Hello , We are dealing with a typical problem at our end with FTP website access through ISA 2004 server. here are the details:- We have an ISA 2004 server installed on a win2k3/SP1 server with single NIC. Single NIC template applied on it and it is running with SP2 with patch 916106. the LAT is configured properly by using the "ADD ADAPTER" option so that it automatically selects the LAT using the routing table of the NIC card. we have XP machines configured as proxy clients manually in their IE settings. All the HTTP/HTTPS websites are accessible fine without any issues. However, when it comes to FTP access, we do have a problem. When we try to open ftp.microsoft.com from command prompt(which uses active mode), it works fine. We can login anonymously and LS command also shows the files. when we try to access the same website through IE, it gives the following error:-
Error Code: 502 Proxy Error. The File Transfer Protocol (FTP) session was terminated. The connection was closed because of either a possible attempted security violation or a time out on the remote server. Reconnect to the server or check for server availability. No further action is required. (12111)
Then we go ahead and uncheck the option "Use folder view" in IE advanced options and thus force it to use active mode rather than passive mode but with same error as result.
In ISA logging, we see that client tried to use the rule and is denied connection. We are not using any surf control or websesnse or any other 3rd party product. If we bypass ISA, it works. the rule we are using allows clients from "Internal network" to "Internal network" for all protocols, for all users.
We would really appreciate if anyone throws some more light in it or if someone has some fix for it. Thank you.
I would really appreciate if anyone gives a clue about it. BTW, network trace shows ISA throws 407: authentication required in response to client's reqest for FTP website. it happens twice and then ISA throws error : Error Code: 502 Proxy Error. The File Transfer Protocol (FTP) session was terminated. The connection was closed because of either a possible attempted security violation or a time out on the remote server. Reconnect to the server or check for server availability. No further action is required. (12111)
on internal network, "Ask all users to authenticate " option is checked.
to me it looks like an authentication issue. I would welcome if anyone has any thoughts to share.
hi, My network is very simple. I have two NIC inside ISA Server 2006, with one pointing to Outside with Public IP Address provided by ISP. The other card pointing to Internal Network where all my machine stay behind it.
ISA Server Management configured to allow FTP protocol from External to Internal and From Internal to Local host and External as well.
DNS protocols has been allowed as well together with HTTP, HTTPS, SMTP, POP3.
Behind ISA Server I can browse fine but not ftp any sites. It gives me ISA Server Extended error. Permission etc.
My browser is using Proxy which is an IP Address of ISA Internal IP Address. I thought by just allowing FTP protocol is enough to allow me performing FTP downloading but not the case.
I have done all possibility including changing DWORD from registry, Enable Folder view FTP sites no luck yet.
Funny enough even inside ISA Server trying accessing ftp sites not allowing.
Now, regarding the IE support for FTP, which version of IE are you talking about? For IE version up to an including 6, my blog gives you the details how IE should be configured. Take note that when IE act as a Web Proxy client for the FTP protocol (the IE setting Enable folder view for FTP sitesis not checked) only FTP download is possible by design.
True, The problem resume again I can't open ftp sites. For unknown reason last time after adding FTP Server Protocol it works right now stop.
One thing I have notice, may be could be the problem. ISA Server that I have in my network is not connected with DNS Server.
In fact I dont have DNS Server. I have been provided by ISP the IP Address, Subnet Mask and Default Gateway.
It seems the problem is DNS because when I am trying to ping www.google.com its not resolving - I was expecting ISA to resolve the DNS from External NIC which has public IP's and DNS IP provided by ISP.
Is it possible for ISA Server to resolve DNS from ISP DNS IP Address??
My ISA Server has two NIC : One connected External - pointing to ISP settings One connected to Internal behind my Network.
With this Architecture do you think ISA Server can resolve Internal Network DNS queries?? If possible how because i have allowed DNS protocols from Internal - to - External and opposite way. But with NO success.
Is it possible for ISA Server to resolve DNS from ISP DNS IP Address?
Yes, this should work and is controlled by a system policy rule.
With this Architecture do you think ISA Server can resolve Internal Network DNS queries?
Yes, this should work also, assuming the internal clients has the ISP DNS server configured on their NIC, and they are configured as a SecureNAT client, and there is a rule allowing the DNS protocol from Internal to External (or the ISP DNS server) forall users.