http://www.ISAserver.org ------------------------------------------------------- If ISA will return an FTP 550 access denied error, then you're right, the OS of the FTP server doesn't matter. But I didn't think ISA would return a protocol error on behalf of a protected server. Does it really do that? In past experience - pre-ISA - a 550 error usually meant one of the following (which is why I asked about platform): The initial FTP directory is not set. The 550 error means that the client is being told by the server that the user who logged on does not have permission to perform the action being attempted - in this case delete. This could either be the specific file or the directory in which the file resides. And, if I recall correctly, in the *nix world you can configure FTP to grant permissions based on source IP - even IIS can do this. From the description of your problem, it sounds like you can delete files just fine on the FTP server when connecting from a client local to the FTP server's subnet but can't from outside of that subnet. If that's the scope, I'd start by looking closer at home - the configuration of the FTP server - before jumping into ISA, unless, of course, ISA does return FTP protocol error codes. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead ECNS Microsoft Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, May 31, 2006 4:22 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: FTP Delete http://www.ISAserver.org ------------------------------------------------------- By server, I meant one of the local servers on site, not the FTP server. Sorry for not being clear. I don't know that OS the FTP server runs. I don't think it matters for this issue. Amy -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G Sent: Wednesday, May 31, 2006 4:11 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: FTP Delete http://www.ISAserver.org ------------------------------------------------------- What platform is it? And I didn't quite understand what you meant when you said: "If administrator logs into the workstation, no delete. If administrator logs into the server, then delete works." Do you mean to say that if a delete is attempted remotely it doesn't work but if it's attempted on the server it works fine? You say that it's the same FTP login credentials for all users. If it works for you but not someone else, might the restriction be based off of source IP? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead ECNS Microsoft Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, May 31, 2006 4:05 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: FTP Delete http://www.ISAserver.org ------------------------------------------------------- The FTP site is not a Windows 2003 server. Amy -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Young, Gerald G Sent: Wednesday, May 31, 2006 3:50 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: FTP Delete http://www.ISAserver.org ------------------------------------------------------- Amy, If the users are getting a 550 access denied error that indicates to me that traffic is passing between the client and server just fine. I'd look at the permissions on the particular file that they are attempting to delete. If the server is Windows 2003, you can open up properties on the file in question, flip over to the security tab, hit the advanced button, then flip to the effective permissions tab, plug in the user in question and see what their effective permissions are for that file. A lot of people will miss specific deny permissions on files, which will take precedence over any allow permissions. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead ECNS Microsoft Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Wednesday, May 31, 2006 3:14 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] FTP Delete http://www.ISAserver.org ------------------------------------------------------- I have a client whose FTP site is hosted by SBC. Local users are unable to delete files on the FTP site. They get a 550 access denied error. We've tried various FTP clients and IE with the same results. All local PC's are XP SP2 running the firewall client. SBC insists this is a local firewall issue. I'm not seeing it. Anyone think SBC's diagnosis has any merit? The only thing that has me questioning myself is that if I log onto the server as administrator and attempt to delete from the FTP site, I can. I have loads of successful FTP connections and only 2 denied packets in the last 24 hours. They look like this: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code Cache Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code 70.229.250.114 - SVCTAG-H442T91 - TCP - - - - - - 1540 0 0 0 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0x0 Firewall 5/31/2006 9:25:26 AM 68.142.234.92 21 FTP Denied Connection - 70.229.250.114 - Local Host External 0x0 Amy ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx