Solved

FTP time-outs reported on Windows 2008 R2 Server

Posted on 2015-02-23
10
80 Views
Last Modified: 2015-07-01
Hi Folks

One of my customers is reporting timeouts when he is trying to upload files to his website on one of our 2008 R2 servers.
I asked him to make sure he's only set for one connection at a time and he says yes.

This is the annotated log he send me:

<I left it alone and went to have lunch - came back to the following tail:>
Status:    Sending keep-alive command
Command:    TYPE A
Response:    200 Type set to A.
Status:    Sending keep-alive command
Command:    PWD
Response:    257 "/coquettest/scripts" is current directory.
Status:    Sending keep-alive command
Command:    NOOP
Response:    200 NOOP command successful.
Error:    Disconnected from server: ECONNABORTED - Connection aborted
<no further output>

<I hit "refresh">
Status:    Resolving address of servername.co.uk
Status:    Connecting to 211.146.58.1:21...
Status:    Connection established, waiting for welcome message...
Response:    220 Microsoft FTP Service
Command:    USER coquettest
Response:    331 Password required for coquettest.
Command:    PASS ********
Response:    230 User logged in.
Command:    OPTS UTF8 ON
Response:    200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status:    Connected
Status:    Retrieving directory listing...
Command:    CWD /coquettest/scripts
Response:    250 CWD command successful.
Command:    TYPE I
Response:    200 Type set to I.
Command:    PASV
Response:    227 Entering Passive Mode (211,146,58,1,232,58).
Command:    LIST
Response:    150 Opening BINARY mode data connection.
Response:    226 Transfer complete.
Status:    Directory listing successful

<I hit upload of the file i just edited>
Status:    Starting upload of \\nas-2\Public\CA\Website\Web
Root\coquetDev\scripts\strlib_HTML_Input.asp
Command:    TYPE A
Response:    200 Type set to A.
Command:    PASV
Response:    227 Entering Passive Mode (211,146,58,1,232,59).
Command:    STOR strlib_HTML_Input.asp
Response:    150 Opening ASCII mode data connection.
Error:    Connection timed out
Error:    File transfer failed
Status:    Resolving address of servername.co.uk
Status:    Connecting to 211.146.58.1:21...
Status:    Connection established, waiting for welcome message...
Response:    220 Microsoft FTP Service
Command:    USER coquettest
Response:    331 Password required for croquettest.
Command:    PASS ********
Response:    230 User logged in.
Command:    OPTS UTF8 ON
Response:    200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status:    Connected
Status:    Starting upload of \\nas-2\Public\CA\Website\Web
Root\croquetDev\scripts\strlib_HTML_Input.asp
Command:    CWD /coquettest/scripts
Response:    250 CWD command successful.
Status:    Retrieving directory listing...
Command:    TYPE I
Response:    200 Type set to I.
Command:    PASV
Response:    227 Entering Passive Mode (211,146,58,1,232,60).
Command:    LIST
Response:    150 Opening BINARY mode data connection.
Response:    226 Transfer complete.
Status:    Skipping upload of \\nas-2\Public\CA\Website\Web
Root\coquetDev\scripts\strlib_HTML_Input.asp
Status:    File transfer successful, transferred 3,842 bytes in 1 second
Status:    Sending keep-alive command

<server has created zero length file - I delete it...>
Command:    TYPE I
Response:    200 Type set to I.
Command:    DELE strlib_HTML_Input.asp
Response:    250 DELE command successful.

<and upload>
Status:    Starting upload of \\nas-2\Public\CA\Website\Web
Root\croquetDev\scripts\strlib_HTML_Input.asp
Command:    TYPE A
Response:    200 Type set to A.
Command:    PASV
Response:    227 Entering Passive Mode (211,146,58,1,232,61).
Command:    STOR strlib_HTML_Input.asp
Response:    550 Access is denied.
Error:    Critical file transfer error

Makes no sense to me but if there is a way to help stop this from happening, I'd be grateful for any advice.

Cheers
Chris
0
Comment
Question by:kenwardc
  • 4
  • 4
10 Comments
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Can you get the ftp log files from the destination server, to see what they say?  You would only need the entries that correspond to your ftp actions above.  

As for the first timeout.... you opened a ftp session, hit a noop, then walked away.  I guess your session timed out due to no activity.  This I fine normal.  As a server admin, I don't want session sitting open with no activity, typical session timeout is around 600 seconds (5 min).

The second session log most likely  is a permission issue on the ftp server.  You need to verify that the ftp account has the proper ACLs set on the destination directory.  My guess is that the ftp account may have write but not delete permissions.

Either way, this is an issue on the ftp server.  You need to verify that NTFS permissions on the directory object where the user is trying to write/delete a file.

Dan
0
 

Author Comment

by:kenwardc
Comment Utility
Hey Dan

I think I may have it narrowed down to passive local ports on the firewall. I realised that when I FTP files up to any of our servers in the rack, I have no problems. However, it dawned on me that my IP address is in our "trusted" list so I am able to use any port without an issue. This obviously doesn't apply to people outside our trusted list of IPs.

So after a little digging I came across some articles on the web talking about these ports which, if not used and set in the firewall, could cause timeouts. I have opened ports 30000 - 35000 on the firewall and asked the customer whether he can try again and will find out if I was right as soon as he lets me know.

What do you think? Could this indeed be the reason for the problem?

Cheers
Chris
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
I think that opening 5000 inbound ports to the outside world is an extremely dangerous action.  Before playing with the configuration of the firewall, I would look into the most likely source of the issue... IIS (ftp, http).

I would have liked to have looked into the ftp logs to see what's happening.  I am still of the opinion that there is a permissions issue.  This single statement in the original post, speaks volumes to me:

Response:    550 Access is denied.

This statement is an obvious error.  This could be caused by a couple of things.  I'll list a few as a thought experiment:

1. the file is being held open/locked by another process and cannot be updated/deleted (read:  the ASP app could do this)
2. there exists an NTFS permissions issue for the user doing the ftp
3. there could be a filter on the ftp server preventing the upload of certain file extensions
4. there could be virus scanning software doing a block on the file

What happens is the ftp client establishes a connection on ports 20/tcp and 21/tcp to start the ftp process.  depending on how the client is configured, it will either stay on the default defined ports or if set for passive, it will negotiate with the server for alternate high ports to continue the process on (very simplified explanation).  Most firewalls can handle this without having to open all higher ports because a session has been established.  I've never had to open 5000 inbound ports on a firewall to allow ftp to work (active or passive).

Dan
0
 

Author Comment

by:kenwardc
Comment Utility
Dan I'm stumped. I've just put in a brand new firewall without the open ports and we are still getting the same issue. I agree with you - I've never had to open such a broad range of ports either. How can I help you help me - can I send you logs? Let me know?

Apologies for the delay - we've been so hectic that I haven't had time to get back to this issue.

Cheers
Chris
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Chris, it would be really helpful to see the corresponding ftp logs.  It would also be helpful to know how IIS and the ftp service is configured.

Dan
0
 

Accepted Solution

by:
kenwardc earned 0 total points
Comment Utility
Dan, it looks as though we've managed to get it to work on one of the Windows 2008 R2 servers. To do that we had to reconfigure the ports on the firewall 30000-35000 and for some reason the FTP package was expecting to see the firewall IP address which of course it was never going to do as the firewall is just routing the packets to the Windows Server.

This is all very odd. I've never had to mess about like this before to get FTP working.

I'm now going to test this on two other 2008 R2 servers and also on a couple of legacy servers (2003 and 2000) to see whether they're all messing about. I'll drop some feedback in here once done.

Where would I be able to copy the IIS FTP configuration to you from in text form?

Cheers
Chris
0
 
LVL 26

Expert Comment

by:Dan McFadden
Comment Utility
Article on how to export the ftp config:

link: http://forums.iis.net/p/1222090/2095598.aspx?How+to+export+FTP+configuration

Dan
0
 

Author Comment

by:kenwardc
Comment Utility
Hi Dan

Will get on that over the weekend. Many thanks for persevering with this one.

Cheers
Chris
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now