3

I've tried the suggestions on a number of sites (http://blogs.thesitedoctor.co.uk/tim/Trackback.aspx?guid=e81a4682-0851-490b-a3d2-adf254a701e7 and http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx, and Passive FTP on Windows Azure Virtual Machine) and it won't work.

FTP active and passive both work from the VM to itself. FTP active works from the outside world. FTP passive fails with the server responding back with "550 The network connection was aborted by the local system" (this message returns on the control channel/port 21 immediately after the SYN packet is sent to one of the dynamic ports).

What I've done:

1) Configured IIS on the VM with an FTP site

2) Set the FTP firewall support IP address to the public IP address of the Azure VM instance (for what it's worth, I've also tried with this field empty and tried with the private IP address, none of them work)

3) Set up endpoints for FTP control (TCP/21), FTP data (TCP/20), and FTP dynamic ports (7000 through 7003)

4) Used appcmd.exe to set the port range for FTP (i.e. %windir%\system32\inetsrv\appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7003)

5) Restarted the FTP server (net stop ftpsvc and net start ftpsvc)

6) Tried with the firewall both enabled and disabled (netsh advfirewall set global StatefulFtp enable)

Any ideas? I've verified with Wireshark that the client is trying to use the dynamic port, and that the dynamic ports are being used when I try locally.

Improve this question
4
  • For what it's worth, it's Server 2012. Anyone have any ideas?
    – joelc
    Commented Jun 18, 2013 at 23:03
  • Also tried Server 2008. Tried IIS8 (Server 2012) and IIS7.5 (Server 2008) along with FileZilla server, each using a custom port range. FTP passive model locally on the machine worked fine. Windows firewall did not impact the connections. I think this has to do with Azure's endpoints. Please help!
    – joelc
    Commented Jun 21, 2013 at 0:30
  • 1
    Answer that works: social.msdn.microsoft.com/Forums/windowsazure/en-US/…
    – joelc
    Commented Jun 23, 2013 at 18:31
  • Not for me :-( stackoverflow.com/q/18713701/575530
    – dumbledad
    Commented Sep 10, 2013 at 9:23

3 Answers 3

Reset to default
2

Received an answer on MSDN forums. Apparently there is an issue with the management console and you have to use Azure Powershell: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/8f697f17-72b7-46f7-8c97-398b91190a2f/server-2012-vm-on-azure-passive-ftp-wont-work

Improve this answer
1

I was able to get passive FTP to work on my Azure VM without using any Powershell commands. Just follow the steps at: http://blogs.msdn.com/b/wats/archive/2013/12/13/setting-up-a-passive-ftp-server-in-windows-azure-vm.aspx

The article above has all the steps you need in order to set up FTP on your Azure VM.

Hope this helps!

Improve this answer
1
  • Microsoft must have fixed it since I asked the question. It used to be quite a pain. You can see the hoops I had to go through in my comment above. Thanks!
    – joelc
    Commented Aug 15, 2014 at 14:10
0

Azure VM endpoint have a 4 minutes timeout. For a FTP that means if a passive datatransport took longer then 4minutes, the main connection (port 21) get a timeout because nothink is happens while avtive file transfer!

Now you have two options:

1. It is possible to set the timeout of VM endpoints up to 30 minutes.

Powershell command to do this is:

> Get-AzureVM -ServiceName "MyService" -Name "MyVM" | Set-AzureEndpoint -Name "MyEndpoint" -IdleTimeoutInMinutes 30 | Update-AzureVM

More information here.

2. Create ILIP (instance level IP)

You can create a ILIP to bypass the VM webservice enpoint layer. The PowerShell command to do this is:

Get-AzureVM -ServiceName “MyService” -Name “MyVM” | Set-AzurePublicIP -PublicIPName "MyNewEndpoint" | Update-AzureVM

More information here.

Improve this answer
1
  • Do you know how to do this using azure-cli ?
    – Anuj Pandey
    Commented Jan 15, 2016 at 7:37

Not the answer you're looking for? Browse other questions tagged or ask your own question.