ccomley
asked on
FTP on Win2003 WebEd in KVM VM - not working.
We have moved our Windows 2003 Web Edition server into a VM running on a KVM . Moved all the sites onto it and it has been fine for some months. Site admins using Frontpage have had no problem updating their sites.
But today a user tried to use FTP to edit site contents. And failed. And this is 100% reproducible.
FTP set up the usual Web2003 way - username - virtual directory name, VD target is the web document root.
User logs in OK, but when the FTP client attempts to obtain a directory listing, the client says "entering passive mode" then... "can't get directory contents". Nor can it CD. PWD reports the \virtualdirname. Permission for the user to access the VD have been confirmed. FTP fails the same way even with an adminsitrator logging in.
NOTHING shows in the Windows server logs - in fact it shows a successful login for taht username.
Windows firewall is active but set to permit FTP with no constraints.
SO I'm wondering if the problem lies with the hypervisor (KVM, remember) not properly facilitating the FTP backchannel? The KVM setup was not done by me and I'm not fully up to speed on it, just hoping to get some clues if I'm looking in the right area and what to look for before I go calling folk in!
But today a user tried to use FTP to edit site contents. And failed. And this is 100% reproducible.
FTP set up the usual Web2003 way - username - virtual directory name, VD target is the web document root.
User logs in OK, but when the FTP client attempts to obtain a directory listing, the client says "entering passive mode" then... "can't get directory contents". Nor can it CD. PWD reports the \virtualdirname. Permission for the user to access the VD have been confirmed. FTP fails the same way even with an adminsitrator logging in.
NOTHING shows in the Windows server logs - in fact it shows a successful login for taht username.
Windows firewall is active but set to permit FTP with no constraints.
SO I'm wondering if the problem lies with the hypervisor (KVM, remember) not properly facilitating the FTP backchannel? The KVM setup was not done by me and I'm not fully up to speed on it, just hoping to get some clues if I'm looking in the right area and what to look for before I go calling folk in!
Have you tried FTP from your command line to see if the same issue occurs there? If not give it a try.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Command Line FTP shows the same result - i.e. it tries to switch to Passive mode when you issue a command requiring feedback from the server (e.g. DIR or PUT) but thereafter, nothing.
The only firewall involved is Windows Firewall on the Server2003Web machine itself, which has been set to allow FTP.exe to use any ports it wants to (and certainly the default ones in both directions) UNLESS (and I'm looking into this) IPChains on the host VKM/Linux system is getting involved somehow.
The only firewall involved is Windows Firewall on the Server2003Web machine itself, which has been set to allow FTP.exe to use any ports it wants to (and certainly the default ones in both directions) UNLESS (and I'm looking into this) IPChains on the host VKM/Linux system is getting involved somehow.
ASKER
Bah!
You're quite right, it *is* Windows Firewall being stupid-arse dumb! Turning it off makes it work perfectly. Turning it on - nada.
This was not a problem when the server was behind a Sonicwall firewall cos we trusted that to control access and didn't run Windows Firewall at all.
Oh well, now I know the issue, I suppose I need to dig around on MS site for how to fix this... bug! It's got to be called a bug, there's no way MS can kid me this is normal/expected. :)
You're quite right, it *is* Windows Firewall being stupid-arse dumb! Turning it off makes it work perfectly. Turning it on - nada.
This was not a problem when the server was behind a Sonicwall firewall cos we trusted that to control access and didn't run Windows Firewall at all.
Oh well, now I know the issue, I suppose I need to dig around on MS site for how to fix this... bug! It's got to be called a bug, there's no way MS can kid me this is normal/expected. :)
ASKER
This appears relevant, and worked, though I still had to do a restart of IIS (and sub-processes) to have the Passive Ports setting accepted despite turning on the metabase edit-whilst-running feature.
ASKER
It was Windoze Firewall causing the problem. See suppelmental notes in thread. Cheers.