Changes in Microsoft FTP 7.5
This article describes some of the changes that were introduced in Microsoft FTP 7.5.
Original product version: Internet Information Services 8.0, 8.5
Original KB number: 2505047
Some NLST command-line options don't work
In FTP 7.5, an FTP client can use only the
-A command-line options with the NLST command. For example, the
-r option (for the reverse sort direction) and the
-t option (for sort by time of last write) no longer work. Because these command-line options are not documented in the RFC, Microsoft may change the implementation in the feature version of FTP.
FTP data connections are established and disconnected asynchronously in the background
The establishing and disconnecting of the FTP data connection is processed in the background of the response for the control connection. FTP 7.5 starts a three-way handshake to establish the data connection before it returns 200 PORT command successful as the response to the
PORT command to the control connection. The 226 Transfer Complete response returns as the response of the
RETR commands to the control connection before the handshake to disconnect the data connection finishes.
IisFtp.vbs isn't supported with FTP 7.5
Beginning in FTP 7.5, the IisFtp.vbs script is no longer supported and is not included as part of the FTP 7.5 installation package. Therefore some functionality that was possible using IisFtp.vbs requires different action to be taken starting in FTP 7.5. For example, the
IIsFtp.vbs /setadprop command available in Internet Information Services (IIS) 6.0 to create an FTP site in Active Directory isolation Mode cannot be used in FTP 7.5. Instead, use ADSI Editor to set the
msIIS-FTPDir properties to point to the home directories in Active Directory Isolation Mode.
ADSI Editor is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. This is installed on Windows Server 2008 domain controllers by default and will have to be manually installed on member servers.
There are three main steps to configure the Isolate users in Active Directory mode:
- In IIS, create and configure the FTP sites to be isolated.
- Configure the file servers.
- Configure Active Directory.
To create and configure the FTP sites to be isolated, see FTP Active Directory user isolation.
When you configure the file servers, you must create the shares and user directories for all the users who are permitted to connect to the FTP service, including the user configured to impersonate anonymous users. Before you complete this step, consider factors such as expected disk space usage, storage management, and network traffic.
To configure Active Directory, you can use ADSI Editor instead of IisFtp.vbs. To configure an FTP 7.5 site in Active Directory Isolation Mode, take the following steps:
- Select Start, select Run, and enter adsiedit.msc to run ADSI Editor.
- If necessary, connect to the FTP server's domain. By default, it connects to the domain that the domain controller belongs to.
- In the console pane, expand the FTP server's domain, expand %Domain Name%, and then select CN=Users.
- In the details pane, right-click CN=%User%, and then select Properties.
- On the Attribute Editor tab, select msIIS-FTPRoot or msIIS-FTPDir, and then select Edit.
- Edit, and then select OK.
FTP 7.5 returns a 125 or 150 response when an FTP client sends a command needing the data connection in passive mode
In earlier versions of IIS, the FTP service returns a 125 Data connection already open; transfer starting response for
STOR commands sent by FTP clients when the client and server are communicating over a passive mode connection. Additionally, FTP returns a 150 File status okay; about to open data connection. response for the
STOR commands over active mode connections.
In FTP 7.5 and later versions, the response message does not depend on whether the request for the data connection is over passive mode or active mode. Instead, if the data connection is already established FTP 7.5 responds with 125 Data connection already open; transfer starting. If the data connection is not already established, FTP responds with 150 File status okay; about to open data connection.
FTP 7.5 does not start establishing the data connection for
EPSV commands until the data connection for an earlier FTP request is disconnected.
FTP 7.5 returns a 451 error response if an FTP client does not use a CRLF as the end-of-line
In earlier versions of IIS, the FTP service accepted both
LF as the end-of-line mark. Beginning in FTP 7.5, the use of
LF as the end-of-line marker is no longer supported. According to RFC 959, FTP should follow the specifications of the Telnet protocol, where
CRLF is the only valid end-of-line marker. If an FTP client tries to end a line with LF, FTP 7.5 will return the following error message:
451 The parameter is incorrect.
FTP 7.5 resets the data connection if an FTP client tries to use a port lower than 1024 for the data connection
In earlier versions of IIS, an FTP client could choose to use a port lower than 1024 for the data connection, in both passive mode and active mode FTP communications. Beginning in FTP 7.5, when an FTP client tries to use a port lower than 1024 for the data connection, FTP 7.5 will reset the underlying TCP connection. For example, if an FTP client tries to do a passive-mode upload of a file using the
STOR command, and tries to use a port lower than 1024 for the data connection, the upload will fail and entries similar to the following will be written to the FTP log:
2012-01-15 02:08:16 123.456.789.0 user01 184.108.40.206 40063 DataChannelOpened - - 0 0 2012-01-15 02:08:16 123.456.789.0 user01 220.127.116.11 40063 DataChannelClosed - - 1236 38 2012-01-15 02:08:16 123.456.789.0 user01 18.104.22.168 21 STOR file.txt 425 1236 0
For an active-mode FTP upload using a data port less than 1024, the Win32 status will be 87 instead of 1236.
This behavior occurs because in FTP 7.5 ports in the range of 0-1023 are now reserved for system processes or for programs executed by privileged users.
FTP RETR for open files
RETR(GET) for files that are already opened by a different process (not FTP Service (FTPSVC)) will fail with
For more information about FTP 7.5, see the following articles: