9th June 21:42
ISA 2000 FTP Server publishing
I published FTP server on ISA 2000 Server according to "Publishing FTP
Server on ISA" article from isaserver.org and I receive error "500 Invalid
PORT command" when client connects. I had instaled SP2 and also tried hotfix
as described i MS Article ID 816459, even it is part of SP2.
Anyone knows how to resolve this issue ?
I published FTP Server on ISA 2004 without any problems.
Please do not advise migration to 2004.
9th June 21:43
ISA 2000 FTP Server publishing
Try the following:
Step 1 : Disable Socket Pooling for the FTP Service
The first thing you need to do is disable Socket Pooling for the FTP
Socket Pooling allows IIS to listen on all IP addresses assigned to a
You can check this by typing the following command at the command prompt:
Perform these steps to disable Socket Pooling for the FTP Service :
Open a command prompt and navigate to the \Inetpub\adminscripts\ folder
Type net stop msftpsvc and press [ENTER]
Type the following command:
cscript adsutil.vbs set msftpsvc/disablesocketpooling true and press [ENTER]
At the command prompt type net start msftpsvc and press [ENTER]
Check with netstat -na to confirm that TCP port 21 is now listening on one
address instead of listening on 0.0.0.0.
Step 2 : Configure the FTP service to listen only on the internal interface
Open the Internet Information Services console from the Administrative Tools
Right click on the default and click Properties
In the Default FTP Site Properties dialog box, select the IP address where
server must listen on, click Apply and then OK
After making these changes, restart the FTP Service.
Step 3 : Disabling the FTP Port Attack Setting
Some implementations of FTP servers allow a PORT command to open a
between the FTP server and an arbitrary port on another machine. This allows
attacker to establish connections to arbitrary ports on machines other than
actual source machine.
To disable the Port Attack Setting, perform the following steps:
Open Regedt32 go to following key :
setting is 0
Change/Add the EnablePortAttack Dword value to 1
Change/Add EnableDataConnTo3rdIP dword value 1
Close Regedt32 and restart the FTP service
Step 4 : Create the Publishing Rule
If you use the Web Publishing Wizard you can publish multiple FTP Servers
same IP address on the external interface of the ISA Server. If you use the
Publishing Wizard, you can only publish a single FTP server per IP address.
Open the ISA Management console, expand your server and then expand the
node. Click on Server Publishing Rules, click New and then click Rule.
On the Welcome page type a name for the FTP server publishing rule then
On the Address Mapping page, type in the IP address of the internal
the ISA server IP address of internal server text box and the IP address of
external interface in the External IP address on ISA server text box, click
On the Protocol Settings page select FTP Server protocol, then click Next.
On the Client Type page select either Any request or Specific computer
On the last page of the wizard, confirm your settings and click Finish.