4

I'am running Windows Server 2012 in Azure, and I've configured the FTP server in IIS. When I try to connect the server, it accepts the username and password and log me in but not showing the directory listing.

  1. I've tried using FileZilla FTP client to connect and it saying the same error.

    Status: Resolving address of jothiprakashanandan.southindia.cloudapp.azure.com
Status: Connecting to 104.211.244.241:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing
Status: Disconnected from server

  2. The inbound rule of Azure is this:

    Azure Inbound Rule

  3. The VM's firewall inbound rule. VM's inbound rule

  4. However when I try to login from the VM's browser it is working fine and showing the directory list.

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
Jothi Prakash Anandan
  • 349
  • 2
  • 3
  • 13

3 Answers3

8

In Azure, we should deploy the passive mode FTP, we should add data channel ports range in FTP Firewall Support, then add those ports to NSG and windows firewall inbound rules.

enter image description here

By the way, although the windows firewall seems to allow all traffic that’s required, we also need to enable stateful FTP filtering on the firewall:

netsh advfirewall set global StatefulFtp enable

Then restart the FTP windows service and we should be up and running:

net stop ftpsvc
net start ftpsvc

Here is a similar case, same error as you, please refer to it.

Check which port does the FTP site listen on: enter image description here

Community
  • 1
  • 1
Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • Actually i am having problems after restarting the server in the Azure portal. I'll confirm once after a try. – Jothi Prakash Anandan Feb 16 '17 at 07:15
  • @JothiPrakashAnandan OK, after the VM started, we should check the data channel port range, and open them in VM's NSG and windows firewall inbound rules. – Jason Ye Feb 16 '17 at 07:21
  • Okay jason. I'll check them both and let you know. – Jothi Prakash Anandan Feb 16 '17 at 07:28
  • The FTP server is working fine in the VM. and when i try to connect from the local machine using filezilla it is showing timeout error. `Status: Resolving address of jothiprakash.southindia.cloudapp.azure.com Status: Connecting to 52.172.10.61:2500... Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of jothiprakash.southindia.cloudapp.azure.com Status: Connecting to 52.172.10.61:2500... Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server` – Jothi Prakash Anandan Feb 22 '17 at 06:10
  • I've used this link for creating and configuring the Azure VM. [Configuring Azure VM](http://www.intstrings.com/ramivemula/articles/enable-ftp-access-on-windows-azure-vm/) – Jothi Prakash Anandan Feb 22 '17 at 06:14
  • @JothiPrakashAnandan can you telnet 2500 the Azure VM from your local machine? – Jason Ye Feb 22 '17 at 06:18
  • `Connecting To 52.172.10.61:2500...Could not open connection to the host, on port 23: Connect failed` This was the result of telnet ping – Jothi Prakash Anandan Feb 22 '17 at 06:21
  • @JothiPrakashAnandan I had test in my lab, I can't telnet your port 2500, please add port 2500 in your VM windows firewall – Jason Ye Feb 22 '17 at 06:38
  • @JothiPrakashAnandan also we should run this command in the Azure V M, use command line to run" netsh advfirewall set global StatefulFtp enable" – Jason Ye Feb 22 '17 at 06:43
  • @JothiPrakashAnandan according to your post, you add port 21 to windows firewall, but FTP listen on port 2500, so should add port 2500 on VM's firewall. – Jason Ye Feb 22 '17 at 07:14
  • [Security Group snapshot](https://drive.google.com/open?id=0BwOoezghNRUiMHk2WWt1ZDQ1alU). and [VM's snapshot](https://drive.google.com/open?id=0BwOoezghNRUiVU81d1kyXzNsX1U). So far i haven't found any configuration problems @jason – Jothi Prakash Anandan Feb 22 '17 at 07:45
  • @JothiPrakashAnandan can you telnet your VM's public ip address? "telnet xxx.xxx.xxx.xxx 2500" – Jason Ye Feb 22 '17 at 08:50
  • it is showing me this when i ping using telnet `Connection failed: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 52.172.10.61:2500` – Jothi Prakash Anandan Feb 22 '17 at 09:03
  • @JothiPrakashAnandan I can't telnet you ip address with port 2500, can you telnet your localhost 2500 from the Azure VM. and check the FTP listen on which port. – Jason Ye Feb 22 '17 at 09:06
  • @JothiPrakashAnandan we can right cliect you FTP site, and select "edit bindings", in this way, we can find the ftp site listen on. – Jason Ye Feb 22 '17 at 09:13
  • I checked both the ports 21 and 2500 and it is showing the following errror.. `C:\Users\jothiprakash>telnet 52.172.10.61 2500 Connecting To 52.172.10.61...Could not open connection to the host, on port 2500 : Connect failed C:\Users\jothiprakash>telnet 52.172.10.61 21 Connecting To 52.172.10.61...Could not open connection to the host, on port 21: Connect failed` – Jothi Prakash Anandan Feb 22 '17 at 09:14
  • login your azure vm, and try telnet, "telnet 127.0.0.1 2500" – Jason Ye Feb 22 '17 at 09:16
  • It has entered into telnet. Working perfect with 2500 port. – Jothi Prakash Anandan Feb 22 '17 at 09:20
  • @JothiPrakashAnandan Ok, we should check the Azure Vnet subnets' security group. select your virtual network, in the settings select subnets, then we can find the subnets' security group, by default is none. – Jason Ye Feb 22 '17 at 09:24
  • We can't through the public telnet 52.172.10.61 with port 2500, because something block it, In azure, NSG, VM's firewall and subnets' security group will block it, so we should check them. for test, we can turn off azure vm windows firewall, make sure there is no security group with subnets, and open port 2500 on NSG, then try to use telnet to test it. – Jason Ye Feb 22 '17 at 09:39
  • Great @jason now i've changed the NSG and now telnet is okay. `Status: Connecting to 52.172.10.61:2500... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: USER jothiprakash Response: 530 Valid hostname is expected. Error: Could not connect to server Status: Waiting to retry... Status: Connecting to 52.172.10.61:2500... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: USER jothiprakash Response: 530 Valid hostname is expected. Error: Could not connect to server` – Jothi Prakash Anandan Feb 22 '17 at 10:09
  • I still can't directly connect using filezilla. – Jothi Prakash Anandan Feb 22 '17 at 10:09
  • For test, you can use IE to connect the FTP site, ftp://52.172.10.61:2500 – Jason Ye Feb 22 '17 at 10:12
  • ftp:// 52.172.10.61:2500 – Jason Ye Feb 22 '17 at 10:13
  • `530 Valid hostname is expected` This is the warning showing in filezilla. Although i can ping using telnet from my local machine to VM, i can't connect to the VM via FileZilla. – Jothi Prakash Anandan Feb 22 '17 at 12:13
  • You just have add DNS name to the username like `"jothiprakash.southindia.cloudapp.azure.com"|jothiprakash` and the error is resolved and directory listing is available. Thank you for helping @jason – Jothi Prakash Anandan Feb 22 '17 at 12:27
  • Great, if it helps, please mark it as an answer. It will help others. – Jason Ye Feb 22 '17 at 13:32
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/136413/discussion-between-jason-ye-msft-and-jothi-prakash-anandan). – Jason Ye Feb 23 '17 at 05:01
0

It is usually necessary to restart the Microsoft FTP service after enabling the FTP server rules in Windows firewall to have the change take an effect.

Or restarting a whole machine.

See my guide to Installing an FTP Server on Windows using IIS.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
0

The issue was with Azure network NSG. you need to enable the port range on which data is getting transferred.Data connection port range

Added new rule in NSG to open this port range and it worked.

Sachin Vishwakarma
  • 854
  • 7
  • 9