Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP Doesn't work on w2003 server

Posted on 2010-09-21
9
Medium Priority
?
574 Views
Last Modified: 2012-05-10
Have a customer trying to use FTP on w2003 server.  They connect ok.  They get error when trying to upload file.  Form the FTP log, I only see error below:

SUPERGLIDE 192.168.1.120 21 [124]closed - 421 121

Whe does it mean?

I log on using exact same credentials, and the same MS FTP software, and it works.

I have didabled the IP checking on the server, even though their address is white listed.  Still hails.

Now what?
0
Comment
Question by:No1Coder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33730547
Not certain why this is in the SQL Server 2005 zone... *shrug*

It's usually a firewall issue... i.e. the customer is behind a firewall.  Usually what happens is the customer issues a command, and the server attempts to respond back to the client on a different port which the firewall doesn't understand is client initiated.  (http://slacksite.com/other/ftp.html)

You can have them try passive mode, which causes the client to open a connection to the server, which the server can then respond on.
0
 
LVL 3

Expert Comment

by:blaslett
ID: 33731044
Firewall issue, agreed.

Ensure ports 20 and 21 are open. 21 is for listening and 20 is for data transfer.

With only 21 open it will establish the session but not transfer data.
0
 

Author Comment

by:No1Coder
ID: 33732882
I am using ws_ftp.  When I set passive mode, I see an error in the connection log:

Failed to connect data channel to xxx.xxx.235.14:4,5(1029)

It still alows me to send and receive files however, thogh the initial connection is very slow.  I thnk it reverts back to active mode if the connection fails.

In active mode, it connects immediatly.

Both ports 20 and 21 are open on the remote server.

I opened both ports (20/21) on client side as well.  Do ports > 1023 need to be opened on the server?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33733554
Ports other than tcp/20&21 would only need to be open in passive mode.

How many firewalls is this connecting passing through... one or two?

0
 

Author Comment

by:No1Coder
ID: 33736384
Both I and the customer have tried active and passive mode.  It allows me to connect either way using ws_ftp, and to transfer files.  When the customer tiies it, the connect works, but can't transfer files.  Part of the connection log from the customer is below:

230-Welcome to xxxxxxxxx
230 User customer logged in.
PWD
257 "/" is current directory.
SYST
215 Windows_NT
Host type (S): Microsoft NT
PORT 172,18,2,85,8,15
! Receive error: Blocking call cancelled

I disabled IP security on the server but this ddn;t make a difference.

This is an automated process for the customer that used to work (before I rebuilt the server).  It points to somethig on the server preventing this from woking, but I can't find it.  There is no windows firewall enabled on the server.  The router has ports 20/21 open and routed them to the server.  The directory where the user is logged in has read/write for the user.

Stuck!
0
 

Author Comment

by:No1Coder
ID: 33736837
I made some progress, but still don;t have a final solution.

I forgot to include somethig important in my description...

I have two servers setup on a NLB cluster.  FTP trafffic is routed to 192.168.1.120, which is an IP on two servers on the cluster.  So, the FTP servers on both servers monitor IP 120.  I switch the servers manually (one on, the other off) using NLB.  I have ports 20/21 enabled in the nlb cluster.

To get the customer working again, I changed the routing to point at the physical address of one server, and changed the ftp server to monitor that address.  They are workinng.

I really want to get this working with NLB, as I can move from one server to another easily.  It is very odd that it works fine from my development client, but not from a customer client.

Ideas?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 2000 total points
ID: 33737623
Okay, googling a bit.  "Blocking call cancelled" is supposed to be fixed by switching to passive mode transfers. http://www.hosting.com/support/upload/ftp-faq
There is a link in there concerning changing a timeout as well... but I'm not convinced that will help you in this instance.

The problem with a passive transfer will be that the data transfer is going to look like another connection coming in from the client to the server, and if you have NLB configured, I'm not certain it's guaranteed to establish that connection back to the server the client is logged into.  I'm not at work today, so I can't look at one of my NLB machines -- can you confirm whether there is an option to keep the client tied to a single server for a session?

And to confirm a few items:
1. I assume when you make your connection to the FTP server (on your development client), you are not passing thru any firewalls?  But the client is?  (Or does your development client also go through the same firewalls as the client?)
2. This is a newly rebuilt system to replace one that failed.  Before the system was rebuilt, was it also using NLB?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33737680
O.K, port 20 is used when doing active mode data transfers.  However, when doing active mode transfers the flow is backwards from what most people expect.

With active the server initiates the connection to the client.  The source port is 20 and the source IP address is that of the servers.  The destination port is a high port (>1023) and the destination IP address is that of the clients.

FTP Server                     FTP Client
21                <----          >1023
20                ----->         >1023

Most firewalls today are "ftp aware" and as long as you are not using FTPS (FTP SSL) the firewall should see the PORT command and perform the necessary changes to the PORT command and dynamically allow the data connection.  In fact the firewall should do the same thing for passive data connections.
0
 

Author Closing Comment

by:No1Coder
ID: 33739111
This helped me to find the issue.

Both servers were enabled in NLB.  For HTTP, the priority directs the traffic to the desired server.  For FTP, there is no priority set on those pports, so the followup responses probably went to the other server.  I disabled the backup server in NLB and it is working.

The system won;t let me edit the priority on the multiple host entry though.  I'll figure that one out later.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question