Members
Stats
  • Total Posts: 28531
  • Total Topics: 8240
  • Online Today: 920
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Windows Server 2012 R2: unable to connect from LAN to FTP server; local conn. OK  (Read 4822 times)

0 Members and 3 Guests are viewing this topic.

devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
I followed these excellent instructions to set up an FTP server on Windows 2012 R2 (needs IIS installed too).

http://stackingtech.com/2014/03/13/how-to-configure-ftp-server-in-windows-2012-r2/

Copy Paste:
How to configure FTP server in Windows 2012 R2
by Mauricio Zaragoza • March 13, 2014



“Configure FTP server in Windows 2012 R2 using IIS version 8.5″

Introduction

I was asked to create a Windows 2012 FTP site for the company I work for.

Even there are too many free third-party tools like FileZilla that provide a quick and easy way to stand up a FTP server, many times these good tools are not tested and approved to be used in some enterprises. Therefore, your only choice is to use the Windows features to do it.

Here you have the steps I followed to set up my FTP server in Windows 2012 R2.
The steps below assume you are using IIS 8.5 that comes by default with Windows 2012 R2

Prerequisites

A Windows 2012 R2 server.
An administrative account.
Part One : Enable Web Server (IIS) role and FTP Server role service.

Log in to the server by using an administrative account
Open Server Manager
Go to Manage > Add Roles and Features
Click Next
Select Role-based or feature-based installation
Click Next
Select Select a server from the server pool, and select your server
Click Next.
Scroll down and put a check mark in Web Server (IIS)
An Add features window pops up. Put a check mark in the Include management tools (if applicable) option
Click Add Features button
Click Next
Click Next
Click Next
Scroll down and put a check mark in: FTP server, FTP Service and FTP Extensibility.
Click Next
Click Install
When installation is finished, click Close
 Part Two: Create FTP users

You need to create users in Windows in order to be able to use FTP services.
You can use either local or domain users.
In this case, I will create some local users.
The only thing that changes if you use domain users is, when you log in to FTP, you must use the domain/account format.

In Server Manager go to Tools
Click Computer Management
Click Local Users and Groups
Click Users
In the center pane, right-click a blank area and then select New User…
Enter the username information and click the Create button
Create as many usernames you need here.
Optionally, you can create a group that contains all the FTP users in the Groups folder and add the users you created above.

 Part Three: Configuring FTP global IIS settings.

You need to configure some global settings for your IIS server before creating your FTP site.
It is very easy, follow the steps below:

In Server Manager go to Tools
Click Internet Information Services (IIS) manager.
In the left pane, double-click the server icon (in the tree below the option Start Page)
If a window pops up asking about Microsoft Web Platform, select Do not show this message, and click the No button
In the center pane, double-click the FTP Authentication icon
If you want to allow anonymous users,right-click Anonymous Authentication and set it to Enable.
To allow access to the windows users you created in Part Two above, right-click Basic Authentication and set it to Enable.
In the left pane, double-click the server icon.
Double click the FTP Authorization Rules option
Delete all rules in the center pane.
After all rules have been deleted, right-click a blank area in the center pane and select the option Add Allow Rule…
Click the option Specified users.
In the text box type the usernames (separated by commas) you created in Part Two above.
Check either the boxes Read or Write depending the access you want to grant to the user or group of users you are adding.
Click the OK button
Repeat steps 8 to 15 if you want to add more users with different Read / Write permissions.
 Part Four: Creating FTP site.

Open Windows Explorer
Navigate to C:\inetpub\ftproot
This is the default local folder where the FTP directory tree will be saved
You can create your own folder in another directory or hard drive if you want.
Create your own folder at this point if it is desired.
Open Server Manager
Go to Tools
Click on Internet Information Services (IIS) Manager
In the left pane, right-click the server icon (in the tree below the option Start Page)
Click Add FTP Site
In FTP site name type a friendly name for your site. (My FTP Site  for example)
In Physical path browse to the folder you creates in steps 2 to 5
Click Next
In IP Address, click the drop down menu, and select the server’s IP address you want to assign to the site
Port remains as 21 by default. You can change it if you want.
Ensure the option Start FTP site automatically is checked
Select the No SSL option if you are nor required to use certificates. Otherwise, select one of the other options.
Click Next
In the Authentication section, put a check mark in Anonymous If you want to allow anonymous users.
Put a check mark also in Basic to allow access to users created in Part Two.
In the Allow access to: drop down menu, select: Specified Users
In the text box type the usernames of the users you created in Part Two.
Check the box Read to grant read access to users.
Check the box Write to grant write access to users.
Click Finish
 Part Five : IIS Firewall setup.

In Server Manager go to Tools
Click Internet Information Services (IIS) manager.
In the left pane, double-click the server icon (in the tree below the option Start Page)
In the center pane, double-click the FTP Firewall Support icon
In the Data Channel Port Range box, make sure the value is 0-0 to use the default port range.
Or, you can change it if you want by your own set of ports.
Click Apply
Close Internet Information Services (IIS) Manager
 Part Six: Windows Firewall setup.

By default, all exceptions needed for FTP are added to the Windows Firewall at the time you enable the FTP Server role.
Anyway, for troubleshooting purposes, I will show the configuration that needs to be in place in order to allow FTP traffic in your server.

Open Server Manager
In the left pane, click Local Server
In the right pane, click the hyperlink beside the Windows Firewall option. It should say Public:On  (or Off).
The Windows firewall window opens. In the left pane click Advanced Settings
The Windows Firewall with Advanced Security window opens. In the left pane click Inbound Rules.
In the right pane, verify there’s a rule called FTP Server (FTP Traffic-In)
Double click this rule.
In the General tab, verify the option Enabled is checked.
Go to the Protocols and Ports tab.
Verify the Protocol type is TCP and the Local port value is 21.
Go to the Advanced tab
Make sure the profiles: Domain, Private and Public are checked.
Click OK button
Execute the same validation in steps 7-13 for the FTP Server Passive (FTP Passive Traffic-In) rule. Except that the local port value in this rule should be 1024-65535
Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-In) rule.Except that the local port value in this rule should be 990
In the left pane, click Outbound Rules
Execute the same validation in steps 7-13 for the FTP Server (FTP Traffic-Out) rule. Except that the local port value in this rule should be 20
Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-Out) rule. Except that the local port value in this rule should be 989
Close all windows.
 Part Seven: Testing

The last part is to test your work.
Make sure you can connect to the FTP service, first from the local machine and then form a remote computer.
Try to log in, put files, get files, show folder contents, etc
 More information.

As you may have noticed, the procedure above shows a basic configuration of the FTP service in Windows 2012 R2.

For more information and details about the advanced configuration settings for FTP server in IIS 8.5 not covered in this blog, you can refer to Microsoft Technet in this link : http://technet.microsoft.com/en-us/library/hh831655.aspx

---

After that, connecting to the FTP server from the server itself worked, but connecting from my desktop PC failed. I double-checked all settings for the Firewall (see above), but LAN clients kept failing to connect (ftp: connect: Connection timed out).

Solution? To my surprise, yes :)

FROM: http://www.rackspace.com/knowledge_center/article/why-cant-i-access-my-newly-created-ftp-site-on-windows-server

This article addresses a known error with Windows Firewall when creating FTP sites in all versions of Windows Server 2008


Windows Firewall Settings
If you are unable to access your newly created FTP site, this is most likely due to Windows Firewall settings. To fix this, run the following via the command line:

Code: [Select]
netsh advfirewall firewall add rule name="FTP (no SSL)" action=allow protocol=TCP dir=in localport=21
Code: [Select]
netsh advfirewall set global StatefulFtp enable
You can find more information about this here: http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx

Once you've done this, you should now have access to your site.

Enjoy! :)

Devvie
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info





devnullius

  • SCF VIP Member
  • *****
  • Posts: 3507
  • KARMA: 152
  • Gender: Female
    • SCForum.info
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 755
  • KARMA: 100
  • Gender: Male
It's impossible to use apache to do the deed?

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising