FTP on Win2003 WebEd in KVM VM - not working.

We have moved our Windows 2003 Web Edition server into a VM running on a KVM . Moved all the sites onto it and it has been fine for some months. Site admins using Frontpage have had no problem updating their sites.
But today a user tried to use FTP to edit site contents. And failed. And this is 100% reproducible.

FTP set up the usual Web2003 way - username - virtual directory name, VD target is the web document root.

User logs in OK, but when the FTP client attempts to obtain a directory listing, the client says "entering passive mode" then... "can't get directory contents". Nor can it CD. PWD reports the \virtualdirname. Permission for the user to access the VD have been confirmed. FTP fails the same way even with an adminsitrator logging in.

NOTHING shows in the Windows server logs - in fact it shows a successful login for taht username.

Windows firewall is active but set to permit FTP with no constraints.

SO I'm wondering if the problem lies with the hypervisor (KVM, remember) not properly facilitating the FTP backchannel?   The KVM setup was not done by me and I'm not fully up to speed on it, just hoping to get some clues if I'm looking in the right area and what to look for before I go calling folk in!
LVL 17
ccomleyAsked:
Who is Participating?
 
Maciej SsysadminCommented:
It looks like firewall issue. You are connecting to port 21, which is successful, but then, you want to list your directories, which doesn't use port 21. (and windows firewall probably opens just port 21).
Depending on type of connection (active vs passive), take a look here: http://www.slacksite.com/other/ftp.html
To be sure - try turning your firewall off, for a minute - just to test ftp connection.
0
 
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Have you tried FTP from your command line to see if the same issue occurs there?  If not give it a try.
0
 
ccomleyAuthor Commented:
Command Line FTP shows the same result - i.e. it tries to switch to Passive mode when you issue a command requiring feedback from the server (e.g. DIR or PUT) but thereafter, nothing.

The only firewall involved is Windows Firewall on the Server2003Web machine itself, which has been set to allow FTP.exe to use any ports it wants to (and certainly the default ones in both directions) UNLESS (and I'm looking into this) IPChains on the host VKM/Linux system is getting involved somehow.

0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
ccomleyAuthor Commented:
Bah!

You're quite right, it *is* Windows Firewall being stupid-arse dumb! Turning it off makes it work perfectly. Turning it on - nada.

This was not a problem when the server was behind a Sonicwall firewall cos we trusted that to control access and didn't run Windows Firewall at all.

Oh well, now I know the issue, I suppose I need to dig around on MS site for how to fix this... bug! It's got to be called a bug, there's no way MS can kid me this is normal/expected. :)
0
 
ccomleyAuthor Commented:
This appears relevant, and worked, though I still had to do a restart of IIS (and sub-processes) to have the Passive Ports setting accepted despite turning on the metabase edit-whilst-running feature.
0
 
ccomleyAuthor Commented:
It was Windoze Firewall causing the problem. See suppelmental notes in thread. Cheers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.