« US Bank Sucks! | Main | Digital RAW Image Controversy »

April 26, 2005

FTP Server

My next project is to set up the FTP server delivered as part of IIS with Windows XP Pro, as described in this article.

So, I did Start - Control Panel - Add Remove Programs - Add Remove Windows Components - selected IIS, clicked Details, and saw that FTP wasn't checked. So I checked it and clicked OK twice. The Windows Component Wizard ran and said it was happy, so I assume I have FTP available now.

I verified that I have a directory named c:\inetpub\ftproot.

Then, I launched IIS. Start - Settings - Control Panel - Administrative Tools - IIS - My Computer - FTP. Selected my computer and then the folder FTP Sites under the computer name. Selected the FTP sites on the right side of the IIS display and selected properties. This shows all relevant data. I didn't change anything in here. Then, I tried to start the FTP service by hitting the little green Play arrow. Gave me an error saying IP address was unassigned. So, I went back into the FTP Site properties, and selected tried a couple of different IP addresses, but still same error.

Unexpected error 0x8ffe2740 occurred.

Note that this was an 'unexpected error', as opposed to all those 'expected errors' we all get all the time.

So, I went into ICF (start-settings-control panel- security center-Windows Firewall - Exceptions. I didn't see FTP listed, so I clicked on Add Port and then entered Name=FTP, Port Number=21, and specified TCP (as opposed to UDP).

I still got the same error when attempting to start my FTP server, so I changed the port in IIS for my FTP site to be 4000 instead of 21. It started right up. So, as it turns out, something else is using port 21. That's my problem. That was it all along. What's using port 21? Good question.

I have something installed called 'SH Secure File Transfer', so, possibly, that's using port 21. So, I uninstalled this program. But, still no dice. Something is using my port 21. What though?

OK. I finally was able to determine that I was running IPSWITCH WS_FTP server. So, that's what was using port 21. I uninstalled it, and then my FTP server started right up. Doh!

So, now, I just have to make sure that my ICF is set up to pass through the FTP TCP traffic on port 21, and that I have port forwarding on port 21 to the ip address of my desktop in my firewall.

So, I put a single file in the c:\inetpub\ftproot directory, and then launched Internet Explorer and entered
but I keep getting a '425 Can't open data connection' error. Presumably, this is due to the router or to ICF. Not certain which.

I found the log file on the client at C:\WINDOWS\SYSTEM32\Logfiles\MSFTPSVC1\ex050427.log
The log file indicated that it was receiving attempted connections from Firefox and IE (both by me). Although the time stamp was off, I'm sure that it's my attempts to connect.

Also, I check the ICF firewall on my laptop, and opened it up to FTP also. But, still won't connect. Not sure why. Apparently, I'm getting through the firewall and ICF and my port forwarding is working, as it's logging my connection attempts on the desktop. For some reason, however, it's not getting back out to me. Not replying to me. Hmmmm.

So, apparently, it works by connecting through DOS (thanks to Robert Racansky for discovering this), but it won't work through Internet Explorer. If I use IE and point my browser to I get the following error message:

FTP Folder Error
An error occurred opening that folder on the FTP server. Make sure you have permission to access that folder.
200 Type set to A.
227 Entering Passive Mode(192,168,1,102,7,86).
426 Transfer closed; transfer aborted.

I went to start > control panel > internet options > advanced > and unchecked the box beside "USE Passive FTP", and now it works fine. So, I can access my web site's FTP server using Internet Explorer.

With Firefox, when I use I get the following:
426 Transfer closed; transfer aborted.

Apparently, the problem is that with Firefox, you can't specify either Active or Passive FTP. Your only option is Passive FTP, which won't work.

The difference between Active and Passive FTP is explained in detail here.

So, since I can't get Firefox to work with it, and I don't use IE, I decided to try downloading the free FTP Commander client software.

Posted by Peenie Wallie on April 26, 2005 at 8:07 PM


So, I went into ICF (start-settings-control panel- security center-Windows Firewall - Exceptions. I didn't see FTP listed, so I clicked on Add Port and then entered Name=FTP, Port Number=21, and specified TCP (as opposed to UDP).

FTP uses Port 21 for the command, but port 20 for the data. See Active FTP vs. Passive FTP, a Definitive Explanation. Ports above 1024 are also selected by the client/server after the initial connection is made. In short, the packets go out on one port, and come back on another.
In any case, FTP (and Telnet) both send passwords and data in clear text (ie - they are not encrypted). Both have been replaced with SSH (Secure SHell) and SFTP (Secure FTP). You can get SSH clients for free at http://ssh.com/support/downloads/secureshellwks/non-commercial.html. Note: The client includes an SFTP utility simply called "SSH Secure File Transfer Client."
The bad news: SSH Server for Windows costs something like $500, while the free Open SSH for Windows doesn't really work properly (yet).

Posted by: Robert on April 27, 2005 at 2:28 PM

SSH Server for Windows costs something like $500, while the free Open SSH for Windows doesn't really work properly (yet).

Or, you could spend that $500 on a Mac Mini, since OS X has SSH Server built in.

Posted by: Robert on April 28, 2005 at 9:00 AM

A Mac is for women and children. It's like a PC with training wheels.

Posted by: Peenie Wallie on April 29, 2005 at 9:50 AM

if you turn the xp firewall off completely passive ftp will work...effectively opening all ports if you are worried about security...or you could have a good hardware or linux firewall that will allow passive ftp to work instead that protects your network... :)

Posted by: abbey on December 9, 2007 at 3:16 AM

orrr instead of turning the firewall off, you can open windows firewall and make an exception.. just type 21 into the port text field

Posted by: tom on October 5, 2008 at 6:05 PM

That certainly is a possibility. In my troubleshooting experience, generally what I find works best for me is to eliminate all possibility of a particular issue causing the problem first. So, in this case, I personally prefer to turn off the firewall so that it can, in no possible way, be interfering with my testing. Instead of trusting a wormhole through the firewall that I may or may not have set up correctly. Just my approach. But, your point is certainly valid.

Posted by: Rob Kiser Author Profile Page on October 6, 2008 at 11:32 AM

Post a comment

Remember Me?

(you may use HTML tags for style)