Issue
If you fail to connect to FTP using a Windows resource manager, the following message is displayed.
An error occurred while opening the folder on the FTP server. Check whether you have permission to access the folder.
Check the rules of the ECS security group. All TCP ports are allowed. Check that FTP home
directory permissions are set correctly. FTP connections to other instances in the same VPC are normal. You can upload and download files.
Cause
Windows resource manager use passive mode connection by default, while FTP is a multi-channel protocol (control channel and tunnel). The ECS network interface controller of the VPC has only one private IP address, and the FTP server does not specify a public IP address in passive mode. As a result, when the client establishes a tunnel connection with the server, the connection address of the tunnel returned by the server is the private IP address, and the public network route is unreachable, resulting in connection failure.
Solution
Take note of the following items:
- Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
- Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
- If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
- Open IIS Manager and double-click FTP Firewall Support.
- Configure the parameters and click Apply.
- tunnel Port Range: specifies the port range used for passive connections. The valid port range that can be specified is 1025-65535. Set the settings based on your actual needs.
- External IP Address of Firewall: Enter the public IP address of the cloud server.
- Enter the following command in the CMD command line to restart the FTP service. This configuration is inherited to the configuration of each FTP site.
net stop ftpsvc&net start ftpsvc
Applicable scope
- Elastic Compute Service (ECS)
- Simple Application Server