We help IT Professionals succeed at work.

Windows FTP Sanity Check: "Transfer Channel can't be opened."

Tessando
Tessando asked
on
I am running Windows Server 2016 and have two FTP sites setup in IIS (one using port 21 and one using 21000). Both aren't working for me and I need a sanity check to get these working today.

It's not networking because I can successfully Telnet into the Server on those Ports. I have been over permissions a dozen times, comparing exactly what's in Production (what I know works) with what is on this STAGE server, but it still seems like that's an issue (based on the status codes below).

I'm stumped as to a next level of troubleshooting. I even recreated the FTP site in IIS from the ground-up and am still getting the same results.

This is the error I'm receiving:

Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Could not retrieve directory listing
Data channel timed out.

Open in new window


Both the local logs and server logs jump from "227" ("Entering Passive Mode") to "550" with "Data Channel Timed out" ("Requested action not taken. File unavailable (e.g., file not found, no access)").

Thanks in advance for your help.
Comment
Watch Question

Paul MacDonaldDirector, Information Systems

Commented:
Be sure both ports TCP 21 and TCP 20 are open on the client and server.
Fractional CTO
Distinguished Expert 2018
Commented:
Likely this is a problem with a firewall closing high numbered ports.

Simple test.

1) Destroy all firewall rules on server + client sides.

2) Get SFTP working.

Note: I said SFTP not FTP. Only use FTP is you're excited about being instantly hacked.

Several company hacks I've debugged were determined to be running FTP or HTTP (WordPress logins), which appeared to be scrapped by someone else on the the line.

We proved this by setting up new FTP accounts, then doing one login.

A few minutes later, a random login would occur out of the blue over what appeared to be a hacked WiFi connection.

Tip: Only use clear text protocols, if loving being hacked.

3) Then regenerate firewall rules first on server site + retest, then client side + retest.

Which every firewall rules break your SFTP connection is where you'll extend your firewall rules.