How to enable passive CERN FTP connections through ISA Server 2000, 2004, or 2006

Article ID: 300641 - View products that this article applies to.
This article was previously published under Q300641
Expand all | Collapse all

On This Page

SUMMARY

This article describes how to enable programs to make a passive CERN FTP connection through Microsoft Internet Security and Acceleration (ISA) Server 2000 or through ISA Server 2004 Standard Edition and ISA Server 2004 (Standard and Enterprise) and ISA Server 2006 (Standard and Enterprise).

Enable passive FTP connections

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
(http://support.microsoft.com/kb/322756/ )
How to back up and restore the registry in Windows


Programs that must establish a passive CERN FTP connection over an ISA server establish a port-mode connection instead of a PASV-mode connection. You can edit the registry on the ISA server to allow FTP requests that are made by using the Web proxy component to use PASV mode. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and double-click the following registry subkey:
    HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/W3Proxy/Parameters
    Notes
    • When you use ISA Server 2006, you may first need to create the Parameters key under the W3Proxy key.
    • When you use ISA Server 2004 SP2, you must first create the Parameters key under the W3Proxy key.
    • When you use TMG MBE, you may first need to create the Parameters key under the W3Proxy key.
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type NonPassiveFTPTransfer as the new value, and then press ENTER
  5. Right-click NonPassiveFTPTransfer, and then click Modify.
  6. In the Value data box, type 0 (zero), and then click OK.

    Note To return this setting to the default value, set the NonPassiveFTPTransfer value to 1.
  7. Exit Registry Editor, and then use one of the following methods as appropriate:
    • If you are running ISA Server 2000, restart the ISA Server Web Proxy service. To do this, follow these steps:
      1. Click Start, click Run, type cmd, and then click OK.
      2. At the command prompt, type net stop w3proxy, and then press ENTER. You receive the following output:
        The Microsoft Web Proxy service is stopping.
The Microsoft Web Proxy service was stopped successfully.
      3. Type net start w3proxy, and then press ENTER. You receive the following output:
        The Microsoft Web Proxy service is starting.The Microsoft Web Proxy service was started successfully.
      4. Type exit, and then press ENTER to exit the command prompt.
    • If you are running ISA Server 2006 or ISA Server 2004 or TMG MBE, restart the Microsoft Firewall service. To do this, follow these steps:
      1. Click Start, click Run, type cmd, and then click OK.
      2. At the command prompt, type net stop fwsrv, and then press ENTER. You receive the following output:
        The Microsoft Firewall service is stopping.
The Microsoft Firewall service was stopped successfully.
      3. Type net start fwsrv, and then press ENTER. You receive the following output:
        The Microsoft Firewall service is starting.The Microsoft Firewall service was started successfully.
      4. Type exit, and then press ENTER to exit the command prompt.
Back to the top | Give Feedback

REFERENCES

For more information about a problem that you might experience after you enable passive mode FTP through ISA Server 2004, click the following article number to view the article in the Microsoft Knowledge Base:
900256
(http://support.microsoft.com/kb/900256/ )
Error message when ISA Server 2004 Web Proxy client users try to access an external FTP site by using passive FTP functionality: "Error Code: 502 Proxy Error"
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
300876
(http://support.microsoft.com/kb/300876/ )
How to connect your company to the Internet by using ISA Server 2000 with Windows 2000
For additional help and support with ISA Server, visit the following Web sites:
http://www.microsoft.com/isaserver/
(http://www.microsoft.com/isaserver/)
http://www.isaserver.org/
(http://www.isaserver.org/)
Note For TMG 2010, the default FTP is already passive. To enable active, you must select an option on the GUI. For more information, see the following TechNet blog entry:
http://blogs.technet.com/yuridiogenes/archive/2010/03/16/error-502-active-ftp-not-allowed-when-trying-to-list-files-in-a-ftp-session-behind-forefront-tmg-2010.aspx
(http://blogs.technet.com/yuridiogenes/archive/2010/03/16/error-502-active-ftp-not-allowed-when-trying-to-list-files-in-a-ftp-session-behind-forefront-tmg-2010.aspx)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Back to the top | Give Feedback

Properties

Article ID: 300641 - Last Review: May 24, 2010 - Revision: 8.0
APPLIES TO
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • Microsoft Small Business Server 2000 Standard Edition
Keywords: 
kbhowtomaster KB300641
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top