JustAnswer > Computer
Ask A Question|Register|Login|Help
JustAnswer

Computer
Ask a Computer Question, Get an Answer ASAP!

Have your own Computer question?

13 Tech Support Specialists are Online Now
characters left:
Not a Computer Question?

Related Computer Topics:

  • Add
    • ,
  • Amp
    • ,
  • Fix
    • ,
  • Log
    • ,
  • Run
    • ,
  • Set
    • ,
  • Two
    • ,
  • Usa
    • ,
  • Back
    • ,
  • Come
Bookmark and Share

Question

setting up a server with FTP, having problems when connecting, some FTP clients cannot connect and some commands are failing, using argosoft FTP. I can connect VIA cutesoft FTP but some files fail and i have to ftp the ones that fail and it then does them, i am guessing it's a firewall/permissions /ports problem?

Submitted: 25 days and 6 hours ago.
Category: Computer
Value: $15
Status: CLOSED
+
Read More

Optional Information

Computer OS: Other

Already Tried:
opened port 21, and also gave range of port to use for FTP 41000 - 41099. Added port 21 to Firewall exceptions.

Posted by Matthew S 25 days and 2 hours ago.

Answer

Hi there,

Port 21 is the only port required to be unfirewalled for outside access, however transmissions are placed over port 20. No other ports are required for FTP.

Check to see if you can connect to the ftp server on the machine hosting the server (ie: connect to localhost) - this eliminates potential issues with the server software its self.

Hope that helps

Matt

24 days and 22 hours ago.

Reply

hi

i can access the server via the net, so don't need to do a localhost test.

 

For test

 

216.18.20.240

username : useru

password : useru

 

but only connects via Cuteftp m . other software don't see it firezilla, IE, safari etc...

 

also some files fail on transfer

 

this is the log i get when the file fails to upload.

--------------

[FTP 000118 28-10-09 08:14:57] 150 Opening ASCII data connection for file eminence.html

[FTP 000118 28-10-09 08:14:57] Connection with 59.164.67.64 ended

[FTP 000118 28-10-09 08:15:58] Error: The process cannot access the file 'C:\inetpub\wwwroot\Uploads from Sharif\mackie2009\eminence.html' because it is being used by another process.

 

but this file is just being uplaoded why is it being used by another process??

 

i have set the firewall for inbound and outbound.. can that be the problem??

 

see attached screen shots..

graphic
View Full Image

 

 

 

Posted by Matthew S 24 days and 21 hours ago.

Answer

Hi there,

Okay, well that definately means your firewall and ports are not an issue.

This is more along the lines of file permissions and other things effecting the file access.

Go to c:\inetpub and right click wwwroot, go to properties, and from the Security tab, add ASPNET (if you are using XP or earlier), or "Network Service" (without quotes, if you are using 2003 server or later), and give it full access to entire directory. It should solve your problem.

Failing that, it may be an issue with your antivirus software scanning the files at the time that may be causing this issue.

24 days and 21 hours ago.

Reply

i already added network service to the wwwroot directory...

 

We don't have an antivirus.

 

24 days and 21 hours ago.

Reply

in firezilla we are geting this message...

 

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/" is working directory

Command: TYPE I

Response: 200 Type set to Image (binary)

Command: PASV

Response: 227 Entering passive mode (216,18,20,240,162,55)

Command: LIST

Response: 150 Opening Binary data connection

Error: Connection timed out

Error: Failed to retrieve directory listing

24 days and 21 hours ago.

Reply

in firezilla we are geting this message...

 

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/" is working directory

Command: TYPE I

Response: 200 Type set to Image (binary)

Command: PASV

Response: 227 Entering passive mode (216,18,20,240,162,55)

Command: LIST

Response: 150 Opening Binary data connection

Error: Connection timed out

Error: Failed to retrieve directory listing

 

from pc located anywhere .. in canada, india, usa so not issue with PC either

Posted by Matthew S 24 days and 21 hours ago.

Answer

Ok, that definately indicates a server fault, please bare with me, i'm working on your issue as we speak :)

24 days and 21 hours ago.

Reply

on ftp log

 

i think you tried to connect

-------------\

[FTP 000003 28-10-09 08:56:16] 350 Restarting from 0 bytes

[FTP 000004 28-10-09 08:56:19] USER useru

[FTP 000004 28-10-09 08:56:19] 331 User name useru accepted. Need password

[FTP 000004 28-10-09 08:56:22] PASS XXXXXXXX

[FTP 000004 28-10-09 08:56:22] 550 Not logged in

[FTP 000004 28-10-09 08:56:28] PASSWD useru

[FTP 000004 28-10-09 08:56:28] 550 Unknown command

[FTP 000004 28-10-09 08:56:35] USER useru useru

[FTP 000004 28-10-09 08:56:35] 331 User name useru useru accepted. Need password

[FTP 000003 28-10-09 08:56:38] TYPE I

[FTP 000003 28-10-09 08:56:38] 200 Type set to Image (binary)

[FTP 000004 28-10-09 08:56:47] PWD useru

[FTP 000004 28-10-09 08:56:47] 530 Not logged in

[FTP 000004 28-10-09 08:56:52] quite

[FTP 000004 28-10-09 08:56:52] 550 Unknown command

[FTP 000004 28-10-09 08:56:53] quote

[FTP 000004 28-10-09 08:56:53] 550 Unknown command

[FTP 000004 28-10-09 08:56:55] quit

[FTP 000004 28-10-09 08:56:55] 220 Goodbye

[FTP 000004 28-10-09 08:56:55] Connection with 220.253.104.85 ended

Posted by Matthew S 24 days and 21 hours ago.

Answer

Wasn't me, sorry, other people can see this thread as well.

From what i can find on this issue, the error is a windows error, everything i've found has lead back to permissions.

24 days and 21 hours ago.

Reply

ok, gave full permissions to the wwwroot folder via network service what other permissions can it be?

WE don't have to set port 20 on firewall do we?

graphic
View Full Image

Posted by Matthew S 24 days and 21 hours ago.

Answer

Port 20 is used for file transfer, but you can find what ports its trying to use by trying to initiate a file transfer then issuing the netstat cmd again.

Posted by Matthew S 24 days and 21 hours ago.

Answer

Make sure that your permissions are recursive over the directory and every file/directory within it, otherwise you'll continue to have the same issues.

24 days and 21 hours ago.

Reply

starting to get new error in ftp log

---------

Error: Connection lost

[FTP 000023 28-10-09 09:17:09] Received connection from 59.164.67.64

[FTP 000024 28-10-09 09:17:11] Received connection from 59.164.67.64

[FTP 000011 28-10-09 09:17:18] REST 0

[FTP 000011 28-10-09 09:17:18] 350 Restarting from 0 bytes

[FTP 000023 28-10-09 09:17:20] Error: Cannot open database "FtpServerData" requested by the login. The login failed.

Login failed for user 'NT AUTHORITY\SYSTEM'.

[FTP 000024 28-10-09 09:17:20] Error: Cannot open database "FtpServerData" requested by the login. The login failed.

Login failed for user 'NT AUTHORITY\SYSTEM'.

[FTP 000011 28-10-09 09:17:42] TYPE A

[FTP 000011 28-10-09 09:17:42] 200 Type set to ASCII

[FTP 000011 28-10-09 09:18:11] TYPE A

----------------------------------------------------

Posted by Matthew S 24 days and 20 hours ago.

Answer

Okay two things to do:

Change mssearch service account to a domain account with sa privilege in the server.

Add 'NT AUTHORITY\SYSTEM' to sysadmin

24 days and 20 hours ago.

Reply

all this relates to SQL .. does it not? how will it be related?

Posted by Matthew S 24 days and 20 hours ago.

Answer

This is correct, and both services are run primarily by the system users, which, in my research, have found that by default, the nt authority\system user does not have full view access to the database, and can only be granted this access by doing the above.

24 days and 20 hours ago.

Reply

i changed the FTP software to blackmoon and same trouble..

so when you say

 

Change mssearch service account to a domain account with sa privilege in the server.

how do i do this ? domaijnj account ..like one of my domains hosted on the server?

Add 'NT AUTHORITY\SYSTEM' to sysadmin

how do i do this..

 

i think my brain is not totally fried with this!

Posted by Matthew S 24 days and 20 hours ago.

Answer

You can change the user to a domain account by adding the account into the 'Domain Users' group.

Same goes with the nt authority\system account, you simply need to add it to the group.

You can do this by going to users and groups in the administrative tools in control panel.

It's okay, we're trouble shooting, and i'm a very patient person, we'll get this fixed :D

24 days and 20 hours ago.

Reply

thanks.. my other optionis to go for managed server.. have set up 2003 .. we have 4 server, never had this before. we are essentially programmers.geting quotes for managed server anyway.. incase..

setup both the ones here below with no problems..

 

88.208.208.153

209.139.208.49

24 days and 20 hours ago.

Reply

will be stepping out for an hour or so.. ttyl

Posted by Matthew S 24 days and 20 hours ago.

Answer

Okay, fair enuf, if all else fails you can always try completely reinstalling your ftp server software and see if that fixes your permission issues.

Hope you have a great day,

Kind Regards,

Matt

24 days and 17 hours ago.

Reply

hi back,

ok. i am a bit lost on how to set up the domain user etc...

Will it be possilbe fo ryou to come to my system via Team Viewer and then we can see the server via remote from here, and see if i can sole this issue.

 

i did re-install the FTP, i even tried to set up a windows FTP to see if that would solve the problem, but then why does it al lwork with cuteFTP ??

 

if you can use Team viewer i can send you a username and password.

Thanks

24 days and 12 hours ago.

Reply

hi, waiting for your reply.. getting desperate.

Posted by Matthew S 24 days and 9 hours ago.

Answer

Hi there,

Unfortunately it's part of JustAnswer's policy to not allow remote administration.

Domain Users are part of your Active Directory structure, and are essentially groups on your windows server machine, so the group will be available in your users and groups section of the administrative tools in your control panel.

To add a user to a domain user, you simply just need to add the user to the group required, you can do this by either finding the user, right click, go to properties, then click on groups, and add the domain user group, or you can find the group 'Domain Users' and right click, go to properties, and add the user this way.

Hope that helps, and sorry for the delay.

24 days and 7 hours ago.

Reply

i cannot see any domain users, so i am a little confused.

Please see screen

24 days and 7 hours ago.

Reply

screen shot failed to attach.. re-attaching

graphic
View Full Image

Posted by Matthew S 24 days and 6 hours ago.

Answer

Ok, Domain users only shows up if you're using an active directory setup, but that's okay, we should still be able to add nt authority/system to the administrators group.

24 days and 6 hours ago.

Reply

ok added it now. still having the same issue..

added nt authority system to administrators group

Trying to reboot to see if that will solve..

 

 

Posted by Matthew S 24 days and 5 hours ago.

Answer

Okay, that's weird, to be honest, i've never really had this problem, and i can only see the issue occuring whether it be a permissions issue (ie: read/write access) or windows defender and/or antivirus software intercepting the file.

You say that the other servers that have the same software are not having the same issue, so one must ask, what's different between this server and the other server for this to occur.

24 days and 5 hours ago.

Reply

not sure.. going to bed now .. will try in the morning.

thanks

 

Posted by Matthew S 24 days and 5 hours ago.

Answer

Okay, fair enuf, i know exactly how ya feel ;)

While you're gone i'll do as much research as i can to see if i can find a fix for you.

Have a great sleep.

Kind Regards,

Matt

24 days and 5 hours ago.

Reply

seems if i block PASV commands it works!

why ?

 

24 days and 5 hours ago.

Reply

http://technet.microsoft.com/en-us/library/dd421710(WS.10).aspx

 

tried runnin those FTP commands the 1st one gives error but i can run the second one..

 

Posted by Matthew S 24 days and 5 hours ago.

Answer

Okay, that's interesting, very interesting, if you use port (active) ftp, then you should only need ports 21 and 20 available, as that's what the ftp uses, or if behind a router port forwarding 21 & 20 will allow traffic.
What's the error your getting from the first command?

That said, if pasv fails, your client *should* try port next anyway, which is why some of your ftp clients work and others do not, some don't follow standardisation.

Posted by Matthew S 24 days and 5 hours ago.

Answer

There's a guide here for windows ftp server to automatically setup the windows firewall for passive ftp - however this is for windows ftp, not argosoft ftp. You may however be able to adapt it.

http://www.velikan.net/iis-passive-ftp/

24 days and 5 hours ago.

Reply

if i don't use pasv what diffence wil it make, if any ?

see screen for the error

graphic
View Full Image

Posted by Matthew S 24 days and 5 hours ago.

Answer

As long as your server is not behind a complicated firewall that can't have ports forwarded properly, active will work the same if not better.

From the screen, the protocol value should technically be lower case.

24 days and 5 hours ago.

Reply

managed to run the command but still in PASV mode it does not work

 

netsh advfirewall firewall add rule name="FTP Service" action=allow service=ftpsvc protocol=tcp dir=in

Posted by Matthew S 24 days and 5 hours ago.

Answer

Okay, is each passive port that you've had listed added to your server's firewall?
(they all need to be added both in and out). (as you listed before 41000 - 41099).

Pain in the butt to add them manually but this is how passive ftp works, when you connect to the ftp server on port 21, it replies with 'connect to this address on port x' - that port will be one of the ones listed between 41000 and 41099).

in Port, ftp will tell the client to connect to port 20 and that's it.

The main reason to use PASV against PORT is the fact that it can be easily hijacked in comparison to pasv which assigns a port - if you get what i mean.
Either way, ftp is clear text so ya know - only real secure way to do anything is sftp (which is encrypted like ssh). (end rant of security LOL)

24 days and 5 hours ago.

Reply

wil it affect spped in anyway when there are multiple FTP clients?

 

Accepted Answer

No, works the same way as transport for http, all thru the same ports, the only thing that slows things down is your system resources, and the available bandwidth for your server.

Picture
Expert: Matthew S
Pos. Feedback: 100.0 %
Accepts: 
Answered: 10/29/2009

Computer Systems Engineer

7 Years IT experience working in public and private sector. Cert 4 Client Support, Cert 4 Soft Apps

24 days and 4 hours ago.

Reply

ok, will make a decision 2morrow. Thanks for your help! if i need you agian how can i contact you here again ?

Posted by Matthew S 24 days and 4 hours ago.

Answer

Yes, you can either reopen this thread, or request for me directly by opening another question, or saving the link to my profile and asking a question directly.

+
Read More

Related Computer Questions

  • I am unable to open Microsoft XP on my pc but I can access
  • how do i receive and send e-mails
  • I can't complete download of new version of Adobe Acrobat.
  • I have a HP Psc 1310 Series all-i-one printer/scanner. I ju...
  • My Acer laptop will not boot. When I turn it on it starts
  • my win live mail won't send
  • my aol screen is half size
  • I have a IMac that had Windows XP on it. My hardrive was jus...



Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.
Question List | Become an Expert | Terms of Service | Security & Privacy | About Us
© 2003-2009 JustAnswer Corp.