Getting FTP working on an Azure VM, overcoming 'connection closed' on ftp client

2
votes

I'm struggling to connect to FTP on a new VM in Azure.

I made a new Virtual Machine from the default image (Windows Server 2012 Datacenter) and RDPed into the new VM. I then enabled the Web Server (IIS) role including the FTP Server and configured IIS using the recommended setting from the Web Platform Installer. I then used the IIS Manager "Add FTP Site..." wizard to add an FTP site with root %systemdrive%\inetpub\ftproot and set the ftp site to have Anonymous Authentication enabled, Allow Anonymous Users Read access, give a Data Channel Port Range 7000-7014, and specify the External IP Address of Firewall as the Public virtual IP (VIP) address from the VM's dashboard in the Azure management portal.

The firewall is also configured to allow the FTP Server.

At this point the FTP service is working. I know because if I open a command prompt on the VM in an RDP session I get the following

C:\Users\slife>ftp 127.0.0.1
Connected to 127.0.0.1.
220 Microsoft FTP Service
User (127.0.0.1:(none)): ftp
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 User logged in.
ftp>

However I cannot connect from elsewhere.

C:\Users\timregan>ftp 111.111.111.33
Connected to 111.111.111.33.
Connection closed by remote host.

That's from the command prompt in FileZilla I get

Status: Connecting to 111.111.111.33:21...
Status: Connection established, waiting for welcome message...
Error:  Could not connect to server

I have followed door Ronald's Walkthrough: Hosting FTP on IIS 7.5 in a Windows Azure VM and have added two endpoints to allow access to ports 21 (FTP command port) and 20 (FTP data port) and I have used his Azure Powershell suggestion to add the passive port endpoints, e.g.

Get-AzureVM -ServiceName 'blah' -Name 'blah' | Add-AzureEndpoint -Name 'FTPPassive00' -Protocol 'TCP' -LocalPort 7000 -PublicPort 7000 | Update-AzureVM

that I can then see in the list of endpoints on the Azure management for the VM.

Why are my connections are not getting through to the FTP server in IIS from outside? How might I diagnose the failure?

========== EDIT 1 ==========

I wondered if the solution that worked for haxor might solve things. That references the answer to 'Server 2012 VM on Azure - Passive FTP Won't Work' on the Windows Azure Virtual Machines forum which notes that if a probe is configures by the Azure Portal on the passive endpoints then they may not work. Although the answer notes that this is fixed in the latest version of the portal it suggests using the Azure Powershell cmdlet Add-AzureEndpoint to ensure no probe is started. I've checked with the Azure Powershell cmdlet Get-AzureEndpoint and none of my ftp endpoints have probes, so that is not my issue here.

========== EDIT 2 ==========

I noticed a step in Passive FTP and dynamic ports in IIS8 and Windows Azure Virtual Machines not mentioned in the original walkthrough: open the data channel port range (7000-7014) in Windows Firewall. I have added an inbound rule to do that. I still cannot connect.

2
iisazureftpiis-7.5
This is an intentional duplicate of superuser.com/q/643115/166855 Looking at ftp/Azure questions already on SO it seems better suited to here. That said it could be a duplicate of stackoverflow.com/q/18422391/575530 (though the answer that worked there did not work here) or stackoverflow.com/q/17101779/575530 (I'm investigating the answer there to see if it works for me).dumbledad
I deleted the FTP site and tried again. It now works, but I'm not sure why! If I find out I'll post it as an answer.dumbledad

2 Answers

1
votes

A more complete instructions can be found at: http://blogs.msdn.com/b/wats/archive/2013/12/13/setting-up-a-passive-ftp-server-in-windows-azure-vm.aspx I followed the instructions there and FTP worked perfectly on Azure.

0
votes

A colleague suggested investigating SSL so I deleted the FTP site and started again building a new one. The new ftp site worked. Staring at the config screens for the new FTP site in the IIS Manager I have a suspicion that the binding on the old site was incorrectly specifying 127.0.0.1 as the IP Address instead of All Unassigned (i.e. *)