Solved

FTP Doesn't work on w2003 server

Posted on 2010-09-21
9
547 Views
Last Modified: 2012-05-10
Have a customer trying to use FTP on w2003 server.  They connect ok.  They get error when trying to upload file.  Form the FTP log, I only see error below:

SUPERGLIDE 192.168.1.120 21 [124]closed - 421 121

Whe does it mean?

I log on using exact same credentials, and the same MS FTP software, and it works.

I have didabled the IP checking on the server, even though their address is white listed.  Still hails.

Now what?
0
Comment
Question by:No1Coder
9 Comments
 
LVL 29

Expert Comment

by:Rich Weissler
ID: 33730547
Not certain why this is in the SQL Server 2005 zone... *shrug*

It's usually a firewall issue... i.e. the customer is behind a firewall.  Usually what happens is the customer issues a command, and the server attempts to respond back to the client on a different port which the firewall doesn't understand is client initiated.  (http://slacksite.com/other/ftp.html)

You can have them try passive mode, which causes the client to open a connection to the server, which the server can then respond on.
0
 
LVL 3

Expert Comment

by:blaslett
ID: 33731044
Firewall issue, agreed.

Ensure ports 20 and 21 are open. 21 is for listening and 20 is for data transfer.

With only 21 open it will establish the session but not transfer data.
0
 

Author Comment

by:No1Coder
ID: 33732882
I am using ws_ftp.  When I set passive mode, I see an error in the connection log:

Failed to connect data channel to xxx.xxx.235.14:4,5(1029)

It still alows me to send and receive files however, thogh the initial connection is very slow.  I thnk it reverts back to active mode if the connection fails.

In active mode, it connects immediatly.

Both ports 20 and 21 are open on the remote server.

I opened both ports (20/21) on client side as well.  Do ports > 1023 need to be opened on the server?
0
 
LVL 29

Expert Comment

by:Rich Weissler
ID: 33733554
Ports other than tcp/20&21 would only need to be open in passive mode.

How many firewalls is this connecting passing through... one or two?

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:No1Coder
ID: 33736384
Both I and the customer have tried active and passive mode.  It allows me to connect either way using ws_ftp, and to transfer files.  When the customer tiies it, the connect works, but can't transfer files.  Part of the connection log from the customer is below:

230-Welcome to xxxxxxxxx
230 User customer logged in.
PWD
257 "/" is current directory.
SYST
215 Windows_NT
Host type (S): Microsoft NT
PORT 172,18,2,85,8,15
! Receive error: Blocking call cancelled

I disabled IP security on the server but this ddn;t make a difference.

This is an automated process for the customer that used to work (before I rebuilt the server).  It points to somethig on the server preventing this from woking, but I can't find it.  There is no windows firewall enabled on the server.  The router has ports 20/21 open and routed them to the server.  The directory where the user is logged in has read/write for the user.

Stuck!
0
 

Author Comment

by:No1Coder
ID: 33736837
I made some progress, but still don;t have a final solution.

I forgot to include somethig important in my description...

I have two servers setup on a NLB cluster.  FTP trafffic is routed to 192.168.1.120, which is an IP on two servers on the cluster.  So, the FTP servers on both servers monitor IP 120.  I switch the servers manually (one on, the other off) using NLB.  I have ports 20/21 enabled in the nlb cluster.

To get the customer working again, I changed the routing to point at the physical address of one server, and changed the ftp server to monitor that address.  They are workinng.

I really want to get this working with NLB, as I can move from one server to another easily.  It is very odd that it works fine from my development client, but not from a customer client.

Ideas?
0
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 33737623
Okay, googling a bit.  "Blocking call cancelled" is supposed to be fixed by switching to passive mode transfers. http://www.hosting.com/support/upload/ftp-faq
There is a link in there concerning changing a timeout as well... but I'm not convinced that will help you in this instance.

The problem with a passive transfer will be that the data transfer is going to look like another connection coming in from the client to the server, and if you have NLB configured, I'm not certain it's guaranteed to establish that connection back to the server the client is logged into.  I'm not at work today, so I can't look at one of my NLB machines -- can you confirm whether there is an option to keep the client tied to a single server for a session?

And to confirm a few items:
1. I assume when you make your connection to the FTP server (on your development client), you are not passing thru any firewalls?  But the client is?  (Or does your development client also go through the same firewalls as the client?)
2. This is a newly rebuilt system to replace one that failed.  Before the system was rebuilt, was it also using NLB?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33737680
O.K, port 20 is used when doing active mode data transfers.  However, when doing active mode transfers the flow is backwards from what most people expect.

With active the server initiates the connection to the client.  The source port is 20 and the source IP address is that of the servers.  The destination port is a high port (>1023) and the destination IP address is that of the clients.

FTP Server                     FTP Client
21                <----          >1023
20                ----->         >1023

Most firewalls today are "ftp aware" and as long as you are not using FTPS (FTP SSL) the firewall should see the PORT command and perform the necessary changes to the PORT command and dynamically allow the data connection.  In fact the firewall should do the same thing for passive data connections.
0
 

Author Closing Comment

by:No1Coder
ID: 33739111
This helped me to find the issue.

Both servers were enabled in NLB.  For HTTP, the priority directs the traffic to the desired server.  For FTP, there is no priority set on those pports, so the followup responses probably went to the other server.  I disabled the backup server in NLB and it is working.

The system won;t let me edit the priority on the multiple host entry though.  I'll figure that one out later.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now