Sign in with
Sign up | Sign in
Your question

Problem about Window Xp SP2 firewall and the buildin FTP c..

Last response: in Windows XP
Share
June 22, 2005 7:02:09 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Dear Tom,

Sorry for so late to response to your reply on the
newsgroup.

I checked the firewall log, that the firewall drop
several TCP SYN packets that may cause the FTP hand
problem (seems waiting for server to connect to client
for file transfer).

Could you please give me your email address that i
can send the screen capture, firewall log, etc to you.

BTW, I always test the XP SP2 on both my own FTP
server, production FTP server(both IIS 5.0, window
2000 server, service pack 4, with max. connections =
100, 000) and FTP server on IBM AIX. The problem
occurs when firewall is turned on.

The site: ftp2.de.nero.com is a reference site only
that my FTP site is located within my company's
intranet that can't let you try to connect for
testing. Sorry for confusing you.

I think this situation do not happen on individual
PC due to wrong config. or installation problem, since
i have also tested 3 new PCs, preinstalled with XP SP2
(2 HP, 1 IBM), the same problem occurs.

Thank you for your kind attention.
Anonymous
June 23, 2005 12:49:58 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

No idea what you are talking about as you deleted all previous text. It sounds like you need passive FTP. Normal FTP both client and server computers are servers AND clients. One with the data (the server) and one with the control channel (the client).

Clients connect to servers. In FTP both computers connect to the other. Passive is client to server computers only.

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.htm...
=================================================
"ping" <imperfectluk-wonder@yahoo.com.hk> wrote in message news:1119434529.457239.65120@g47g2000cwa.googlegroups.com...
> Dear Tom,
>
> Sorry for so late to response to your reply on the
> newsgroup.
>
> I checked the firewall log, that the firewall drop
> several TCP SYN packets that may cause the FTP hand
> problem (seems waiting for server to connect to client
> for file transfer).
>
> Could you please give me your email address that i
> can send the screen capture, firewall log, etc to you.
>
> BTW, I always test the XP SP2 on both my own FTP
> server, production FTP server(both IIS 5.0, window
> 2000 server, service pack 4, with max. connections =
> 100, 000) and FTP server on IBM AIX. The problem
> occurs when firewall is turned on.
>
> The site: ftp2.de.nero.com is a reference site only
> that my FTP site is located within my company's
> intranet that can't let you try to connect for
> testing. Sorry for confusing you.
>
> I think this situation do not happen on individual
> PC due to wrong config. or installation problem, since
> i have also tested 3 new PCs, preinstalled with XP SP2
> (2 HP, 1 IBM), the same problem occurs.
>
> Thank you for your kind attention.
>
June 23, 2005 10:47:03 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

David,
Below are all the previous text..
>>>>======================================
Problem about Window Xp SP2 firewall and the buildin FTP command
All 10 messages in topic - view as tree

msnews.microsoft.com Jun 5, 12:15 am show options
Newsgroups: microsoft.public.windowsxp.general
From: "msnews.microsoft.com" <1...@1.com> - Find messages by this
author
Date: Sun, 5 Jun 2005 00:15:17 +0800
Local: Sun,Jun 5 2005 12:15 am
Subject: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

Hi,
I find a problem that if running multiple FTP command at the same
time,
the FTP will get hang
when issuing the get command if the buildin firewall in on (already add
ftp.exe program to the exception list).

Steps to reproduce the problem:
1. open multiple DOS shell(cmd.exe) (say 5)
2. on each DOS shell, type ftp -s:abc.txt (where abc is a file that
contain
ftp command to get several files) but don't press enter.
3. press enter to run the ftp commands, one by one quickly at same
time.
4. the problem will occur that after issuing the get command, the ftp
hang!!

Is it that the buildin firewall can't handle too many connection at the
same
time?
I check the event log, no strange or useful event generated.

Can anybody tell how can i solve it?
(as one of my program will execute ftp.exe many time at the same time!)

Reply



Carey Frisch [MVP] Jun 5, 12:32 am show options
Newsgroups: microsoft.public.windowsxp.general
From: "Carey Frisch [MVP]" <cnfri...@nospamgmail.com> - Find messages
by this author
Date: Sat, 4 Jun 2005 11:32:49 -0500
Local: Sun,Jun 5 2005 12:32 am
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

Windows XP SP2 to limit Max Connections/sec
http://www.msfn.org/print.php?id=9017

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/window...

-------------------------------------------------------------------------------------------

"msnews.microsoft.com" wrote:

|

- Hide quoted text -
- Show quoted text -
Hi,
| I find a problem that if running multiple FTP command at the same
time,
| the FTP will get hang
| when issuing the get command if the buildin firewall in on (already
add
| ftp.exe program to the exception list).
|
| Steps to reproduce the problem:
| 1. open multiple DOS shell(cmd.exe) (say 5)
| 2. on each DOS shell, type ftp -s:abc.txt (where abc is a file that
contain
| ftp command to get several files) but don't press enter.
| 3. press enter to run the ftp commands, one by one quickly at same
time.
| 4. the problem will occur that after issuing the get command, the ftp
hang!!
|
| Is it that the buildin firewall can't handle too many connection at
the same
| time?
| I check the event log, no strange or useful event generated.
|
| Can anybody tell how can i solve it?
| (as one of my program will execute ftp.exe many time at the same time

!)

Reply



Detlev Dreyer Jun 5, 12:50 am show options
Newsgroups: microsoft.public.windowsxp.general
From: "Detlev Dreyer" <detdre...@flashmail.com> - Find messages by this
author
Date: Sat, 04 Jun 2005 16:50:00 GMT
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

"msnews.microsoft.com" wrote:
> Is it that the buildin firewall can't handle too many connection at the
> same time?

Not really.
http://www.microsoft.com/technet/prodtechnol/winxppro/m......

> I check the event log, no strange or useful event generated.

| Limited number of simultaneous incomplete outbound TCP connection
| attempts
| ...
| When it does occur, a new event, with ID 4226, appears in the
system's
| event log.

--
d-d

Reply



Tom Che [MSFT] Jun 6, 5:26 pm show options
Newsgroups: microsoft.public.windowsxp.general
From: v-tom...@online.microsoft.com (Tom Che [MSFT]) - Find messages by
this author
Date: Mon, 06 Jun 2005 09:26:10 GMT
Local: Mon,Jun 6 2005 5:26 pm
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

Hi,

Thanks for posting here. Also thanks for Carey and Detlev's kindly
reply.

>From your post, my understanding of this issue is: If you keep Windows
Firewall enabled and run multiple FTP command at the same time, the FTP
will get hang. If this is not correct, please feel free to let me
know.

Based on your description, I cannot reproduce this issue on my
computer.
However, you may refer to our MVP's suggestion - modify the Registry
(TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
TCP/IP, and then test this issue. If this issue persists, please let
me
know the following information if you need any further assistance:

1. Are you sure this issue will disappear if you turn off the Windows
Firewall?

2. Does this issue occur on other computers?

3. Have you tried to use third-party FTP application to do a same test?

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader
so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------

- Hide quoted text -
- Show quoted text -
>Message-ID: <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
>Date: Sat, 04 Jun 2005 16:50:00 GMT
>From: "Detlev Dreyer" <detdre...@flashmail.com>
>Organization: Not responsible
>Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
>References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
>X-Comment: MS-MVP Germany
>X-Importance: Normal
>X-Priority: 3
>Content-Type: text/plain; charset=ISO-8859-1
>Content-Transfer-Encoding: 8bit
>Lines: 17
>Newsgroups: microsoft.public.windowsxp.general
>NNTP-Posting-Host: ACB1D506.ipt.aol.com 172.177.213.6
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:401625
>X-Tomcat-NG: microsoft.public.windowsxp.general

>"msnews.microsoft.com" wrote:

>> Is it that the buildin firewall can't handle too many connection at the
>> same time?

>Not really.
>http://www.microsoft.com/technet/prodtechnol/winxppro/m......

x#

- Hide quoted text -
- Show quoted text -
EIAA

>> I check the event log, no strange or useful event generated.

>| Limited number of simultaneous incomplete outbound TCP connection
>| attempts
>| ...
>| When it does occur, a new event, with ID 4226, appears in the system's
>| event log.

>--
>d-d

Reply



a ms user Jun 7, 12:14 am show options
Newsgroups: microsoft.public.windowsxp.general
From: "a ms user" <1...@1.com> - Find messages by this author
Date: Tue, 7 Jun 2005 00:14:48 +0800
Local: Tues,Jun 7 2005 12:14 am
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

Dear Tom,
Thanks for your reply.
***IN order to reproduce the error, you should press the ENTER key
very
FAST!!! ***
I'm now at home without XP SP2, so can't modify the
tcpnumconnections or
try netsh....
i will try them tomorrow at office.

Some ans. for your points:
1. Up to now, i try many times, this situation only occur when
firewall
is on.
2. I think this issue should happen on other computers, as i can
reproduce this error on 3 other XP SP2 workstations.
(2 desktops, 1 notebook)
3. Haven't try third party FTP software. But ever try using
window's
file explorer to down many files at the same time, no
problem occur!!!!

Today, in office, i run the ftp command in debug mode (issue
command
debug), after issue a get command,
i compare the message PORT IP_address,port(e.g. PORT
192,168,11,1,1,252) and
the pfirewall.log (locate at
c:\windows) that no connection to such port (1252?) is established,
instead
many ports larger 5000, are used for
data transfer.....do the firewall do some port-forwarding activities?

BTW, today, i write a simple ftp program (using function
FTPgetfileA,in
wininet.dll, to get files), the problem
occur too..

Don't know if this problem cause by firewall or limit of tcp
connection
...
PS: i check the event log that no event of event id 4226 (generated
when
exceed 10 simantenous
outgoing connection).

Tom, please follow the steps mentioned again to reproduce the
error.
THANK YOU FOR YOUR KIND ATTENTION AND HELP.

below is a sample of the ftp command files:
--------------------------------------------------------
open ftp2.de.nero.com
anonymous
1...@1.com
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
quit
--------------------------------------------------------

"Tom Che [MSFT]" <v-tom...@online.microsoft.com> ¦b¶l¥ó
news:Zm9lJnnaFHA.3336@TK2MSFTNGXA01.phx.gbl ¤¤¼¶¼g....

- Hide quoted text -
- Show quoted text -
> Hi,

> Thanks for posting here. Also thanks for Carey and Detlev's kindly reply.

> From your post, my understanding of this issue is: If you keep Windows
> Firewall enabled and run multiple FTP command at the same time, the FTP
> will get hang. If this is not correct, please feel free to let me know.

> Based on your description, I cannot reproduce this issue on my computer.
> However, you may refer to our MVP's suggestion - modify the Registry
> (TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
> TCP/IP, and then test this issue. If this issue persists, please let me
> know the following information if you need any further assistance:

> 1. Are you sure this issue will disappear if you turn off the Windows
> Firewall?

> 2. Does this issue occur on other computers?

> 3. Have you tried to use third-party FTP application to do a same test?

> Have a nice day!

> Sincerely,

> Tom Che

> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.

> --------------------
> >Message-ID: <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
> >Date: Sat, 04 Jun 2005 16:50:00 GMT
> >From: "Detlev Dreyer" <detdre...@flashmail.com>
> >Organization: Not responsible
> >Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
> command
> >References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
> >X-Comment: MS-MVP Germany
> >X-Importance: Normal
> >X-Priority: 3
> >Content-Type: text/plain; charset=ISO-8859-1
> >Content-Transfer-Encoding: 8bit
> >Lines: 17
> >Newsgroups: microsoft.public.windowsxp.general
> >NNTP-Posting-Host: ACB1D506.ipt.aol.com 172.177.213.6
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:401625
> >X-Tomcat-NG: microsoft.public.windowsxp.general

> >"msnews.microsoft.com" wrote:

> >> Is it that the buildin firewall can't handle too many connection at the
> >> same time?

> >Not really.

>http://www.microsoft.com/technet/prodtechnol/winxppro/m......
> x#EIAA

> >> I check the event log, no strange or useful event generated.

> >| Limited number of simultaneous incomplete outbound TCP connection
> >| attempts
> >| ...
> >| When it does occur, a new event, with ID 4226, appears in the system's
> >| event log.

> >--
> >d-d

Reply



a ms user Jun 7, 12:27 am show options
Newsgroups: microsoft.public.windowsxp.general
From: "a ms user" <1...@1.com> - Find messages by this author
Date: Tue, 7 Jun 2005 00:27:22 +0800
Local: Tues,Jun 7 2005 12:27 am
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

sorry make a mistake about the interpretation of message PORT
192,168,11,1,1,252
actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
(binary) or 64513 --> 1111 1100 0000 0011
but no matter which intrepretation, do not exist in the firewall log (i
setup to log successful connection)
thanks
"a ms user" <1...@1.com> ¦b¶l¥ó
news:eT2IcLraFHA.3272@TK2MSFTNGP10.phx.gbl ¤¤¼¶
¼g...

- Hide quoted text -
- Show quoted text -
> Dear Tom,
> Thanks for your reply.
> ***IN order to reproduce the error, you should press the ENTER key
very
> FAST!!! ***
> I'm now at home without XP SP2, so can't modify the tcpnumconnections
or
> try netsh....
> i will try them tomorrow at office.

> Some ans. for your points:
> 1. Up to now, i try many times, this situation only occur when
firewall
> is on.
> 2. I think this issue should happen on other computers, as i can
> reproduce this error on 3 other XP SP2 workstations.
> (2 desktops, 1 notebook)
> 3. Haven't try third party FTP software. But ever try using window's
> file explorer to down many files at the same time, no
> problem occur!!!!

> Today, in office, i run the ftp command in debug mode (issue command
> debug), after issue a get command,
> i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252)
and
> the pfirewall.log (locate at
> c:\windows) that no connection to such port (1252?) is established,
instead
> many ports larger 5000, are used for
> data transfer.....do the firewall do some port-forwarding activities?

> BTW, today, i write a simple ftp program (using function
FTPgetfileA,in
> wininet.dll, to get files), the problem
> occur too..

> Don't know if this problem cause by firewall or limit of tcp
connection
> ..
> PS: i check the event log that no event of event id 4226 (generated
when
> exceed 10 simantenous
> outgoing connection).

> Tom, please follow the steps mentioned again to reproduce the error.
> THANK YOU FOR YOUR KIND ATTENTION AND HELP.

> below is a sample of the ftp command files:
> --------------------------------------------------------
> open ftp2.de.nero.com
> anonymous
> 1...@1.com
> get iomega.zip
> get gear.zip
> get iomega.zip
> get gear.zip
> get iomega.zip
> get gear.zip
> get iomega.zip
> get gear.zip
> quit
> --------------------------------------------------------

> "Tom Che [MSFT]" <v-tom...@online.microsoft.com> ¦b¶l¥ó
> news:Zm9lJnnaFHA.3336@TK2MSFTNGXA01.phx.gbl ¤¤¼¶¼g...
> > Hi,

> > Thanks for posting here. Also thanks for Carey and Detlev's kindly
reply.

> > From your post, my understanding of this issue is: If you keep Windows
> > Firewall enabled and run multiple FTP command at the same time, the FTP
> > will get hang. If this is not correct, please feel free to let me know.

> > Based on your description, I cannot reproduce this issue on my computer.
> > However, you may refer to our MVP's suggestion - modify the Registry
> > (TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
> > TCP/IP, and then test this issue. If this issue persists, please let me
> > know the following information if you need any further assistance:

> > 1. Are you sure this issue will disappear if you turn off the Windows
> > Firewall?

> > 2. Does this issue occur on other computers?

> > 3. Have you tried to use third-party FTP application to do a same test?

> > Have a nice day!

> > Sincerely,

> > Tom Che

> > Microsoft Online Partner Support
> > Get Secure! - www.microsoft.com/security
> > =====================================================
> > When responding to posts, please "Reply to Group" via your newsreader so
> > that others may learn and benefit from your issue.
> > =====================================================
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.

> > --------------------
> > >Message-ID: <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
> > >Date: Sat, 04 Jun 2005 16:50:00 GMT
> > >From: "Detlev Dreyer" <detdre...@flashmail.com>
> > >Organization: Not responsible
> > >Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
> > command
> > >References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
> > >X-Comment: MS-MVP Germany
> > >X-Importance: Normal
> > >X-Priority: 3
> > >Content-Type: text/plain; charset=ISO-8859-1
> > >Content-Transfer-Encoding: 8bit
> > >Lines: 17
> > >Newsgroups: microsoft.public.windowsxp.general
> > >NNTP-Posting-Host: ACB1D506.ipt.aol.com 172.177.213.6
> > >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> > >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:401625
> > >X-Tomcat-NG: microsoft.public.windowsxp.general

> > >"msnews.microsoft.com" wrote:

> > >> Is it that the buildin firewall can't handle too many connection at
the
> > >> same time?

> > >Not really.

>http://www.microsoft.com/technet/prodtechnol/winxppro/m......
> > x#EIAA

> > >> I check the event log, no strange or useful event generated.

> > >| Limited number of simultaneous incomplete outbound TCP connection
> > >| attempts
> > >| ...
> > >| When it does occur, a new event, with ID 4226, appears in the
system's
> > >| event log.

> > >--
> > >d-d

Reply



Tom Che [MSFT] Jun 7, 9:06 pm show options
Newsgroups: microsoft.public.windowsxp.general
From: v-tom...@online.microsoft.com (Tom Che [MSFT]) - Find messages by
this author
Date: Tue, 07 Jun 2005 13:06:48 GMT
Local: Tues,Jun 7 2005 9:06 pm
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

Hi,

Thanks for your update.

I have performed a lot of tests, but still have not expected result.
Please see my tests as below:

Note:
================
(1). I copy your example ftp command file to a.txt saved in C:\dell
folder.

(2). I cannot turn off Windows Firewall, since it is controlled by
Domain
Policy in my computer. Therefore, all the tests as below were finished
with enabled Windows Firewall.

(3). I cannot add attachment zip file contains 5 JPG files which are
screenshots in the newsgroup, so please let me know your E-mail and I
will
send it to you directly.

Tests:
================
1. I do followed your instruction, and I opened 6 command windows all
including the same command "ftp -s:a.txt" under C:\dell. Please see
1.JPG.

2. I pressed ENTER on each window as fast as I could (I believed it was
finished in 2 seconds), then I got the results as 2.JPG. From the
screenshot, you can see that only 2 windows complete this command
successfully, but other 4 windows get different errors including
"Permission denied" and "Not connected". I have repeated step 1 & 2
about
a dozen of times, and I got the exactly same results - 2 successes, 3
"Permission denied" and 1 "Not connected".

3. I thought there is a better way to run the command at the same time
-
using Scheduled Tasks to run 6 same tasks at one time. I edited a
batch
file named a.bat containing "ftp -s:c:\dell\a.txt". I added a
Scheduled
Task to run "a.bat > ao.txt" as 3.JPG.

4. I copied a.job to other 5 Task files including b.job, c.job and so
on.
I also changed the output file to bo.txt, co.txt and so on. Please see
4.JPG.

5. At the scheduled time, these Scheduled Tasks were opened and run
themselves as expected. After a while, all windows were closed
automatically (I also noticed the error "Permission denied" appearing
in
some windows before close). And then I checked the output files - you
can
see the result from 5.JPG - ONLY 2 commands were successful again!
Other 4
output files don't contain error information, but obviously they were
failed.

================
>From above results, I believe this FTP Server (ftp2.de.nero.com) may
allow
only 2 sessions from the same IP address simultaneously. Therefore, I
don't think this issue is related to Windows Firewall, but may be
caused by
different network environment or FTP Server. I recommend that you do
the
following tests for further troubleshooting:

1. Perform the multiple FTP commands test on a different network
environment with enabled and disabled Windows Firewall.

2. Create a FTP Server by yourself, and make its setting to allow
multiple
sessions from one user at the same time. Then try this issue using
your
own FTP Server.

BTW: I cannot find anything useful in my pfirewall.log file, either.

Hope this helps!

- Hide quoted text -
- Show quoted text -
Have a nice day!
Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure
! - www
..microsoft
..com
/security
=====================================================
When
responding
to
posts
, please
"Reply
to
Group
" via
your
newsreader
so

that
others
may
learn
and
benefit
from
your
issue
..
=====================================================
This
posting
is
provided
"AS
IS
" with
no
warranties
, and
confers
no
rights

..

--------------------
>From: "a ms user" <1...@1.com>
>References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>

<55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
<Zm9lJnnaFHA.3...@TK2MSFTNGXA01.phx.gbl>
<eT2IcLraFHA.3...@TK2MSFTNGP10.phx.gbl>

- Hide quoted text -
- Show quoted text -
>Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
>Date: Tue, 7 Jun 2005 00:27:22 +0800
>Lines: 167
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1478
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
>Message-ID: <uzfXdSraFHA.2...@TK2MSFTNGP14.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.general
>NNTP-Posting-Host: 221.124.167.215
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:402810
>X-Tomcat-NG: microsoft.public.windowsxp.general

>sorry make a mistake about the interpretation of message PORT
>192,168,11,1,1,252
>actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
>(binary) or 64513 --> 1111 1100 0000 0011
>but no matter which intrepretation, do not exist in the firewall log (i
>setup to log successful connection)
>thanks
>"a ms user" <1...@1.com> ¦b¶l¥ó news:eT2IcLraFHA.3272@TK2MSFTNGP10.phx.gbl
¤¤¼¶
>¼g...
>> Dear Tom,
>> Thanks for your reply.
>> ***IN order to reproduce the error, you should press the ENTER key
>very
>> FAST!!! ***
>> I'm now at home without XP SP2, so can't modify the tcpnumconnections
>or
>> try netsh....
>> i will try them tomorrow at office.

>> Some ans. for your points:
>> 1. Up to now, i try many times, this situation only occur when
>firewall
>> is on.
>> 2. I think this issue should happen on other computers, as i can
>> reproduce this error on 3 other XP SP2 workstations.
>> (2 desktops, 1 notebook)
>> 3. Haven't try third party FTP software. But ever try using window's
>> file explorer to down many files at the same time, no
>> problem occur!!!!

>> Today, in office, i run the ftp command in debug mode (issue command
>> debug), after issue a get command,
>> i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252)
>and
>> the pfirewall.log (locate at
>> c:\windows) that no connection to such port (1252?) is established,
>instead
>> many ports larger 5000, are used for
>> data transfer.....do the firewall do some port-forwarding activities?

>> BTW, today, i write a simple ftp program (using function
>FTPgetfileA,in
>> wininet.dll, to get files), the problem
>> occur too..

>> Don't know if this problem cause by firewall or limit of tcp
>connection
>> ..
>> PS: i check the event log that no event of event id 4226 (generated
>when
>> exceed 10 simantenous
>> outgoing connection).

>> Tom, please follow the steps mentioned again to reproduce the error.
>> THANK YOU FOR YOUR KIND ATTENTION AND HELP.

>> below is a sample of the ftp command files:
>> --------------------------------------------------------
>> open ftp2.de.nero.com
>> anonymous
>> 1...@1.com
>> get iomega.zip
>> get gear.zip
>> get iomega.zip
>> get gear.zip
>> get iomega.zip
>> get gear.zip
>> get iomega.zip
>> get gear.zip
>> quit
>> --------------------------------------------------------

>> "Tom Che [MSFT]" <v-tom...@online.microsoft.com> ¦b¶l¥ó
>> news:Zm9lJnnaFHA.3336@TK2MSFTNGXA01.phx.gbl ¤¤¼¶¼g...
>> > Hi,

>> > Thanks for posting here. Also thanks for Carey and Detlev's kindly
>reply.

>> > From your post, my understanding of this issue is: If you keep Windows
>> > Firewall enabled and run multiple FTP command at the same time, the FTP
>> > will get hang. If this is not correct, please feel free to let me
know.

>> > Based on your description, I cannot reproduce this issue on my
computer.
>> > However, you may refer to our MVP's suggestion - modify the Registry
>> > (TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
>> > TCP/IP, and then test this issue. If this issue persists, please let
me
>> > know the following information if you need any further assistance:

>> > 1. Are you sure this issue will disappear if you turn off the Windows
>> > Firewall?

>> > 2. Does this issue occur on other computers?

>> > 3. Have you tried to use third-party FTP application to do a same test?

>> > Have a nice day!

>> > Sincerely,

>> > Tom Che

>> > Microsoft Online Partner Support
>> > Get Secure! - www.microsoft.com/security
>> > =====================================================
>> > When responding to posts, please "Reply to Group" via your newsreader
so
>> > that others may learn and benefit from your issue.
>> > =====================================================
>> > This posting is provided "AS IS" with no warranties, and confers no
>> rights.

>> > --------------------
>> > >Message-ID: <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
>> > >Date: Sat, 04 Jun 2005 16:50:00 GMT
>> > >From: "Detlev Dreyer" <detdre...@flashmail.com>
>> > >Organization: Not responsible
>> > >Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
>> > command
>> > >References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
>> > >X-Comment: MS-MVP Germany
>> > >X-Importance: Normal
>> > >X-Priority: 3
>> > >Content-Type: text/plain; charset=ISO-8859-1
>> > >Content-Transfer-Encoding: 8bit
>> > >Lines: 17
>> > >Newsgroups: microsoft.public.windowsxp.general
>> > >NNTP-Posting-Host: ACB1D506.ipt.aol.com 172.177.213.6
>> > >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>> > >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:401625
>> > >X-Tomcat-NG: microsoft.public.windowsxp.general

>> > >"msnews.microsoft.com" wrote:

>> > >> Is it that the buildin firewall can't handle too many connection at
>the
>> > >> same time?

>> > >Not really.

>>http://www.microsoft.com/technet/prodtechnol/winxppro/m......
p
>> > x#EIAA

>> > >> I check the event log, no strange or useful event generated.

>> > >| Limited number of simultaneous incomplete outbound TCP connection
>> > >| attempts
>> > >| ...
>> > >| When it does occur, a new event, with ID 4226, appears in the
>system's
>> > >| event log.

>> > >--
>> > >d-d

Reply



ping Jun 21, 6:22 pm show options
Newsgroups: microsoft.public.windowsxp.general
From: "ping" <imperfectluk-won...@yahoo.com.hk> - Find messages by this
author
Date: 21 Jun 2005 03:22:15 -0700
Local: Tues,Jun 21 2005 6:22 pm
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse

Dear Tom,

Sorry for so late to response to your reply on the
newsgroup.

I checked the firewall log, that the firewall drop
several TCP SYN packets that may cause the FTP hand
problem (seems waiting for server to connect to client
for file transfer).

Could you please give me your email address that i
can send the screen capture, firewall log, etc to you.

BTW, I always test the XP SP2 on both my own FTP
server, production FTP server(both IIS 5.0, window
2000 server, service pack 4, with max. connections =
100, 000) and FTP server on IBM AIX. The problem
occurs when firewall is turned on.

The site: ftp2.de.nero.com is a reference site only
that my FTP site is located within my company's
intranet that can't let you try to connect for
testing. Sorry for confusing you.

I think this situation do not happen on individual
PC due to wrong config. or installation problem, since
i have also tested 3 new PCs, preinstalled with XP SP2
(2 HP, 1 IBM), the same problem occurs.

Thank you for your kind attention.

Tom Che [MSFT] 寫道:

- Hide quoted text -
- Show quoted text -
> Hi,

> Thanks for your update.

> I have performed a lot of tests, but still have not expected result.
> Please see my tests as below:

> Note:
> ================
> (1). I copy your example ftp command file to a.txt saved in C:\dell folder.

> (2). I cannot turn off Windows Firewall, since it is controlled by Domain
> Policy in my computer. Therefore, all the tests as below were finished
> with enabled Windows Firewall.

> (3). I cannot add attachment zip file contains 5 JPG files which are
> screenshots in the newsgroup, so please let me know your E-mail and I will
> send it to you directly.

> Tests:
> ================
> 1. I do followed your instruction, and I opened 6 command windows all
> including the same command "ftp -s:a.txt" under C:\dell. Please see 1.JPG.

> 2. I pressed ENTER on each window as fast as I could (I believed it was
> finished in 2 seconds), then I got the results as 2.JPG. From the
> screenshot, you can see that only 2 windows complete this command
> successfully, but other 4 windows get different errors including
> "Permission denied" and "Not connected". I have repeated step 1 & 2 about
> a dozen of times, and I got the exactly same results - 2 successes, 3
> "Permission denied" and 1 "Not connected".

> 3. I thought there is a better way to run the command at the same time -
> using Scheduled Tasks to run 6 same tasks at one time. I edited a batch
> file named a.bat containing "ftp -s:c:\dell\a.txt". I added a Scheduled
> Task to run "a.bat > ao.txt" as 3.JPG.

> 4. I copied a.job to other 5 Task files including b.job, c.job and so on.
> I also changed the output file to bo.txt, co.txt and so on. Please see
> 4.JPG.

> 5. At the scheduled time, these Scheduled Tasks were opened and run
> themselves as expected. After a while, all windows were closed
> automatically (I also noticed the error "Permission denied" appearing in
> some windows before close). And then I checked the output files - you can
> see the result from 5.JPG - ONLY 2 commands were successful again! Other 4
> output files don't contain error information, but obviously they were
> failed.

> ================
> From above results, I believe this FTP Server (ftp2.de.nero.com) may allow
> only 2 sessions from the same IP address simultaneously. Therefore, I
> don't think this issue is related to Windows Firewall, but may be caused by
> different network environment or FTP Server. I recommend that you do the
> following tests for further troubleshooting:

> 1. Perform the multiple FTP commands test on a different network
> environment with enabled and disabled Windows Firewall.

> 2. Create a FTP Server by yourself, and make its setting to allow multiple
> sessions from one user at the same time. Then try this issue using your
> own FTP Server.

> BTW: I cannot find anything useful in my pfirewall.log file, either.

> Hope this helps!

> Have a nice day!

> Sincerely,

> Tom Che

> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.

> --------------------
> >From: "a ms user" <1...@1.com>
> >References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
> <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
> <Zm9lJnnaFHA.3...@TK2MSFTNGXA01.phx.gbl>
> <eT2IcLraFHA.3...@TK2MSFTNGP10.phx.gbl>
> >Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
> command
> >Date: Tue, 7 Jun 2005 00:27:22 +0800
> >Lines: 167
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1478
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
> >Message-ID: <uzfXdSraFHA.2...@TK2MSFTNGP14.phx.gbl>
> >Newsgroups: microsoft.public.windowsxp.general
> >NNTP-Posting-Host: 221.124.167.215
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:402810
> >X-Tomcat-NG: microsoft.public.windowsxp.general

> >sorry make a mistake about the interpretation of message PORT
> >192,168,11,1,1,252
> >actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
> >(binary) or 64513 --> 1111 1100 0000 0011
> >but no matter which intrepretation, do not exist in the firewall log (i
> >setup to log successful connection)
> >thanks
> >"a ms user" <1...@1.com> ¦b¶l¥ó news:eT2IcLraFHA.3272@TK2MSFTNGP10.phx.gbl
> ¤¤¼¶
> >¼g...
> >> Dear Tom,
> >> Thanks for your reply.
> >> ***IN order to reproduce the error, you should press the ENTER key
> >very
> >> FAST!!! ***
> >> I'm now at home without XP SP2, so can't modify the tcpnumconnections
> >or
> >> try netsh....
> >> i will try them tomorrow at office.

> >> Some ans. for your points:
> >> 1. Up to now, i try many times, this situation only occur when
> >firewall
> >> is on.
> >> 2. I think this issue should happen on other computers, as i can
> >> reproduce this error on 3 other XP SP2 workstations.
> >> (2 desktops, 1 notebook)
> >> 3. Haven't try third party FTP software. But ever try using window's
> >> file explorer to down many files at the same time, no
> >> problem occur!!!!

> >> Today, in office, i run the ftp command in debug mode (issue command
> >> debug), after issue a get command,
> >> i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252)
> >and
> >> the pfirewall.log (locate at
> >> c:\windows) that no connection to such port (1252?) is established,
> >instead
> >> many ports larger 5000, are used for
> >> data transfer.....do the firewall do some port-forwarding activities?

> >> BTW, today, i write a simple ftp program (using function
> >FTPgetfileA,in
> >> wininet.dll, to get files), the problem
> >> occur too..

> >> Don't know if this problem cause by firewall or limit of tcp
> >connection
> >> ..
> >> PS: i check the event log that no event of event id 4226 (generated
> >when
> >> exceed 10 simantenous
> >> outgoing connection).

> >> Tom, please follow the steps mentioned again to reproduce the error.
> >> THANK YOU FOR YOUR KIND ATTENTION AND HELP.

> >> below is a sample of the ftp command files:
> >> --------------------------------------------------------
> >> open ftp2.de.nero.com
> >> anonymous
> >> 1...@1.com
> >> get iomega.zip
> >> get gear.zip
> >> get iomega.zip
> >> get gear.zip
> >> get iomega.zip
> >> get gear.zip
> >> get iomega.zip
> >> get gear.zip
> >> quit
> >> --------------------------------------------------------

> >> "Tom Che [MSFT]" <v-tom...@online.microsoft.com> ¦b¶l¥ó
> >> news:Zm9lJnnaFHA.3336@TK2MSFTNGXA01.phx.gbl ¤¤¼¶¼g...
> >> > Hi,

> >> > Thanks for posting here. Also thanks for Carey and Detlev's kindly
> >reply.

> >> > From your post, my understanding of this issue is: If you keep Windows
> >> > Firewall enabled and run multiple FTP command at the same time, the FTP
> >> > will get hang. If this is not correct, please feel free to let me
> know.

> >> > Based on your description, I cannot reproduce this issue on my
> computer.
> >> > However, you may refer to our MVP's suggestion - modify the Registry
> >> > (TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
> >> > TCP/IP, and then test this issue. If this issue persists, please let
> me
> >> > know the following information if you need any further assistance:

> >> > 1. Are you sure this issue will disappear if you turn off the Windows
> >> > Firewall?

> >> > 2. Does this issue occur on other computers?

> >> > 3. Have you tried to use third-party FTP application to do a same test?

> >> > Have a nice day!

> >> > Sincerely,

> >> > Tom Che

> >> > Microsoft Online Partner Support
> >> > Get Secure! - www.microsoft.com/security
> >> > =====================================================
> >> > When responding to posts, please "Reply to Group" via your newsreader
> so
> >> > that others may learn and benefit from your issue.
> >> > =====================================================
> >> > This posting is provided "AS IS" with no warranties, and confers no
> >> rights.

> >> > --------------------
> >> > >Message-ID: <55afd3663f84728f1e16e7b279ce9...@d-d.mvps.org>
> >> > >Date: Sat, 04 Jun 2005 16:50:00 GMT
> >> > >From: "Detlev Dreyer" <detdre...@flashmail.com>
> >> > >Organization: Not responsible
> >> > >Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
> >> > command
> >> > >References: <e#EUYCSaFHA....@TK2MSFTNGP10.phx.gbl>
> >> > >X-Comment: MS-MVP Germany
> >> > >X-Importance:

....

read more »

Reply



ping Jun 22, 6:02 pm show options
Newsgroups: microsoft.public.windowsxp.general
From: "ping" <imperfectluk-won...@yahoo.com.hk> - Find messages by this
author
Date: 22 Jun 2005 03:02:09 -0700
Local: Wed,Jun 22 2005 6:02 pm
Subject: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Remove | Report Abuse

- Hide quoted text -
- Show quoted text -
Dear Tom,
Sorry for so late to response to your reply on the
newsgroup.
I checked the firewall log, that the firewall drop
several TCP SYN packets that may cause the FTP hand
problem (seems waiting for server to connect to client
for file transfer).
Could you please give me your email address that i
can send the screen capture, firewall log, etc to you.
BTW, I always test the XP SP2 on both my own FTP
server, production FTP server(both IIS 5.0, window
2000 server, service pack 4, with max. connections =
100, 000) and FTP server on IBM AIX. The problem
occurs when firewall is turned on.
The site: ftp2.de.nero.com is a reference site only
that my FTP site is located within my company's
intranet that can't let you try to connect for
testing. Sorry for confusing you.
I think this situation do not happen on individual
PC due to wrong config. or installation problem, since
i have also tested 3 new PCs, preinstalled with XP SP2
(2 HP, 1 IBM), the same problem occurs.
Thank you for your kind attention

..

Reply



David Candy Jun 22, 6:49 pm show options
Newsgroups: microsoft.public.windowsxp.general
From: "David Candy" <.> - Find messages by this author
Date: Wed, 22 Jun 2005 20:49:58 +1000
Local: Wed,Jun 22 2005 6:49 pm
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse

No idea what you are talking about as you deleted all previous text. It
sounds like you need passive FTP. Normal FTP both client and server
computers are servers AND clients. One with the data (the server) and
one with the control channel (the client).

Clients connect to servers. In FTP both computers connect to the other.
Passive is client to server computers only.
!