How to set up FTP on Azure VM

iis azure ftp iis-7.5 ftp-client
72,131

Solution 1

There's a great walkthrough from July 2012 'Hosting FTP on IIS 7.5 in a Windows Azure VM' by Ronald Wildenberg about this. He echoes David's answer. These are the stages he goes through:

  1. First of all, you need a virtual machine. I needed a Windows machine with a SQL Server database so I chose 'Microsoft SQL Server 2012 Evaluation Edition' from the available templates.
  2. Once the machine has booted, you can RDP into it via the connect option at the bottom of the management portal.
  3. When you're in, you need to configure IIS. A summary of the required steps:
    • Add the 'Web Server (IIS)' role to the server.
    • Add the IIS features you need.
    • Add a TCP endpoint to your VM in the management portal with public and private port 80.
  4. To enable FTP, make sure you enable the 'FTP Server' role services for your IIS role:
  5. The next step is to create the actual FTP site in IIS. Right-click on 'Sites' in IIS Manager and select 'Add FTP Site…'
  6. Specify the name and the local path for the site:
  7. Specify binding and SSL information:
  8. And finally specify who should have access to the FTP site.
  9. You should now be able to access the FTP site from within the VM. Open a command prompt, type ftp 127.0.0.1 and login
  10. For active FTP you need to allow access to ports 21 (FTP command port) and 20 (FTP data port) so you need to add two endpoints to your VM
  11. to configure passive FTP. For this to work, we need to tell the IIS FTP server the port range it can use for data connections and we need to add endpoints to the VM that correspond to this port range.
  12. configure the port range and external IP address for passive data connections. This can be found in IIS Manager
  13. The external IP address should be the Virtual IP address you can find in the Azure Management portal.
  14. If you cannot specify the data channel port range in the IIS Manager use the appcmd utility, which can be found in %windir%\system32\inetsrv: appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7014
  15. You could specify all 15 new endpoints in the Azure portal but that would take ages so use the Windows Azure Powershell cmdlets.
  16. download the publish settings file. One way is to start Windows Azure Powershell and use the cmdlet 'Get-AzurePublishSettingsFile'. It opens a browser and allows you to download the publish settings file that corresponds to your Windows Live id.
  17. When you have downloaded the publish settings file, you can import it using the 'Import-AzurePublishSettingsFile' cmdlet and we’re ready to start adding endpoints.
  18. I simply created a text file containing the list of commands I wanted to run and copied that into the Powershell window: Get-AzureVM -ServiceName 'myServiceName' -Name 'ftpportal' | Add-AzureEndpoint -Name 'FTPPassive00' -Protocol 'TCP' -LocalPort 7000 -PublicPort 7000 | Update-AzureVM where 'myServiceName' is the name of my cloud service and 'ftpportal' is the name of my virtual machine.
  19. Although the Windows firewall seems to allow all traffic that is required, you also need to enable stateful FTP filtering on the firewall: netsh advfirewall set global StatefulFtp enable
  20. restart the FTP Windows service and we should be up and running:
    • net stop ftpsvc
    • net start ftpsvc

It's worth following these steps in the original article not least because he includes useful screenshots for each step, but I thought it was worth quoting extensively here just-in-case. The article also mentions Active FTP vs. Passive FTP, a Definitive Explanation as worth reading.

It would be great if I could report that after following these steps your Azure VM based FTP server will be working and accessible. But unfortunately the steps above did not fix it for me :-(

Solution 2

If you don't mind using FileZilla FTP Server,

Here is what i did, to enable FTP connection to my VM.

  1. Go to Azure VM (manage.windowsazure.com), and add 2 endpoints:
    1. Name: FTP (Protocol TCP, Public Port 21, Private Port 21)
    2. Name: FTP Passive (Protocol TCP, Public Port 60000, Private Port 60000)
  2. Go back to VM (via RDP), Open connection for port 21, and 60000 on Windows Firewall inbound rule.
  3. Download and open FileZilla Server.
  4. Click Edit -> Users and add user and shared directory as needed.
  5. Click Edit -> Settings. On the sidebar click Passive Mode Settings.
  6. Check "use custom port range" and enter 60000 - 60000
  7. On ip4specific part, select radio button "use the following ip", and enter your xxxx.cloudapp.net.
  8. Save, and run the server. That's it, you can now connect to FTP from outside of VM.

Hope it helps someone.

Cheers

Solution 3

After straggling for a while with the 15-points list above, I got the message MS are trying to pass - "No (easy) FTP for you"...

So I went back to the good-old & open Linux world - set up an SCP server using Cygwin. You even get a remote shell as a bonus...

1) Run the Cygwin installer - https://cygwin.com/setup-x86.exe

2) In 'Select Packages' search for

  • cygrunsrv (select the one under 'Admin')
  • openssh (select the one under 'Net)

3) When done, start the Cygwin Terminal, and type:

  • ssh-host-config -y -pwd S0me-Str0ng-pa55w0rd

  • cygrunsrv -S sshd

4) From the Azure VM add an SSH endpoint

5) In Windows FireWall, add Inbound Rule for TCP port 22

And viola - you can connect using WinSCP, Notepad++ and Putty of course...

Notes:

  • Unix is case sensitive, so type your user in exact case, e.g. Administrator with capital A
  • Your drives are under /cygdrive (c:\ is at /cygdrive/c etc)

Good luck!

Solution 4

You need to add an additional port range, which the ftp server will choose from for each ftp connection.

You'll need to create a bunch of input endpoints, each representing one of the ports in the specified port range. Note that you have a limited number of input endpoints (not sure of the exact number, but you should easily be able to open, say, 50 input endpoints in contiguous ports). Then just set up the ftp server to use that same range. Also, you'll want to map the input endpoint public port to the same private port number, otherwise connections won't be created properly.

Solution 5

The link in dumbledad's answer is currently unavailable. I was still having issues getting passive FTP running on a new Azure VM after following the steps there.

After a bit of searching, I found this create article Passive FTP and dynamic ports. It's a great walkthrough and provides a simple script to run from your VM to get FTP up and running in a minute. If you are setting up multiple VMs the script is a much quicker way to setup FTP access rather than manually configure IIS and Azure endpoints.

Share:
72,131

Related videos on Youtube

ChiliYago
Author by

ChiliYago

Updated on July 09, 2022

Comments

  • ChiliYago
    ChiliYago almost 2 years

    I need some help setting up FTP on my Azure VM instance.

    The VM is Windows Server 2012 R2. I have set up the Web Server Role and created an FTP site in IIS. I have confirmed that I can access the FTP server with 

    ftp command: open localhost

    I have also configured an FTP end point for the VM on the Azure Portal configured for the standard port 21.

    Lastly, I have created a firewall rule to allow all traffic in/out of port 21.

    Now when I try to FTP to it from my home machine I can see the server public DNS name is resolving to the proper IP and port but no connection can be made.

    Am I missing a configuration step somewhere?

    Thanks

  • ChiliYago
    ChiliYago over 10 years
    sounds good. I am not sure how to setup so many end points effectively though. Seems like the azure portal allows for only one at a time which is a lot of configuring. Is there a way to setup all those ports at once?
  • David Makogon
    David Makogon over 10 years
    This is very easy with PowerShell or CLI. Download the Azure PowerShell cmdlets and check out Add-AzureEndpoint.
  • rism
    rism over 9 years
    These steps are still valid as of Sep '14. As a contractor I have been through these steps multiple times over the last couple of years for different firms. Regardless of the local environment the one thing that is always a problem is Filezilla and IIS. In my experience it rarely works. I read a post by the Filezilla author who claimed it was MS's fault due to the non standards way they have implemented the protocol and he was not going to change Filezilla code to fix MS mistake. So in short if you are using Filezilla (which i love) and still having problems try a different ftp client.
  • rism
    rism over 9 years
    I should also add that if you encounter error 530 messages when logging in, remember to check FTP Authentication in IIS Manager. If you are requiring user name and passwords then you will want to enable basic authentication (at least) which is disabled by default.
  • Martin Prikryl
    Martin Prikryl over 9 years
    I'd like to also emphasize, that TLS/SSL should be enforced (what is luckily default for IIS nowadays). But for that enabling StatefulFtp is actually counter productive as the stateful filter won't work with TLS anyway and I've seen reports that it actually breaks it (I did not test it myself). Anyway, it definitely does not have to be enabled, even for unencrypted connections.
  • Martin Prikryl
    Martin Prikryl over 9 years
    Using Update-AzureVM after adding every endpoint is pretty ineffective and slow. One should add all the endpoints and call update only once. See my example: winscp.net/eng/docs/guide_azure_ftps_server#firewall
  • Mouli
    Mouli over 8 years
    Look at the below link for step by step setup FTP in Azure with additional disk. Includes firewall setup and issues gingercart.com/Home/big-data/…
  • Chris
    Chris over 8 years
    Re: #14, if the port range is grayed out it's because you're on too-specific a node in the tree. You can't set this on a per-site level. Click on your server name instead and you will be able to set the ports in the GUI.
  • christofr
    christofr about 7 years
    Confirmed working fine with FileZilla 3.9.0.6, despite previous comments
  • mosheb
    mosheb about 7 years
    just a note that for the passive ftp endpoint, you have to choose "custom" service to allow arbitrary port range (i.e. 60000 in this example)
  • imswapy
    imswapy almost 7 years
    the link is not working. Here's the working one itq.nl/walkthrough-hosting-ftp-on-iis-7-5-a-windows-azure-vm‌​-2

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cannot list directory on IIS FTP server on Azure, even after configuring Azure inbound rules and Windows firewall
Getting FTP working on an Azure VM, connection closed
Setting Permissions in Windows Azure Website
Unable to write using IIS FTP ... Keep getting Access is denied
How do IIS FTP 7.5 User accounts work?
How can I get just the site name from the "AppCmd.exe list site" command?
Server sent passive reply with unroutable address. Using server address instead IIS 8.5
How to resolve FTP Error “Failed to retrieve directory listing” for Administrator account in IIS 7.5
FTP website in IIS with anonymous authentication requires username and password
Enable HTTP Strict Transport Security (HSTS) in Azure WebRoles