FTP on Win2003 WebEd in KVM VM - not working.

Posted on 2009-02-19
Last Modified: 2013-12-06
We have moved our Windows 2003 Web Edition server into a VM running on a KVM . Moved all the sites onto it and it has been fine for some months. Site admins using Frontpage have had no problem updating their sites.
But today a user tried to use FTP to edit site contents. And failed. And this is 100% reproducible.

FTP set up the usual Web2003 way - username - virtual directory name, VD target is the web document root.

User logs in OK, but when the FTP client attempts to obtain a directory listing, the client says "entering passive mode" then... "can't get directory contents". Nor can it CD. PWD reports the \virtualdirname. Permission for the user to access the VD have been confirmed. FTP fails the same way even with an adminsitrator logging in.

NOTHING shows in the Windows server logs - in fact it shows a successful login for taht username.

Windows firewall is active but set to permit FTP with no constraints.

SO I'm wondering if the problem lies with the hypervisor (KVM, remember) not properly facilitating the FTP backchannel?   The KVM setup was not done by me and I'm not fully up to speed on it, just hoping to get some clues if I'm looking in the right area and what to look for before I go calling folk in!
Question by:ccomley
    LVL 32

    Expert Comment

    Have you tried FTP from your command line to see if the same issue occurs there?  If not give it a try.
    LVL 23

    Accepted Solution

    It looks like firewall issue. You are connecting to port 21, which is successful, but then, you want to list your directories, which doesn't use port 21. (and windows firewall probably opens just port 21).
    Depending on type of connection (active vs passive), take a look here:
    To be sure - try turning your firewall off, for a minute - just to test ftp connection.
    LVL 16

    Author Comment

    Command Line FTP shows the same result - i.e. it tries to switch to Passive mode when you issue a command requiring feedback from the server (e.g. DIR or PUT) but thereafter, nothing.

    The only firewall involved is Windows Firewall on the Server2003Web machine itself, which has been set to allow FTP.exe to use any ports it wants to (and certainly the default ones in both directions) UNLESS (and I'm looking into this) IPChains on the host VKM/Linux system is getting involved somehow.

    LVL 16

    Author Comment


    You're quite right, it *is* Windows Firewall being stupid-arse dumb! Turning it off makes it work perfectly. Turning it on - nada.

    This was not a problem when the server was behind a Sonicwall firewall cos we trusted that to control access and didn't run Windows Firewall at all.

    Oh well, now I know the issue, I suppose I need to dig around on MS site for how to fix this... bug! It's got to be called a bug, there's no way MS can kid me this is normal/expected. :)
    LVL 16

    Author Comment

    This appears relevant, and worked, though I still had to do a restart of IIS (and sub-processes) to have the Passive Ports setting accepted despite turning on the metabase edit-whilst-running feature.
    LVL 16

    Author Closing Comment

    It was Windoze Firewall causing the problem. See suppelmental notes in thread. Cheers.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
    1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now