cannot get directory list via ftp using windows 2012 r2, iis-8

Question

Cannot get directory listing in FTP client program.

Trying to connect with Filezilla using passive mode:

Status: Resolving address of test.domain.dk
Status: Connecting to 89.XXX.XXX.XXX:21...
Status: Connection established, waiting for welcome message...
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Error:  Failed to retrieve directory listing

Trying active mode, I can't get directory list either:

Status: Resolving address of test.domain.dk
Status: Connecting to 89.XXX.XXX.XXX:21...
Status: Connection established, waiting for welcome message...
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PORT 192,168,0,195,203,136
Response:   550 An attempt was made to access a socket in a way forbidden by its access permissions. 
Command:    PASV
Error:  Disconnected from server: ECONNABORTED - Connection aborted
Error:  Failed to retrieve directory listing

I'm on Windows server 2012 R2 IIS-8 Both FTP server and extensibility installed.

FTP/sites are placed on a data drive in my case here. This datadrive is drive E:\webdata.

Server firewall is ok configuret, ant I tried to disable the firewall, and no difference in the behaviour, sp its not my servers firewall.

The hosting provider tells me that the has opened port 20, 21, and the range 50000-51000 (for passive mode use). To tell that to my server I opened the FTP Firewall Support in IIS and gave that in the portrange. (Also tried just 0-0). If I dont't dap in the IP address of my gateway in the field for my external firewall address (updated: see the IP and a note below in the area with wireshark), I just get a timeout while trying to connect to the FTP server from the internet side. I asked my hostingprovider if I coud get the external IP address of the firewall, but they told me that it's not nessacerry, but I coud use my public IP adress for the server, wich also gives time out while trying to connect via an external FTP client. The hosting provider tells that I must have another problem in my installation somewhere and I need to find it out.

After spending days and hours now on reading guides, blogs and forums without finding a slolution yet, I hope someone here can give some advice?

Kind regards

UPDATED: Did a Wireshark but I'm not confident in using wireshark. I ran it serverside, and here is what i catched about my attempt to connect:

No.   Time      Source            Destination    Protocol Length   Info
187   4.920498000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   TCP   66   55073 > 21 [SYN] Seq=0 Win=4380 Len=0 MSS=1456 WS=1 SACK_PERM=1
188   4.920550000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   TCP   66   21 > 55073 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
189   4.923907000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   TCP   60   55073 > 21 [ACK] Seq=1 Ack=1 Win=4380 Len=0
190   4.924141000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   84   Response: 220 You see my serverbanner now
191   4.928956000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   72   Request: USER ftp_username_here
192   4.928994000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   77   Response: 331 Password required
193   4.934234000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   69   Request: PASS **********
194   4.934839000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   67   Response: 230-Glad to see you here
195   4.934857000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   75   Response: 230 User logged in.
196   4.938247000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   TCP   60   55073 > 21 [ACK] Seq=34 Ack=88 Win=4467 Len=0
197   4.990122000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   68   Request: OPTS UTF8 ON
198   4.990174000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   112   Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
199   4.996192000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   60   Request: PWD
200   4.996236000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   85   Response: 257 ""/"" is current directory.
201   5.000951000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   62   Request: TYPE I
202   5.000989000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   74   Response: 200 Type set to I.
203   5.005644000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   FTP   60   Request: PASV
204   5.005841000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   FTP   106   Response: 227 Entering Passive Mode (192,YYY,YYY,ZZZ,233,110).
205   5.009646000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   TCP   60   55073 > 21 [RST, ACK] Seq=67 Ack=249 Win=4628 Len=0
206   5.020808000   185.XXX.XXX.XXX   192.YYY.YYY.YYY   TCP   66   55074 > 21 [SYN] Seq=0 Win=4380 Len=0 MSS=1456 WS=1 SACK_PERM=1
207   5.020841000   192.YYY.YYY.YYY   185.XXX.XXX.XXX   TCP   66   21 > 55074 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1

In the above, 185.XXX.XXX.XXX = servers WAN IP (external IP of the router/gateway) 192.YYY.YYY.YYY is my servers LAN IP 192,YYY,YYY,ZZZ is the IP of the gateway, wich I also is mention in the above, wich I'm using as the external firewall address for getting it working.

In frame 204 I lost the connection on my FileZilla client, as described first. After 207 I closed the FileZilla and the lines after that is only my RDP and the backup system running that is listed.

If I - in wireshark - doubbleclick on every single line, I can see that some bytes on wire, and for every frame the same bytes are revieved. So if there are packet losst, I don't know how to see that in this case here.

Answer 1

Just posting to say I had the same experience. IISreset didn't cut it on server 2016. I made all the changes in the IIS FTP site config for range and public IP, setup firewall to NAT those ports, etc. Once I rebooted the 2016 server, everything worked as expected.