Passive FTP on Windows Azure Virtual Machine

Question

I have setup FTP within IIS7 on a Windows 2008 Virtual Machine. I enabled Port 21 within the endpoints and Active FTP works just fine. But I am unsure to how to connect through Passive. I followed Microsoft documentation (enabled a range of ports within IIS and allowed the same ports on the local firewall) I also allowed the ports within the endpoints in Azure Management. This didnt work.

I read somewhere on an unofficial MS forum that MS do not allow Passive FTP within Azure. Is this true? If not can someone direct me to the right documentation?

Thanks

SOLUTION I followed instructions in this article. The problem I was having was I didn't stop and start the FTP service after doing this. It wont work otherwise.

Answer 1

Passive FTP should work fine in Windows Azure Virtual Machines. However, you may not be able to choose large port range since you can only have up to 25 endpoints in Azure and this could be limitation to have Passive FTP. This Forum discussion talk more about it.

You can find this blog which explains how they configure Passive FTP with IIS on Windows Virtual Machine.

Answer 2

An additional piece of info about the post referenced above (http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx) - at the end it says you need to use the following command to add the port range in IIS:

appcmd set config /section:system.ftpServer/firewallSupport \
    /lowDataChannelPort:7000 /highDataChannelPort:7014

This failed for me, because the port range is locked so it can only be set on the root IIS node. The error is:

Support (Your site name) /lowDataChannelPort:5000 /highDataChannelPort:6000
ERROR ( message:Can not set attribute "lowDataChannelPort" to value "5000".. Rea
son: This configuration section cannot be used at this path. This happens when t
he section is locked at a parent level. Locking is either by default (overrideMo
deDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny"
or the legacy allowOverride="false".
. )

If you traverse up the IIS nodes to the root server node, choose Features View, then FTP Firewall Support, you can set the Data Channel Port Range there using the text box, without the need for scripting, and avoiding this error. Once this is done, you then need to restart the ftp service (as noted above), and passive FTP works well.

I've added this additional answer here because being unable to run the appcmd command to set the port range had me going around in circles for a number of hours, and this may help others avoid the same problem.