SBS 2011 Cannot access FTP frpm outside browsers

Bob Alvarez
Bob Alvarez used Ask the Experts™
on
Windows SBS 2011 FTP is accessible form inside the domain after I reset the FTP Connect As password after 2 years of non-use. When I try to access the FTP from outside the domain I cannot get in. On a Windows 10 PC with IE 11 I get prompted for the user logon repeatedly while displaying this page cannot be displayed. On a Windows 7 PC with IE 11 it just gives me the message that this page cannot be displayed.

The FTP logs don't say a lot but claim that outside in coming in Anonymously. I have Anonymous disabled in IIS.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Systems Engineer
Commented:
have you tried to use an FTP client (other than IE)?

What happens if you try to FTP using the command prompt?  Have you tried something link Filezilla?

link:  https://filezilla-project.org/

Dan

Author

Commented:
Filezilla times out and the other browsers are not the norm for this shop.
Dan McFaddenSystems Engineer

Commented:
When you say outside the domain... do you mean accessing the ftp server from the Internet?

If so, what device controls your firewall/router device?

Dan
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Author

Commented:
OK, I can access out FTP site internally from the domain. Externally I am able to access it using Filezilla after making sure my firewall rules were correct.

What isn't working is trying to access the ftp site from outside the domain using IE 11

Author

Commented:
When I try to access via a web browser I get prompted for the login information and after entering it I get This Page Can't Be Displayed when accessing outside the domain.

Author

Commented:
Here is the FTP log from successful FileZilla access and failed IE access. I do not know why there are the Anonymous Access messages, I have that disabled but IE is getting a prompt for User and Password before returning the Can't Display message.
u_ex151017-Support.txt

Author

Commented:
Dan, yes I mean from the internet. I am using Meraki MX 80 firewalls and in performing packet capture I can see everything going through the firewall.
Dan McFaddenSystems Engineer
Commented:
IE is not setup to use credentials.  Here is an article to configure IE at work as an ftp client and passing username and password tokens.

link:  http://windows.microsoft.com/en-us/windows/work-with-files-ftp-site#1TC=windows-7

Dan

Author

Commented:
I followed the process and received the following error. The credentials used work in FileZilla

An error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder.

Details:
200 Type Set to A.
227 Entering Passive Mode (10,0,1,10,71,171).
Dan McFaddenSystems Engineer

Commented:
And what user is showing up in the ftp logs now?

You may have to adjust the NTFS permissions on the file system objects that you are trying to access.

Is there some requirement that you have to use IE to do the FTPing?   Its not the best ftp client.

Dan

Author

Commented:
I think it starts with them being familiar with IE and their FTP. I did get them to start using FileZilla today as a workaround.

As far as FTP Clients, they are concerned with asking their clients to download software from the Internet. When you don't use the local option of Show Additional Download Options on FileZilla's website, the client on Sourceforge their button routes you to tries to include a couple of additional pieces of software you have to be sharp enough to opt out of installing. They don't want to be responsible for clients getting malware.
u_ex151017-Support-2.txt

Author

Commented:
The FileZilla answer isn't working for their clients. I notice when I use it I get a status:
Server sent passive reply with unroutable address. Using server address instead.
Dan McFaddenSystems Engineer
Commented:
With respect to the "malware" statement, you can download the software directly from the Filezilla website.  I have used Filezilla for years now and never have I had a malware issue with their software.  

I just checked the downloader for v3.14.1 which from the Filezilla website (https://filezilla-project.org/download.php?type=client) directs you to SourceForge for the current version.  The installer has no extra installed software, no opt out software is bundled in the installer.

- 3 clicks to install.

The cause of the server reply may be 1 of 2 things.

1. the ftp server connection in Filezilla is not configured for passive transfer
2. the firewall (security device NAT'ing the internal address to the external IP) is not configured to allow for passive ftp services.  The port range may need to be adjusted on the firewall.

Can you post a few screen shots of the FTP Service config?  There probably is something there that can be improved.

Dan

Author

Commented:
A yes to all three items.

I am not sure if there is a way to get a web browser or a the mapped FTP location in Explorer to work? Is there anything else left to try to make either or both work?

Author

Commented:
Any idea why my FTP site isresponding in Passive mode?
Dan McFaddenSystems Engineer

Commented:
Because passive is the default setting of the client you are using.

If you want explicit connections, you have to configure your client side ftp server connection to use that.

Dan

Author

Commented:
I realized what you meant when you said in a previous post it was the FileZilla setting. What I am wondering is if IE and Windows Explorer aren't working because of the same reason, and if so how do you change that from being Passive?

Author

Commented:
While my original issue still exists, with the help of Dan a workaround solution was achieved.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial