Junior Member Posts: 11 Registered: Sep 2001 <http://www.isaserver.org/ubb/icons/icon3.gif> posted 02 October 2001 18:33 <http://www.isaserver.org/cgi-bin/ubbmisc.cgi?action=getbio&UserName=Jez > Click Here to See the Profile for Jez <http://www.isaserver.org/cgi-bin/postings.cgi?action=editpost&forum=Ser ver+Publishing+Issues&number=6&topic=000262.cgi&ReplyNum=000000&TopicSub ject=Fix+for+FTP+problem+|QUT|cant+get+directory+listing|QUT|> Edit/Delete Message <http://www.isaserver.org/cgi-bin/postings.cgi?action=reply&forum=Server +Publishing+Issues&number=6&topic=000262.cgi&TopicSubject=Fix+for+FTP+pr oblem+|QUT|cant+get+directory+listing|QUT|&replyto=0> Reply w/Quote _____ This relates to the following problems: 1. Can login, but cant get directory listing (usually a "data connection closed" error" 2. Can only get directory listing in active mode when using IIS on port 21 with server publishing (NOT web publishing) This is a known issue by Microsoft which we are experiencing on over 80 ftp sites. It is NOTHING to do with other checkpoint of other firewall products, its an ISA problem. This will be fixed in SP1 (due out Q1 of 2001). However, if you (like us) have no other solution available, then then beta is out end of next week which should contain the fix. You must register to be on the beta SP1 list though. Anyway, below is the Q article (no, you will not find this on the microsoft site, as its a beta post):- This is the draft of article Q301575. ------------------------------------------------------------------------ ------- The information in this article applies to: - Microsoft Internet Security and Acceleration Server 2000 ------------------------------------------------------------------------ ------- SYMPTOMS ======== Clients behind firewalls may not be able to download files from a FTP server that is: 1: Server published by an ISA server and 2: on an IP address that is not the Primary IP. This is a FTP problem with ISA doing Server publishing for a FTP server. ISA has multiple IP addresses on the external interface and using the second (non default) ip for publishing the FTP server. When the client makes a PORT request and provides a IP and port to connect to, the ISA creates a secondary connection using the default IP address. This is rejected by firewalls, including ISA... (If the client was behind its own ISA). Clients directly connected to the internet do not seem to have this problem. In the attached trace, the client is 63.10.70.116 FTP is published on: 209.125.253.232 The primary address on ISA is 209.125.253.230 Frame 111 contains the PORT request from the client Frame 127 shows ISA trying to connect using the wrong IP address (209.125.253.230). >JEREMY: THIS BIT IS NOT CORRECT, THE FIX IS NOT AVAILABLE UNTIL SP1 (or at least beta sp1) RESOLUTION ========== A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems experiencing this specific problem. This fix may receive additional testing at a later time, to further ensure product quality. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Product Name service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/directory/overview.asp <http://support.microsoft.com/directory/overview.asp> NOTE: In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question. The English version of this fix should have the following file attributes or later: Date Time Version Size File name Platform ------------------------------------------------------------- Well, sorry cant be of more help, but at least you know its nothing youve done! If anyone does have a way around this please let me know, so I can pass the information directory to the beta team (we have close contact with the at the moment!). isajez@xxxxxxxxxxxxxxxxx [This message has been edited by Jez (edited 03 October 2001).]