I followed the steps in Backing up vCSA 6.5 natively using FTPS but wasn’t able to create a backup succesfully.
It seemed that I could login to the ftps server with FileZilla client, but it wasn’t able to list the directories on the FTPS server. Didn’t really noticed the warnings in FileZilla, since the directories were empty 🙂
However FileZilla complained:
Status: Connecting to 1.2.3.4:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (1,2,3,4,208,227). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing Status: Disconnected from server
Grant Curell blogged about this error (look for Fixing Problem #2 on the blog) the issue was with the internal Windows firewall in Windows 2012 R2.
Also Using the buildin (Predefined) FTP Server rules didn’t work:
I’ve created two firewall rules, allowing ports 20,21,990, 55000-56000 in both UDP and TCP.
I set the Data Channel Port Range from 55000 to 56000. This setting is done on the IIS node, not on the FTP site.
After a restart of the FTP server service, I could now connect. And the backup now finishes succesfully.
Status: Connecting to 1.2.3.4:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Status: Directory listing of "/" successful
not working for me on a mapping IP,, but it works locally, only work on port 21 on the mapping IP
Hi Torchqq,
Not really sure what you mean with ‘mapping IP’ but I’m guessing IP address in the sitebindings.. Could it be that the Windows firewall is running with the ‘Predefined FTP Server rule’. I had this issue on a 2012 R2 server. Creating a custom ‘Port’ Rule fixed my issue.
I’ve added some pictures to the blogpost, hope they help to clearify.
Thanks for this. Restarting the FTP service did the trick. (Just restarting the FTP site did not.)