So in Windows 2008 R2, there is a bug when installing FTP
within IIS when you have the firewall enabled.
After you install the role service,
the system automatically sets up the firewall rules needed and enabled
them. One of those inbound rules is “FTP Server (FTP Traffic-In)”.
Though this port should be open you see that if you enable firewall logging its
dropping any traffic on this port. The problem comes from the
service “ftpsvc” didn’t get its service SID set correctly. More on
service SIDs can be found at http://sourcedaddy.com/windows-7/understanding-service-sids.html
and http://blogs.technet.com/b/askperf/archive/2008/02/03/ws2008-windows-service-hardening.aspx.
To view the current SID for ftpsvc
run the following from a command problem.
sc qsidtype ftpsvc
(Note: You can’t just use “sc” in PowerShell because “sc” is an alias for
Set-Content.)
Which should give the following
output.
[SC] QueryServiceConfig2 SUCCESS
SERVICE_NAME: ftpsvc
SERVICE_SID_TYPE: UNRESTRICTED
This looks correct, but if you run
the following command that sets the service sid to what it already is:
sc sidtype ftpsvc unrestricted
Then restart ftpsvc with:
net stop ftpsvc
net start ftpsvc
The service now works, this has been a problem of over 2 years and a bug report
exists at http://connect.microsoft.com/WindowsServerFeedback/feedback/details/524831/default-ftp-firewall-port-21-rule-is-broken-in-windows-2008-r2.
Thank you Transsient77 for the fix.
The same bug is in Windows 2012 too!
ReplyDeleteThere is some nice and new tips are provided in these blog Nnd Give some suggestion for the growth of your local business.
ReplyDeleteVery nice work around!!
ReplyDeleteWhen I run sc qsidtype ftpsvc it shows nothing
ReplyDelete