Search

Default FTP firewall (Port 21) rule is broken in Windows 2008 R2 by Michael Ferrante

Active

10
0
Sign in
 to vote
Type: Suggestion
ID: 524831
Opened: 1/13/2010 4:34:35 PM
Access Restriction: Public
1
Workaround(s)
This issue has appeared on the web, just wanted you guys to get something into the Microsoft support site somewhere about it.


The default FTP Firewall rule is broken in Windows 2008 R2. After installing FTP as part of the IIS role, the two FTP rules are enabled in the firewall which is nice since they didn’t exist in Windows 2008 by default. When testing to make sure the FTP site I setup worked from remote computers the connections were failing. So I turned on firewall logging and saw that port 21 traffic was still getting dropped. The connections worked if Windows Firewall was disabled.

http://mwsite.net/2009/12/15/default-ftp-firewall-rule-broken-in-windows-2008-r2/

When setting up a new server with Windows 2008 R2 as a FTP server my remote connections were getting dropped by the Windows firewall when local connections where fine. I was able to confirm the dropped packets by enabling firewall logging. It doesn't matter if I use Active or Passive. It worked when I disabled the Windows firewall so I know it isn't another network issue.

http://episteme.arstechnica.com/eve/forums/a/tpc/f/12009443/m/234001462041
Details (expand)
Server Role:
Web Server (IIS)
Please describe how you would like this behavior to change?
The rules that ship with Windows 2008 R2 should work
Please provide a justification for why you think this change should be made?
Why include the rules if they are broken? Just annoys people. Better *not* to include any FTP rule, I am smart enough to add my own firewall rules if I have to without having to troubleshoot broken rules that ship with Microsoft.

File Attachments
0 attachments
Sign in to post a comment.
Posted by KOPFteam on 5/18/2012 at 2:43 PM
Worked for me too. Thanks!
Posted by Transient77 on 3/20/2012 at 1:01 AM
The workaround listed by pweigand below worked for me as well. I'm not sure why this hasn't been fixed by MS.
Posted by Roland Duursma on 12/9/2011 at 5:34 AM
Thanks! Works for me!
Posted by Ne-Wo on 11/24/2011 at 5:53 PM
The workaround helped me too!! Win Serv 2K8R2 SP1
Posted by LiamGP on 2/5/2011 at 2:39 AM
Thanks, worked for me. I had got round it by creating my own rule to allow Port 21, but after fixing it and then searching to see if it was a known problem, I came across this solution.

Have now used this method and it worked fine and is, IMO, a cleaner solution.
Posted by vgedgafov on 1/21/2011 at 3:27 PM
Thanks a lot, it worked for me!
Posted by pweigand on 10/21/2010 at 1:47 AM
We found a workaround which worked in our case (we had already enabled default firewall rules FTP Server, FTP Server Passive, FTP Server Secure):

1. although "sc qsidtype ftpsvc" already stated that SERVICE_SID_TYPE was UNRESTRICTED change sidtype of ftp service to unrestricted with:
sc sidtype ftpsvc unrestricted

2. restart ftp service
net stop ftpsvc & net start ftpsvc
Sign in to post a workaround.
Posted by Transient77 on 3/20/2012 at 1:01 AM
Posted By pweigand:
We found a workaround which worked in our case (we had already enabled default firewall rules FTP Server, FTP Server Passive, FTP Server Secure):

1. although "sc qsidtype ftpsvc" already stated that SERVICE_SID_TYPE was UNRESTRICTED change sidtype of ftp service to unrestricted with:
sc sidtype ftpsvc unrestricted

2. restart ftp service
net stop ftpsvc & net start ftpsvc
© 2012 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement