Web proxy clients cannot download from an FTP server using PASV mode

Symptom: Attempts by Web proxy clients to download from a PASV mode FTP server fail.

Issue: By default, FTP traffic handled by Web Proxy Filter uses Active mode.

Solution: Set the DWORD value NonPassiveFTPTransfer to 0 in the registry on the ISA Server computer, which sets the mode to Passive. The default value is 1, indicating that Active mode is used. For information about setting this registry key, see the Microsoft Knowledge Base article 300641 “How to enable passive CERN FTP connections through ISA Server 2000 or ISA Server 2004 Standard Edition.” The registry instructions in this article also apply to ISA Server 2006 and ISA Server 2004 Enterprise Edition.

When setting this value in ISA Server 2004, you should ensure that ISA Server 2004 Service Pack 2 (SP2) is installed, to avoid the issue described in Microsoft Knowledge Base article 900256 “Error message when ISA Server 2004 Web Proxy client users try to access an external FTP site by using passive FTP functionality: ‘Error Code: 502 Proxy Error’.” Note that information in this article does not apply when using the Microsoft Windows® command-line FTP client, which cannot be used by Web proxy clients. In addition, the Windows command-line FTP client cannot work in Passive mode.

From: http://www.microsoft.com/technet/isa/2006/ts_outbound_ftp.mspx

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/

Blog: http://blogs.isaserver.org/shinder/
Book:
http://tinyurl.com/2gpoo8
Email: [email protected]
MVP — Microsoft Firewalls (ISA)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top