locked
IIS 6.0 FTP Server Ephemeral Port Problems RRS feed

  • Question

  • User-1064978006 posted

    Hello World,

    I have a Win2K3 server with IIS 6.0 and FTP server. I used to be able to upload files remotely via FTP. I am aware of the PassivePortRange issues and had been successful in the past with u/l where ports > "5000".  

    24 hrs ago I tried an upload and received the following error :

    200 Type set to I.

    227 Entering Passive Mode (XXX,XXX,XXX,XXX,11,42).

    550      MyFile.xxx: Access is denied

    Netstat on server shows no ports above "5000" being accessed.

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\PassivePortRange\Value=5XXX-5XXX

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort\REG_DWORD\Value=60000 (decimal).

    What else could cause not being able to access ports > "5000" ?  Router ports are mapped correctly.

    I do think the FTP logs show an unusual aspect. I've noticed that the connecting IP being logged is the router's IP and not the client machine, yet this is not always consistent....       Just a possible indice I wanted to air out.

    Thank You for Any help with this matter.

    Thursday, October 12, 2006 11:38 AM

All replies

  • User989702501 posted
    Mmm.. I have seen many successfully configured the passive port range. The log you showed is indicating passive port of 2858. Funny thing is that if this is passive mode related you should got error 500 invalid port command, I mean the standard error that normally appear. 550 is more related to permissions. If you try connecting locally via ftp.exe, issue 'quot pasv' do you see any value that is more that 5000?
    Thursday, October 12, 2006 11:50 PM
  • User-1064978006 posted

    Hello Bernard,

    Thank you for the reply. Your information is always heartedly welcome. I agree error code 550 indicates a permission problem. I tried FTP.exe local and QUOTE PASV plus SEND and noticed port 5004 via netstat on the server, thus I tend to think a permission problem exists. I will troubleshoot in this area now. Thank you for the pointers and I'll give you an update when I know more.

     Cheers,

    Friday, October 13, 2006 4:59 AM
  • User-1064978006 posted

    Hello Again Bernard,

    Problem Solved.  Somehow the virtual directories had been deleted from the system. Now the original directories and their associated permissions where still in tact and all functioned correctly except the directory with write permissions. Simply by recreating the virtual directories and associated mappings solved the problem. Indeed a permission problem strange though it be.

    Thanks for your help.

    Friday, October 13, 2006 6:18 AM
  • User989702501 posted
    Cool! but why then the first log you posted shows the port range is < 5000 when you had configured the passive port range :)   
    Sunday, October 15, 2006 2:06 AM