking this for the client. Also check the Win2k3 security configuration wizard as there may be a policy applied through it filtering connections


Author Comment

ID: 22717737
I appreciate the detailed information buzzle74.  However, I must state the two other machines, both outside my network, are working perfectly with the same client.  Therefore, the problem must be on the 3rd client machine.  This FTP server has been up and running as is for a very long time, with no issues whatsoever until now.

My opinion is that the person in charge of the 3rd client before me (2+ years ago now)  must have excluded FTP traffic somehow.  I am looking for clues along those lines.



Author Comment

ID: 22717775
Sorry, I commented before I read the whole post.  The Security Configuration Wizard is not where it should be, under administrative tools.  Also, the windir\security\msscw folder containing the command line wizard is missing.

There is no physical firewall running and Windows firewall is disabled.  There are no KNOWN other firewalls, but I'd be open to looking for them if I knew where to start.

Any other ideas?
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)


Expert Comment

ID: 22718164
OK, i guess it depends where this 3rd machine is in relation to the server and whats in between.
Most clients on the web cant access non-passive FTP servers
as even most standard home ADSL modem routers block incoming FTP connections by default
Couple things I would try from the 3rd machine would be to

- find out if there is a router in front of it before it reaches the internet
- try to connect to other ftp sites, see if you have the same prob
- check tcp/ip properties-advanced-options-tcp/ip filtering.. to see if any filters are in place.


Author Comment

ID: 22718217
Let's see here...  All three client machines are on the internet.  In fact, all three of them are in a colocation at NeoSpire in Dallas, TX.  Each of them has a free and clear internet connection with no router in between them and the web.  NeoSpire does not use firewalls... you have to provide your own, and we do not use a hardware firewall.  As I mentioned before, Windows Firewall is turned off for troubleshooting, so really, there should not be any firewall, unless there is hidden software on the server that I do not know about.

I CAN connect to one other FTP server at a client's office, but only with a Win32 client... not with ftp.exe.  It has the same problem.  However, that same Win32 app CANNOT connect to the server in question, regardless of whether I turn passive mode on or off.  I have checked all the settings countless times.  They are correct.

Under TCP/IP Properties --> Internet Protocol Properties --> Advacned TCP/IP Settings --> Options tab --> TCP/IP Filtering all ports (TCP, UDP, and IP Protocols) are set to permit all.  Also, the "Enable TCP/IP Filtering (All Adapters) check box is unchecked.

So the other client is new.  I have tried tons of servers with it, and just happened across one that worked.  Seems I can transfer files up/down as well as list directory conents.  Regardless, I still cannot do anything useful on that server with ftp.exe... just connect and timeout on LIST, just like all other servers.

Also, that Win32 client cannot connect to the server in question, even though EVERYTHING works from any other box.  Even my machine at home on FIOS works with that one in any way, shape, or form I can throw at it, and from any client.


Accepted Solution

buzzle74 earned 2000 total points
ID: 22736150
I guess u could try


 to test that its internet address is actually what u think it should be and also what ports are visible from the internet.


Author Comment

ID: 22779136
Nothing has worked so far.  Any other things to try?

Author Comment

ID: 22831995
Nothing worked, and no further help from anyone.  Points go to buzzle74 for the effort.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

VALIDATING DATES One method of validating dates is to jam the date into the DATE command and see if it accepts it by examining the system's errorlevel value. A non-zero result indicates failure. A typical example might look something like the fol…
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses
Course of the Month4 days, 15 hours left to enroll

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question