Help troubleshooting Windows IIS-based FTP

[Cerulean]

The user hasn't had any issues until today. Today the user gets this:

Status: Resolving address of div-erpweb
Status: Connecting to 10.52.2.75:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: USER ftpuser
Response: 331 Password required for ftpuser.
Command: PASS ******
Response: 230 User logged in.
Command: SYST
Response: 215 Windows_NT
Command: FEAT
Response: 211-Extended features supported:
Response: LANG EN*
Response: UTF8
Response: AUTH TLS;TLS-C;SSL;TLS-P;
Response: PBSZ
Response: PROT C;P;
Response: CCC
Response: HOST
Response: SIZE
Response: MDTM
Response: REST STREAM
Response: 211 END
Command: OPTS UTF8 ON
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (10,52,2,75,212,234)
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing

Unlike other servers that I have setup in this company use FileZilla Server, this server was setup by someone else and configured to use IIS-based FTP. I have little to no experience or knowledge on the workings of FTP through IIS. Any ideas?

 

[jameslr]

Can you or anyone else login to the server through FTP? Check event logs and whatnot to make sure it's not permissions related (assuming it's not). Check the filesystem that is hosting the ftproot to make sure it's accessible both through ftp and through the OS. Maybe the drive is full or dead? Corrupt filesystem? Lots of things could be the problem. What all have you tried or checked?

 

[Cerulean]

From the Windows server running IIS and FTP, I am able to connect to the server's LAN IP (not localhost or 127.0.0.1 because there are no IP Bindings for that in IIS' FTP Site) successfully using FileZilla, but not from my VDI which is on the same subnet (for administrative purposes). I get the same symptoms/errors. So I disabled Windows Firewall's profiles (Domain, Private, and Public), but that didn't change my situation so I turned those profiles back on.

EDIT: Not finding anything in eventvwr

EDIT2: "Response: 227 Entering Passive Mode (10,52,2,75,212,234)" indicates a PASV connection to 10.52.2.75 on port 49640 (because '[212*234] + 32').

Having learned what those numbers are in the parenthesis and to calculate the port of the PASV connection being used, I took the last port that it returned to me from my successful connection on the server to itself and tried 'telnet 10.52.2.75 26231' and 'telnet div-erpweb 26231' from both my VDI and the server. On both servers with both commands, I get "Connecting To 10.52.2.75...Could not open connection to the host, on port 26231: Connect failed", even with Windows Firewall disabled. But I get a blank black cmd window when I try port 80 or 21 (which indicates the port is open). I tried 'telnet localhost 26231' on the server and got the same Telnet error message as well. Can't tell if port is open or not (for saying that it could be blocked ports).

EDIT3: According to my supervisor, internally there shouldn't be any ports that get blocked.

EDIT4: If, from my VDI, I open cmd --> ftp div-erpweb --> ftpuser --> *type in password* --> it works and I can browse directories and stuff. I also have no problem uploading a file using 'put'

 

[Pinski]

Is there some reason why are you using passive mode FTP for internal connections with no firewalls, no NAT, nothing but pure routing? Is there a problem when using Active Mode FTP instead?

 

[Cerulean]

Is there some reason why are you using passive mode FTP for internal connections with no firewalls, no NAT, nothing but pure routing? Is there a problem when using Active Mode FTP instead?

The FTP Site in IIS on the server has two binds: one bind to its local LAN hostname and IP, and another to its external hostname and IP address. Also, this server is actually in a different private network connected to our core network through VPN.

EDIT: OK, supervisor corrected me and says there is port filtering going on. Will be back to report results after getting a small range of ports opened up and configuring IIS FTP to use that range for PASV connections.

 

[Cerulean]

According to supervisor, he got a port range opened up for me (32768-32896). In IIS, I launched Internet Information Services (IIS) Manager --> went to the root item that contains "Application Pools" and "Sites" --> FTP Firewall Support --> put 32768-32896 into the first field, hit Apply, hit OK --> did iisreset

When I connect to the FTP, it isn't attempting to use ports in that range. I observed it to start at like (x,x,x,x,213,1) on first connect, then increment the last number by 1 --> (x,x,x,x,213,2) on second connect attempt --> (x,x,x,x,213,3) on third connect attempt, etcetera. This isn't what I expect. Any suggestions?

I do also have to consult my supervisor again because I am still unable to get an expected result from telnet when I do 'telnet <serverip> <some port in range 32768-32896>', so it makes me think the ports still haven't been opened.

Also, Windows Firewall is off.