General discussion


certian user unable to logon to new FTP server

By snbdman ·
Last week we new a new Windows Server 2003 box online taking the place of our old NT 4.0 box which served as a FTP server along with a web server for my company. Most of the people who use the FTP site have had no trouble getting on the site.

I do have two users who are unable to get on the site. I have personally talked to one of the users he has told me that he is using Windows XP and IE 6 and was able to get onto the FTP site before when it was on the NT box. Also he is able to get onto his office FTP site which is hosted by a separate company.

I know his security settings in IE are set to medium and the advance tab is set to ?Use Passive FTP (for firewall and DSL modem compatibility)?.

Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Windows Firewall

by CG IT In reply to certian user unable to lo ...

did the firewall exceptions change?

Collapse -

windows firewall

by snbdman In reply to Windows Firewall

On the server end I have opened ports 20 and 21 in Windows Firewall.

On the user end I had them open ports 20 and 21 also on the Windows firewall. Still no go.

I have thought about having them try to login using the syntax in the address bar of

ftp://<username>:<password>@<ftp site address>.

I have also tried to recreate the problem and did so once by setting IE security to high.
Then I started clearing the history, temp files, cookies, auto fill passwords, auto fill forms, and then I reset security to meduim. I was then able to log on to the site after this, but I was not able to recreate the problem again. So not quite sure what cause it in the first place?

Any Ideas?

Collapse -

Check ports up from 1023 and NAT on both sides, ISA firewall, DNS on server

by Tom Friedriks In reply to certian user unable to lo ...

Check you still have opened ports from 1023 and higher for ftp connection on the server side for passive mode and on the client side for active mode. Make sure also that firewall doesn't forbids outgoing connections from local ports within the same port range from port 1023 to 65535 on the client side. These unassigned ports are randomly choosed by either a client or server in both cases. The only difference of passive mode from the active mode is that in passive mode ALL (the commad and the data) connections are going from the client's port range to the server's port 21 (for command) and 1023 to 65535 (for data). In active mode data connection goes from server's port 20 to the client's port range from 1023 and higher. So the passive mode is easier only because it requires less intervention on the client side and doesn't require client user to open unassigned ports for incoming connections. Instead, it requires server admin to open higher ports on the server. Also note, if you enabled NAT service on the client, you wouldn't be able to work in active mode. If you have downstream ISA server prior to 2000 SP1 with enabled IP routing, disable the routing on it. Check also it's all OK with DNS which misconfiguration sometimes happens after upgrading from NT4 to Server 2003.

Related Discussions

Related Forums