Unable to access Authenticated FTP (Full Version)

All Forums >> [ISA 2006 Web Proxy] >> Unihomed



Message


Aspro500 -> Unable to access Authenticated FTP (23.Sep.2009 12:17:37 PM)

Hi everybody,


My client has a ISA 2006 with a single nic.
He has a problem when he tries to access ftp site needing login/pwd.

He gets, on the ISA the HTTP Status Code 12015 and, on his computer, the page displays a "502 Proxy error" saying that the login request was denied.

I know that he can pass the login/password in the url by this way ftp://username:password@FtpIP but this solution doesn't agree him.

Is there any other way to fix this directly on the ISA?

Thank's in advance for your help.






paulo.oliveira -> RE: Unable to access Authenticated FTP (23.Sep.2009 5:17:40 PM)

Hi,

quote:


How to enable Internet Explorer to make a request directly to the FTP server

Symptom: By default, Internet Explorer make a direct request to an external FTP server, instead of making the request over HTTP.
Issue: You can specify a setting in Internet Explorer so that requests are made directly.
Solution: Specify the appropriate setting in Internet Explorer by doing the following.
To proxy an Internet Explorer FTP request

  1. Start Internet Explorer.

  2. On the Tools menu, click Internet Options.

  3. Click the Advanced tab.

  4. In the Settings list, do the following:

Note that when you select the Enable folder view for FTP sites check box, Internet Explorer behaves as a standard FTP client and uses Active mode, even if the Use Passive FTP check box is enabled.

Source: http://technet.microsoft.com/en-us/library/bb794745.aspx


Regards,
Paulo Oliveira.




Jason Jones -> RE: Unable to access Authenticated FTP (23.Sep.2009 8:06:10 PM)

quote:

ORIGINAL: Aspro500

Hi everybody,


My client has a ISA 2006 with a single nic.
He has a problem when he tries to access ftp site needing login/pwd.

He gets, on the ISA the HTTP Status Code 12015 and, on his computer, the page displays a "502 Proxy error" saying that the login request was denied.

I know that he can pass the login/password in the url by this way ftp://username:password@FtpIP but this solution doesn't agree him.

Is there any other way to fix this directly on the ISA?

Thank's in advance for your help.





Re-deploy ISA with a two NIC configuration.

Install the Firewall Client.

Configure the client PC to use an dedicated FTP application, as opposed to a web browser.

Configure an ISA rule to limit FTP access based upon limited users.

Cheers

JJ




Aspro500 -> RE: Unable to access Authenticated FTP (24.Sep.2009 3:22:18 AM)

The Single Nic is mandatory in this case, I know that I can reconfigure the ISA server with a second nic but this won't help here as the ISA is not the company's firewall...

I already knew the solution with IE, I wanted to know if there are other solutions but it seems not...
Does someone know a solution to deploy this via a GPO?

Thank's a lot for your reply,




Aspro500 -> RE: Unable to access Authenticated FTP (24.Sep.2009 5:52:51 AM)

Hi Paolo,

Thank's a lot for your answer, but it seems that it doesn't change anything...

If I check the button "Enable FTP folder view" or I uncheck it, the client has the same result...

Thank's in advance for your help,




Jason Jones -> RE: Unable to access Authenticated FTP (24.Sep.2009 9:21:14 AM)

quote:

ORIGINAL: Aspro500

The Single Nic is mandatory in this case, I know that I can reconfigure the ISA server with a second nic but this won't help here as the ISA is not the company's firewall...

I already knew the solution with IE, I wanted to know if there are other solutions but it seems not...
Does someone know a solution to deploy this via a GPO?

Thank's a lot for your reply,


Deploy what with GPO?

The solution I provided or the 'username:password' format are the only solutions I know of [:(]

This may help confirm:

HTTP 502 Proxy Error - The login request was denied
 
Symptom: When accessing an external FTP site that requires authentication, the following error is received: "HTTP 502 Proxy Error - The login request was denied."
 
Issue: Web proxy normally sends anonymous authentication information to an FTP site in the first request. If the FTP site rejects and closes the connection at the first try, this error is issued. If you monitor the FTP traffic, you will see a log entry similar to: "Port: 21 FTP failed connection attempt user: anonymous request: Get ftp://FTPServer/."
 
Solution: When accessing an external FTP site that requires authentication from a Web proxy client, provide credentials in the URL, in the following format: ftp://username:password@FTPServerName.
This issue does not occur in the following circumstances:

  • SecureNAT clients or Firewall clients make the FTP request.
  • The Enable folder view for FTP sites check box is selected in Internet Explorer. With this setting enabled, Internet Explorer sends the request directly to the FTP site if it can resolve the remote host name, ignoring browser settings. If the host name cannot be resolved, the browser is used.
Source: http://technet.microsoft.com/en-us/library/bb794745.aspx




KevinCunningham -> RE: Unable to access Authenticated FTP (11.Nov.2009 8:08:28 AM)

Hi - my client also has a single NIC ISA 2006 webproxy box and get the same issue accessing ftp sites.

We found that contrary to the documentation (which states that ISA Firewall connections cannot be made on a single homed ISA 2006 server), installing the ISA Firewall client made IE behave as expected when browsing to ftp sites requiring authentication.

This was with IE6 though. IE7 we have found still works but doesn't appear to initially. The ISA server returns the same login denied error, but then when the user clicks on "Page>Open FTP Site in Windows Explorer" everything works ok.




Page: [1]