|
Home > Archive > IIS FTP Server > December 2006 > Advice on troubleshooting ftp site
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Advice on troubleshooting ftp site
|
|
| Jim Helfer 2006-12-13, 1:37 am |
|
I have an ftp that was used by a photcopier as a network scanning
catch. It runs on a Win 2003sp1 server and is simply an ftp site that
is logged onto with a particular username.
It suddenly stopped working. All the settings for the rights to the
folders and the ftp site in IIS seem completely fine. However, I can't
log into the ftp. My login gets rejected. I can log in with the
administrator account, but 'pwd' tells me I'm in the root directory and
there aren't any other directories to change to.
The 'Big Change' that seemed to coincide with this problem is that
server that hosted the ftp site was also a DC,GC, and a DNS server. I
demoted that server to a member server, and it didn't go completely
succesfully, since a couple little problems like this popped up.
I believe I have addressed the AD problems caused by the demotion, but
this service continues to be stubborn. I've tried the normal stuff, and
I'm stuck on where to go next.
Thanks in Advance for Any Ideas
Jim Helfer
WTW Architects
Pittsburgh PA
| |
| Bernard Cheah [MVP] 2006-12-13, 1:37 am |
| Are you using any user isolation feature?
and post the output when you connecting via ftp.exe
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Jim Helfer" <JimHelfer@newsgroup.nospam> wrote in message
news:%23%23pzZLlHHHA.1064@TK2MSFTNGP04.phx.gbl...
>
> I have an ftp that was used by a photcopier as a network scanning catch.
> It runs on a Win 2003sp1 server and is simply an ftp site that is logged
> onto with a particular username.
>
> It suddenly stopped working. All the settings for the rights to the
> folders and the ftp site in IIS seem completely fine. However, I can't
> log into the ftp. My login gets rejected. I can log in with the
> administrator account, but 'pwd' tells me I'm in the root directory and
> there aren't any other directories to change to.
>
> The 'Big Change' that seemed to coincide with this problem is that server
> that hosted the ftp site was also a DC,GC, and a DNS server. I demoted
> that server to a member server, and it didn't go completely succesfully,
> since a couple little problems like this popped up.
>
> I believe I have addressed the AD problems caused by the demotion, but
> this service continues to be stubborn. I've tried the normal stuff, and
> I'm stuck on where to go next.
>
> Thanks in Advance for Any Ideas
> Jim Helfer
> WTW Architects
> Pittsburgh PA
| |
| Jim Helfer 2006-12-13, 1:19 pm |
| Bernard Cheah [MVP] wrote:
> Are you using any user isolation feature?
I don't even know what that is <g>. So, I'm thinking no.
>
> and post the output when you connecting via ftp.exe
>
C:\>ftp 192.168.1.6
Connected to 192.168.1.6.
220 Microsoft FTP Service
User (192.168.1.6 none)): scanner
331 Password required for scanner.
Password:
530 User scanner cannot log in.
Login failed.
The 'scanner' user is a member of domain users and has R/W rights to
the directory that the ftp site is on. I have allowed anon logins for
testing purposes, and I can log in anonymously just fine. Scanner
account can also log onto the server. The only thing it can't do is
connect to the ftp site.
Jim
| |
| Jim Helfer 2006-12-13, 1:19 pm |
| Jim Helfer wrote:
> Bernard Cheah [MVP] wrote:
>
> I don't even know what that is <g>. So, I'm thinking no.
>
> C:\>ftp 192.168.1.6
> Connected to 192.168.1.6.
> 220 Microsoft FTP Service
> User (192.168.1.6none)): scanner
> 331 Password required for scanner.
> Password:
> 530 User scanner cannot log in.
> Login failed.
>
Turns out the the ftp serve was fine with someone logging on with a
domain account when the it was hosted on a DC, however that same account
was not being allowed after the demotion.
I deleted the user and remade it as a local machine account, and now
it works.
Thanks!
Jim
| |
| Bernard Cheah [MVP] 2006-12-18, 1:36 am |
| Cool  530 normally indicated some access rights or priviliges is missing
from the account.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Jim Helfer" <JimHelfer@newsgroup.nospam> wrote in message
news:uVk$iMuHHHA.4712@TK2MSFTNGP04.phx.gbl...
> Jim Helfer wrote:
>
>
> Turns out the the ftp serve was fine with someone logging on with a
> domain account when the it was hosted on a DC, however that same account
> was not being allowed after the demotion.
> I deleted the user and remade it as a local machine account, and now it
> works.
>
> Thanks!
> Jim
| |
| Jim Helfer 2006-12-18, 7:21 pm |
| Bernard Cheah [MVP] wrote:
> Cool 530 normally indicated some access rights or priviliges is missing
> from the account.
>
Then this is strange. The local account I am using to log onto the
ftp site "scanner" belongs to "Users" and "Domain Users" of the domain
that the server is a member of, and the user is given rights to all the
directories in the share specifically. I'm not sure what other rights
need to be included.
But here's the strange thing. Users complained about not being able
to connect to that ftp site, and I looked over on the server, and found
that I was connected to it via the "scannner" user using ftp.exe on the
server. I disconnected that, and the ability to connect was restored.
Could there be somewhere in the configuration or security policy that
limits this ftp site to a single connection?
Thanks
Jim Helfer
| |
| Bernard Cheah [MVP] 2006-12-21, 1:29 am |
| Base on your explanation, I suspect yes. the demotion of the dc removes or
mess up some of the user rights.
--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/
"Jim Helfer" <JimHelfer@newsgroup.nospam> wrote in message
news:OKrF3kuIHHA.4000@TK2MSFTNGP06.phx.gbl...
> Bernard Cheah [MVP] wrote:
>
> Then this is strange. The local account I am using to log onto the ftp
> site "scanner" belongs to "Users" and "Domain Users" of the domain that
> the server is a member of, and the user is given rights to all the
> directories in the share specifically. I'm not sure what other rights
> need to be included.
>
> But here's the strange thing. Users complained about not being able to
> connect to that ftp site, and I looked over on the server, and found that
> I was connected to it via the "scannner" user using ftp.exe on the server.
> I disconnected that, and the ability to connect was restored.
>
> Could there be somewhere in the configuration or security policy that
> limits this ftp site to a single connection?
>
> Thanks
> Jim Helfer
|
|
|
|
|