7

I have setup FTP within IIS7 on a Windows 2008 Virtual Machine. I enabled Port 21 within the endpoints and Active FTP works just fine. But I am unsure to how to connect through Passive. I followed Microsoft documentation (enabled a range of ports within IIS and allowed the same ports on the local firewall) I also allowed the ports within the endpoints in Azure Management. This didnt work.

I read somewhere on an unofficial MS forum that MS do not allow Passive FTP within Azure. Is this true? If not can someone direct me to the right documentation?

Thanks

SOLUTION I followed instructions in this article. The problem I was having was I didn't stop and start the FTP service after doing this. It wont work otherwise.

Kara
  • 6,115
  • 16
  • 50
  • 57
medina
  • 766
  • 1
  • 11
  • 31
  • Not sure why someone voted to close this question as being off-topic, as it involves configuring input endpoints correctly, then accessing these endpoints when setting up ftp during role startup. Seems like a good one to me... (if a duplicate question though, I concur). – David Makogon Aug 29 '12 at 18:44
  • Probably because they felt it belongs on serverfault not stackoverflow. – Michael Aug 29 '12 at 22:58

4 Answers4

10

Passive FTP should work fine in Windows Azure Virtual Machines. However, you may not be able to choose large port range since you can only have up to 25 endpoints in Azure and this could be limitation to have Passive FTP. This Forum discussion talk more about it.

You can find this blog which explains how they configure Passive FTP with IIS on Windows Virtual Machine.

AvkashChauhan
  • 20,495
  • 3
  • 34
  • 65
  • I'm struggling with this issue as well, for now I'm just opening up 5 ports for passive ftp which works fine on servers outside of azure but not within azure. Strangely it just started working on one virtual machine after about a month without us changing anything, but I'm just configuring a new virtual machine and experiencing the same problem. – Michael Aug 29 '12 at 23:06
  • Turns out I did everything correct apart from stop and start the ftp service – medina Aug 30 '12 at 08:39
  • I did provide the exact same link you used to solve the problem hopefully you can accept the post as answer. Thanks!! – AvkashChauhan Aug 30 '12 at 17:05
6

An additional piece of info about the post referenced above (http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx) - at the end it says you need to use the following command to add the port range in IIS:

appcmd set config /section:system.ftpServer/firewallSupport \
    /lowDataChannelPort:7000 /highDataChannelPort:7014

This failed for me, because the port range is locked so it can only be set on the root IIS node. The error is:

Support (Your site name) /lowDataChannelPort:5000 /highDataChannelPort:6000
ERROR ( message:Can not set attribute "lowDataChannelPort" to value "5000".. Rea
son: This configuration section cannot be used at this path. This happens when t
he section is locked at a parent level. Locking is either by default (overrideMo
deDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny"
or the legacy allowOverride="false".
. )

If you traverse up the IIS nodes to the root server node, choose Features View, then FTP Firewall Support, you can set the Data Channel Port Range there using the text box, without the need for scripting, and avoiding this error. Once this is done, you then need to restart the ftp service (as noted above), and passive FTP works well.

I've added this additional answer here because being unable to run the appcmd command to set the port range had me going around in circles for a number of hours, and this may help others avoid the same problem.

Jude Fisher
  • 11,138
  • 7
  • 48
  • 91
0

I thought others might run into this. If you get the security message indicating that the parent is locked, just go back into your FTP and turn OFF Require SSL Connections. Then rerun the command. Setup your endpoints, open the firewall, etc. THEN go in and turn back on Require SSL Connections!

Josh Kinder
  • 1
0

I've been messing around adding networking rules, and as it happens, all I needed to do was restart ftp on the VM using:

net stop ftpsvc
net start ftpsvc
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Paul
  • 1