SBS 2011 Cannot access FTP frpm outside browsers

Windows SBS 2011 FTP is accessible form inside the domain after I reset the FTP Connect As password after 2 years of non-use. When I try to access the FTP from outside the domain I cannot get in. On a Windows 10 PC with IE 11 I get prompted for the user logon repeatedly while displaying this page cannot be displayed. On a Windows 7 PC with IE 11 it just gives me the message that this page cannot be displayed.

The FTP logs don't say a lot but claim that outside in coming in Anonymously. I have Anonymous disabled in IIS.
Bob AlvarezAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
have you tried to use an FTP client (other than IE)?

What happens if you try to FTP using the command prompt?  Have you tried something link Filezilla?

link:  https://filezilla-project.org/

Dan

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bob AlvarezAuthor Commented:
Filezilla times out and the other browsers are not the norm for this shop.
Dan McFaddenSystems EngineerCommented:
When you say outside the domain... do you mean accessing the ftp server from the Internet?

If so, what device controls your firewall/router device?

Dan
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Bob AlvarezAuthor Commented:
OK, I can access out FTP site internally from the domain. Externally I am able to access it using Filezilla after making sure my firewall rules were correct.

What isn't working is trying to access the ftp site from outside the domain using IE 11
Bob AlvarezAuthor Commented:
When I try to access via a web browser I get prompted for the login information and after entering it I get This Page Can't Be Displayed when accessing outside the domain.
Bob AlvarezAuthor Commented:
Here is the FTP log from successful FileZilla access and failed IE access. I do not know why there are the Anonymous Access messages, I have that disabled but IE is getting a prompt for User and Password before returning the Can't Display message.
u_ex151017-Support.txt
Bob AlvarezAuthor Commented:
Dan, yes I mean from the internet. I am using Meraki MX 80 firewalls and in performing packet capture I can see everything going through the firewall.
Dan McFaddenSystems EngineerCommented:
IE is not setup to use credentials.  Here is an article to configure IE at work as an ftp client and passing username and password tokens.

link:  http://windows.microsoft.com/en-us/windows/work-with-files-ftp-site#1TC=windows-7

Dan
Bob AlvarezAuthor Commented:
I followed the process and received the following error. The credentials used work in FileZilla

An error occurred opening that folder on the FTP Server. Make sure you have permission to access that folder.

Details:
200 Type Set to A.
227 Entering Passive Mode (10,0,1,10,71,171).
Dan McFaddenSystems EngineerCommented:
And what user is showing up in the ftp logs now?

You may have to adjust the NTFS permissions on the file system objects that you are trying to access.

Is there some requirement that you have to use IE to do the FTPing?   Its not the best ftp client.

Dan
Bob AlvarezAuthor Commented:
I think it starts with them being familiar with IE and their FTP. I did get them to start using FileZilla today as a workaround.

As far as FTP Clients, they are concerned with asking their clients to download software from the Internet. When you don't use the local option of Show Additional Download Options on FileZilla's website, the client on Sourceforge their button routes you to tries to include a couple of additional pieces of software you have to be sharp enough to opt out of installing. They don't want to be responsible for clients getting malware.
u_ex151017-Support-2.txt
Bob AlvarezAuthor Commented:
The FileZilla answer isn't working for their clients. I notice when I use it I get a status:
Server sent passive reply with unroutable address. Using server address instead.
Dan McFaddenSystems EngineerCommented:
With respect to the "malware" statement, you can download the software directly from the Filezilla website.  I have used Filezilla for years now and never have I had a malware issue with their software.  

I just checked the downloader for v3.14.1 which from the Filezilla website (https://filezilla-project.org/download.php?type=client) directs you to SourceForge for the current version.  The installer has no extra installed software, no opt out software is bundled in the installer.

- 3 clicks to install.

The cause of the server reply may be 1 of 2 things.

1. the ftp server connection in Filezilla is not configured for passive transfer
2. the firewall (security device NAT'ing the internal address to the external IP) is not configured to allow for passive ftp services.  The port range may need to be adjusted on the firewall.

Can you post a few screen shots of the FTP Service config?  There probably is something there that can be improved.

Dan
Bob AlvarezAuthor Commented:
A yes to all three items.

I am not sure if there is a way to get a web browser or a the mapped FTP location in Explorer to work? Is there anything else left to try to make either or both work?
Bob AlvarezAuthor Commented:
Any idea why my FTP site isresponding in Passive mode?
Dan McFaddenSystems EngineerCommented:
Because passive is the default setting of the client you are using.

If you want explicit connections, you have to configure your client side ftp server connection to use that.

Dan
Bob AlvarezAuthor Commented:
I realized what you meant when you said in a previous post it was the FileZilla setting. What I am wondering is if IE and Windows Explorer aren't working because of the same reason, and if so how do you change that from being Passive?
Bob AlvarezAuthor Commented:
While my original issue still exists, with the help of Dan a workaround solution was achieved.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.