Solved

FTP Doesn't work on w2003 server

Posted on 2010-09-21
9
556 Views
Last Modified: 2012-05-10
Have a customer trying to use FTP on w2003 server.  They connect ok.  They get error when trying to upload file.  Form the FTP log, I only see error below:

SUPERGLIDE 192.168.1.120 21 [124]closed - 421 121

Whe does it mean?

I log on using exact same credentials, and the same MS FTP software, and it works.

I have didabled the IP checking on the server, even though their address is white listed.  Still hails.

Now what?
0
Comment
Question by:No1Coder
9 Comments
 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33730547
Not certain why this is in the SQL Server 2005 zone... *shrug*

It's usually a firewall issue... i.e. the customer is behind a firewall.  Usually what happens is the customer issues a command, and the server attempts to respond back to the client on a different port which the firewall doesn't understand is client initiated.  (http://slacksite.com/other/ftp.html)

You can have them try passive mode, which causes the client to open a connection to the server, which the server can then respond on.
0
 
LVL 3

Expert Comment

by:blaslett
ID: 33731044
Firewall issue, agreed.

Ensure ports 20 and 21 are open. 21 is for listening and 20 is for data transfer.

With only 21 open it will establish the session but not transfer data.
0
 

Author Comment

by:No1Coder
ID: 33732882
I am using ws_ftp.  When I set passive mode, I see an error in the connection log:

Failed to connect data channel to xxx.xxx.235.14:4,5(1029)

It still alows me to send and receive files however, thogh the initial connection is very slow.  I thnk it reverts back to active mode if the connection fails.

In active mode, it connects immediatly.

Both ports 20 and 21 are open on the remote server.

I opened both ports (20/21) on client side as well.  Do ports > 1023 need to be opened on the server?
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 30

Expert Comment

by:Rich Weissler
ID: 33733554
Ports other than tcp/20&21 would only need to be open in passive mode.

How many firewalls is this connecting passing through... one or two?

0
 

Author Comment

by:No1Coder
ID: 33736384
Both I and the customer have tried active and passive mode.  It allows me to connect either way using ws_ftp, and to transfer files.  When the customer tiies it, the connect works, but can't transfer files.  Part of the connection log from the customer is below:

230-Welcome to xxxxxxxxx
230 User customer logged in.
PWD
257 "/" is current directory.
SYST
215 Windows_NT
Host type (S): Microsoft NT
PORT 172,18,2,85,8,15
! Receive error: Blocking call cancelled

I disabled IP security on the server but this ddn;t make a difference.

This is an automated process for the customer that used to work (before I rebuilt the server).  It points to somethig on the server preventing this from woking, but I can't find it.  There is no windows firewall enabled on the server.  The router has ports 20/21 open and routed them to the server.  The directory where the user is logged in has read/write for the user.

Stuck!
0
 

Author Comment

by:No1Coder
ID: 33736837
I made some progress, but still don;t have a final solution.

I forgot to include somethig important in my description...

I have two servers setup on a NLB cluster.  FTP trafffic is routed to 192.168.1.120, which is an IP on two servers on the cluster.  So, the FTP servers on both servers monitor IP 120.  I switch the servers manually (one on, the other off) using NLB.  I have ports 20/21 enabled in the nlb cluster.

To get the customer working again, I changed the routing to point at the physical address of one server, and changed the ftp server to monitor that address.  They are workinng.

I really want to get this working with NLB, as I can move from one server to another easily.  It is very odd that it works fine from my development client, but not from a customer client.

Ideas?
0
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 33737623
Okay, googling a bit.  "Blocking call cancelled" is supposed to be fixed by switching to passive mode transfers. http://www.hosting.com/support/upload/ftp-faq
There is a link in there concerning changing a timeout as well... but I'm not convinced that will help you in this instance.

The problem with a passive transfer will be that the data transfer is going to look like another connection coming in from the client to the server, and if you have NLB configured, I'm not certain it's guaranteed to establish that connection back to the server the client is logged into.  I'm not at work today, so I can't look at one of my NLB machines -- can you confirm whether there is an option to keep the client tied to a single server for a session?

And to confirm a few items:
1. I assume when you make your connection to the FTP server (on your development client), you are not passing thru any firewalls?  But the client is?  (Or does your development client also go through the same firewalls as the client?)
2. This is a newly rebuilt system to replace one that failed.  Before the system was rebuilt, was it also using NLB?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33737680
O.K, port 20 is used when doing active mode data transfers.  However, when doing active mode transfers the flow is backwards from what most people expect.

With active the server initiates the connection to the client.  The source port is 20 and the source IP address is that of the servers.  The destination port is a high port (>1023) and the destination IP address is that of the clients.

FTP Server                     FTP Client
21                <----          >1023
20                ----->         >1023

Most firewalls today are "ftp aware" and as long as you are not using FTPS (FTP SSL) the firewall should see the PORT command and perform the necessary changes to the PORT command and dynamically allow the data connection.  In fact the firewall should do the same thing for passive data connections.
0
 

Author Closing Comment

by:No1Coder
ID: 33739111
This helped me to find the issue.

Both servers were enabled in NLB.  For HTTP, the priority directs the traffic to the desired server.  For FTP, there is no priority set on those pports, so the followup responses probably went to the other server.  I disabled the backup server in NLB and it is working.

The system won;t let me edit the priority on the multiple host entry though.  I'll figure that one out later.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Agent Timeout 5 69
SQL Syntax:  How to Find Commonality Among Similar Results 2 60
Analysis of table use 7 64
Please help for the below sql query. 1 29
This article will describe one method to parse a delimited string into a table of data.   Why would I do that you ask?  Let's say that you need to pass multiple parameters into a stored procedure to search for.  For our sake, we'll say that we wa…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question