Configure Passive FTP on IIS6

Passive mode is somehing I always think about when having to deal with NAT’ed FTP servers. This article applies to IIS6 hosted on a Windows Server 2008 SP2.

Enable Direct Metabase Edit

Open IIS6 Microsoft Management Console (MMC), right-click on the Local Computer node, select Properties, and make sure the Enable Direct Metabase Edit checkbox is ticked.

Define Passive FTP Port Range

Open DOS command prompt as administrator and type the following:

C:\> \Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "64000-65535"
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

PassivePortRange                : (STRING) "64000-65535"

Port range specified can be different.

Restart FTP Service and Verify

Stop FTP service:

C:\> net stop msftpsvc
 The FTP Publishing Service service is stopping.
 The FTP Publishing Service service was stopped successfully.

And start it back (the awesome way of restarting it, I know):

C:\> net start msftpsvc
 The FTP Publishing Service service is starting..
 The FTP Publishing Service service was started successfully.

Verify the status to make sure it’s running:

C:\> sc query msftpsvc
 SERVICE_NAME: msftpsvc
 TYPE               : 20  WIN32_SHARE_PROCESS
 STATE              : 4  RUNNING
 WIN32_EXIT_CODE    : 0  (0x0)
 SERVICE_EXIT_CODE  : 0  (0x0)
 CHECKPOINT         : 0x0
 WAIT_HINT          : 0x0

Check Passive Port Range Manually

We can check the MetaBase.xml file to get the idea of the passive port range that’s in use:

C:\> type C:\Windows\System32\inetsrv\MetaBase.xml | findstr /L Passive

Habbits die hard, here’s a shorter version of the command we can use:

C:\> findstr /L Passive C:\Windows\System32\inetsrv\MetaBase.xml

Ending Note

Make sure the port range 64000-65535 is open on a firewall to allow passive mode connections.

2 thoughts on “Configure Passive FTP on IIS6

Leave a Reply

Your email address will not be published. Required fields are marked *