Firewall blocking FTP server on Windows 2008 R2
Solution 1
I finally got it to work, but there's some things I've learnt:
IIS will let you configure the ports that the FTP server will use for passive mode. But, for me, this did NOT take affect until I restarted the service named "Microsoft FTP Service"
-
When I looked at the inbound firewall rules, I saw three preconfigured rules:
- FTP Server (FTP Traffic-In)
- FTP Server Passive (FTP Passive Traffic-in)
- FTP Server Secure (FTP SSL Traffic In)
These rules looked like just what I needed. But for some reason, they didn't actually do anything. When I created my OWN rules specifying exactly the same things, it worked. (Apparently, I'm not the first to encounter this problem, see this posting.)
Later Edit: Reading the comments below, it appears I was mistaken about these rules not working. You just need to enable them and restart the Microsoft FTP Service
Solution 2
I have the same problem on a fresh install of Server 2012, but had to restart the Windows FireWall service to get it to work.
Solution 3
Create a new firewall rule. Select program option. Select this program path. Paste %systemroot%\system32\svchost.exe into path. Accept warning message. Allow for all connections, give name. Turn firewall off/on. Done.
Solution 4
You might want to try to disable Disable stateful FTP filtering:
netsh advfirewall set global StatefulFTP disable
and make sure to restart FTP service afterwards
(see also: http://blog.nenoloje.com/2013/01/ftp-service-for-iis-client-connection.html)
Related videos on Youtube
04 : 41
01 : 44
10 : 28
01 : 49
03 : 10
Andrew Shepherd
Started my first job as a full-time developer in 1996. Spent 11 years coding solely in C++. Then moved on to C#, then got a job where everyone is coding in Matlab, then took over a digital signage solution, and have been doing that since 2011. Now, on any given day I code in C#, Powershell, Javascript, Typescript, Java and Transact SQL, writing applications for Chrome, Android or Windows devices and the web which isn't really a device. In my wayward youth before taking on programming I went and got a music degree. I am experimenting to see if this link gets removed from my profile: https://au.gofundme.com/f/stop-stack-overflow-from-defaming-its-users
Updated on September 18, 2022Comments
-
Andrew Shepherd over 1 year
I can access the FTP site without problems from the local machine, but it times out from the remote machine.
If I turn the firewall off COMPLETELY, it works. Obviously, this isn't really a satisfactory solution.
I've attempted to follow these steps, but to now avail.
On my remote machine I am using Filezilla as the FTP client. Below is the output it gives me as I attempt to access the site. As you can see, it manages to connect and authenticate, but the attempt to list the directory times out.
Can somebody tell me where I should look next?
Status: Connecting to 192.168.15.12:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: USER CMSDEVELOPMENT\CMSdev Response: 331 Password required for CMSDEVELOPMENT\CMSdev. Command: PASS ****** Response: 230-Directory has 71,805,415,424 bytes of disk space available. Response: 230 User logged in. Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (192,168,15,12,192,160). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listingLooking at the firewall logs, I see these entries:
2012-04-23 14:44:54 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 52 S 650301735 0 65535 - - - RECEIVE 2012-04-23 14:44:57 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 52 S 650301735 0 65535 - - - RECEIVE 2012-04-23 14:45:03 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 48 S 650301735 0 65535 - - - RECEIVE -
Admin about 11 yearsThanks Andrew for the "Microsoft FTP Service" restart tip! :D This did it for me. -
RichardHowells about 10 yearsOn Windows Server 2012 I also found the pre-configured rules were not working. However the stop & restart of the FTP service seemed to wake them up and fixed it for me. Great Tip. :-D
-
Nick Jones over 9 yearsRestart of "Microsoft FTP Service" fixed it for me (on 2012 R2) as well. I had those preconfigured rules but they weren't taking effect for some reason.
-
Uwe Keim over 9 yearsJust for the reference: "
net stop msftpsvc" followed by a "net start msftpsvc" is the command line way of restarting the FTP service. -
Matty Brown almost 9 yearsRestarting the "Microsoft FTP Service" was the key for me. It worked perfectly after I'd done that.
