It has been quite awhile since I've posted. I guess I've haven't done anything too interesting in the world of computers and programming until this week.
Okay, so my task this week was to move the current webserver from a Windows 2000 server to a new Windows 2008 server. Whoa! We're kinda behind! And oh my things have changed! I'll admit, at first, I totally complained off this new server layout. Hey, I knew how to navigate that old server and I kind of liked it, BUT it was dying, dying, dying. Soooo bye-bye my little server, HELLO 2008!
Okay, so I didn't do all this in a week, I prepared in the previous weeks and switched the IP address over this week, and thanked my lucky stars it went pretty smooth, a few glitches, but not too bad. EXCEPT, the FTP site. I did not originally set up the FTP site, nor have I before, so this was all new to me.
So just in case you ever need to know, here are a few actions that somehow got the FTP site to finally run:
Turn on the FTP Service using the Turn Windows Features on or off. This is kind of hidden in my opinion. It is located inside the Server Manager as a Role in the Web Services area.
Create your FTP Site:
Inside the IIS Manager, Click FTP Sites, it will guide you through a link to open the IIS 6.0 manager.
Under FTP Site, add a new site. In my case i used the Isolated Users option, due to the fact that at this time we are using a Windows 2000 server to host our Active Directory, it appeared there was more setup to do on that server if I wanted to use the Active Directory, and since it will be upgraded soon, I chose to use the plain jane Isolated Users.
Now, some tricky parts.
Problem 1: Could not connect to the ftp site from my browser or command line or filezilla....
Resolution: Open Ports. Using an elevated command prompt, I ran the following command on the server:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
Also, I ran this one for FTP dynamic ports (umm..whatever that means, I just follow instructions):
netsh advfirewall set global StatefulFtp enable
Next, I had to open up the ports in the Firewall, so I opened up the Firewall, Server Manager - Go To Firewall Properties - Windows Firewall Properties - Inbound Rules
Add a new rule. (located on the right side of interface);
Under rule type select the radio for "Port" and hit next
Select the radio for "Specific Local Ports". Typed the range out separating each port with a comma (I think I did 5500-5525). And hit next
Then, I set up the passive ftp port range, again whatever, just follow the instructions:
since, i'm in IIS 6.0, in an elevated command prompt, go to c:\inetpub\AdminScripts, then run:
adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5525"
Okay, so port now open.
Problem 2: Setting up an FTP folder. This is where it is so complicated until you know what the heck is going on.
In this site, I need to allow anonymous access and allow users to log in to certain folders.
When setting up these folder, you have to be aware that there are Virtual Directories and Physical Directories, these are coupled together, especially in naming convention! It appears Windows FTP does some sort of name matching, for the domain name and user name, or just the user name for local users.
The physical directory:
For anonymous users, you set up the following under your root ftp directory (mine was c:\inetpub\ftproot), maybe this isn't safe but it works...
in that folder, you must create this structure so that anonymous users are automatically "dropped" into there:
c:\inetpub\ftproot\LocalUser\Public
On the physical folder, the IUSR_XXXX account (account used to anonymously access the site), needs to have whatever appropriate permission, read, write, list on the public folder or folders created under it.
Next, my domain users needed access to their folders. To do this, i had to create a folder under the root named the same as the domain name:
c:\inetpub\ftproot\junk-domain-name
For each user, i created a folder named their login name:
c:\inetpub\ftproot\junk-domain-name\user-name
**on the physical folder add NTFS permissions for the specific user, with the appropriate permissions - read, write, whatever.**
Next set up the users network folder:
Inside the user's folder, i had to create a dummy folder
c:\inetpub\ftproot\junk-domain-name\user-name\dummy-folder-name
Okay now the Virtual Directory Hook-Up:
(we don't need to do anything else for the anonymous folder, apparently, Windows takes care of that after you create the right physical folders.)
for each domain user that has a folder, you will need to create a Virtual Directory that points to that folder and named the SAME as that folder name:
So, I created the VD: junk-domain-name, that points to c:\inetpub\ftproot\junk-domain-name
Also, for the access to the network folder, i had to create a VD, with the same name as the dummy folder name:
So, I created the VD: dummy-folder-name, that points to the NETWORK PATH \\network-file-share-name\junk-name
Ah, so I think those were the steps, this took me roughly 3 days to do. I thought it was going to be way easier than all this but i did learn alot!
Hope that helps someone!!
No comments:
Post a Comment