locked
ftp -internal-ok, external- not RRS feed

  • Question

  • User382847449 posted

    hello iis forums,

    glad to be here.  i have been working on this problem for about a week. 

    i have just created a website, and i have it hosted at home on a server with w2k3.   i installed iis 6 and the website itself
    is working fine.  i used dyndns service becasue my isp  serves me a dynamic ip.

    my goal is to use cuteFTP as my client to ftp files to (ftp.mysite.com)  the server from remote locations,  becasue i am familiar and comfortable with this app.

    i have a router and i have port forwarded port 21 and also have that set for a static ip for the server---192.168.2.xxx.
    i have installed ftp on the w2k3 server--no problem.
    i have set up the website on the d drive and iis is on the c. i am not sure if this makes a difference.
    i went thru the ftp site wizard here are my properties:

    ftp site:
    ip address--all unassigned becasue of the dynamic ip
    port-21

    security accounts:
    allow anonymous connections is checked
    username and password is the  same as a username and password of
    a user in the permissions for the ftp site also there is a folder in d:/mysite/username

    home directory:
    directory located on this computer--checked
    ftp site directory--local path--d:/mysite
    read,write,logvisits,checked
    directory listing-ms-dos

    directory security:
    granted access--checked

    now i can check ftp://192.168.2.xxx on another computer on the network and it works fine. press page-->open in windows explorer and i can.

    now when i go to ftp://mysite.com. on another computer on the network. it asks me for username and password, and when i put them in

    it will not accept me, i press ok after entering and it just erases my password and asks me again and again.

    after reserching this problem and trying all options i need help.

    in the interim i read that webdav is more secure and have been using that.

    i just do not like being defeated and i cannot get this to work.

    one thing to add cute ftp gives me the  error 331 password required and 530 user  "username"
    can not log in.

    have checked and changed the password 10 times the problem is not that.

     thanks for your time,

    craig


     

    Saturday, September 15, 2007 7:51 PM

Answers

  • User989702501 posted

    All i can tell you is. the user is not able to login with directory accessible error.
    You can trace it via filemon and see where FTP is sending the user to and where is the access error.
    Also make sure the user has at least READ permission on the physical folder/files.

    As for the asterik *... are you referring to the anonymous account setting.
    That account is to configure an account for anonymous access. by default is iusr_computer account.

    So when user sign as anonymous user. username: anonymous / ftp then it will use that iusr account as the identity. if you changed it, then it will use the custom account as anonymous login. But base on your previous output, the username is 'user'. so it is not anonymous access, but authenticated access with that particular 'user' account. Now the asterik, i think if your password is not 8 chars... once you press ok, and reopen, IIS will just mask it with 8 asteriks, but it is essentially using the same password you entered.

    Finally, decide what authentication you like to have for the ftp. If anonymous, then I suggest use back the iusr_account.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, September 19, 2007 4:37 AM
  • User-823196590 posted

    ftp> open mysite.com
    Connected to mysite.com.
    220-Microsoft FTP Service
    220 ***Authorized Users Only***
    User (mysite.com:(none)): user
    331 Password required for user.
    Password:
    530 User user cannot log in, home directory inaccessible.
    Login failed.
    ftp>

    Yes, you're right then, it is hitting the MS FTP.  Have you searched Google on that error message?
    See ...
    http://support.microsoft.com/kb/221934
    http://support.microsoft.com/kb/932448
    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, September 19, 2007 9:30 AM

All replies

  • User989702501 posted

    Does ftp://mysite.com pointing to your external IP and port forwarding is configured correctly?

    Can you try use ftp.exe command line tool to connect remotely and post the output here?

    Sunday, September 16, 2007 11:48 PM
  • User-823196590 posted

    Check the ftp log for your activity - I suspect that you're not actually connecting to your server but something else ...

    Monday, September 17, 2007 11:41 AM
  • User382847449 posted

    here is the error message with command prompt.  the password is correct,  i did notice one thing though in properties--security accounts tab when i puty in the password and when i press apply it adds to extra asteriks to the password.  and i have been able to connect to the server becasue i have been successful in uploading files locally from another computer. 

     

    C:\Documents and Settings\Administrator>ftp server
    Connected to server.mysite.com.
    220-Microsoft FTP Service
    220 ***Authorized Users Only***
    User (server.mysite.com:(none)): user
    331 Password required for user.
    Password:
    530 User user cannot log in, home directory inaccessible.
    Login failed.
    ftp>

    also i think my server is under attack.  in my event viewer.  i have a lot of warnings
    the description is:

    the server was unable to logon the WindowNT account 'clark' due to the following error.
    Login failure: unknown user or bad password. The data is the error code.

    the source is msftpsvc and i have 1000's of these except the name keep changing from clark to tom to james etc.

    thanks,

    craig

     

    Tuesday, September 18, 2007 5:46 AM
  • User989702501 posted

    This is from remote machine from internet? it looks like access issue to me.

    Ftp server - the 'server' is pointing to your ftp ip address? where is the above machine ftp from?

    as for the event error. meaning attackers are guessing different username/password to access your ftp server. and from here. I would say ftp is working as it rejected those invalid login. make sense?

     

    Tuesday, September 18, 2007 6:37 AM
  • User-823196590 posted

    I agree with B, you're not actually getting to your FTP server, something else is in the way ...

    Tuesday, September 18, 2007 8:40 AM
  • User382847449 posted

    ftp> open mysite.com
    Connected to mysite.com.
    220-Microsoft FTP Service
    220 ***Authorized Users Only***
    User (mysite.com:(none)): user
    331 Password required for user.
    Password:
    530 User user cannot log in, home directory inaccessible.
    Login failed.
    ftp>

    Tuesday, September 18, 2007 10:47 AM
  • User382847449 posted

    i am sorry for not understanding, i think this might prove that i can connect to the ftp server on my site,   but i may be mistaken. i am concerned why it will not take my password.  and it adds 2 extra asteriks to my password in the security account tab.

    thanks,

    craig

    Tuesday, September 18, 2007 10:50 AM
  • User989702501 posted

    All i can tell you is. the user is not able to login with directory accessible error.
    You can trace it via filemon and see where FTP is sending the user to and where is the access error.
    Also make sure the user has at least READ permission on the physical folder/files.

    As for the asterik *... are you referring to the anonymous account setting.
    That account is to configure an account for anonymous access. by default is iusr_computer account.

    So when user sign as anonymous user. username: anonymous / ftp then it will use that iusr account as the identity. if you changed it, then it will use the custom account as anonymous login. But base on your previous output, the username is 'user'. so it is not anonymous access, but authenticated access with that particular 'user' account. Now the asterik, i think if your password is not 8 chars... once you press ok, and reopen, IIS will just mask it with 8 asteriks, but it is essentially using the same password you entered.

    Finally, decide what authentication you like to have for the ftp. If anonymous, then I suggest use back the iusr_account.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, September 19, 2007 4:37 AM
  • User-823196590 posted

    ftp> open mysite.com
    Connected to mysite.com.
    220-Microsoft FTP Service
    220 ***Authorized Users Only***
    User (mysite.com:(none)): user
    331 Password required for user.
    Password:
    530 User user cannot log in, home directory inaccessible.
    Login failed.
    ftp>

    Yes, you're right then, it is hitting the MS FTP.  Have you searched Google on that error message?
    See ...
    http://support.microsoft.com/kb/221934
    http://support.microsoft.com/kb/932448
    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Wednesday, September 19, 2007 9:30 AM
  • User930989739 posted

    Did you check ftp log file in %windir%\system32\logfiles\msftpsvc or NT event log?

    Sc-win32-status field in logfile contains win32 error code. Look up the meaning of that and it could give you clue.

     

     

     

    Friday, September 28, 2007 12:52 PM