Note to Users of Microsoft IIS version 2.0 and 3.0 FTP Server:

The installation documentation for SafeTP Server NT/2000 directs you to reconfigure your legacy FTP server to listen on a new FTP port (e.g. port 351) so that the SafeTP Server proxy can occupy the well-known FTP port (port 21).  Unfortunately, it seems that the FTP server included with Microsoft IIS 2.0 and 3.0 has a bug related to the configuration of the FTP service port, so changing the port in the configuration settings is insufficient to actually cause the FTP server to listen on a new port. Luckily, this problem has apparently been corrected in newer versions of IIS.

Microsoft Knowledge Base Entry Concerning FTP port on IIS

If you have problems getting SafeTP NT/2000 to work over Microsoft IIS FTP, this is probably why. You can verify whether the IIS FTP server is correctly configured to listen on the new port by using ftp.exe to connect to the new port and verify that IIS FTP answers the connection.

Here's a summary of how to fix the problem:

You can change FTP server TCP port numbers by modifying the Systemroot\System32\Drivers\Etc\Services file or by changing their values in the Registry. The setting in the Services file takes precedence over the Registry setting in all cases. That is, by changing the Services file, you affect both the FTP client and the FTP server. By changing the Registry, you affect only the FTP server.

To change the TCP port in the Services file:

• At a command prompt, change directories to Systemroot\System32\Drivers\Etc. 
• Use a text editor to search the Services file for the following two entries: ftp-data 20/tcp ftp 21/tcp
• Modify port 21 to the new FTP port (e.g. 351). See the following example:
  ftp-data 20/tcp # The # sign designates a comment.
  ftp 351/tcp # FTP port changed to 351, was 21.
• Save and close the file.
• To implement the change, stop, then restart the FTP service.

Note, this affects the default TCP ports on both the FTP client and the FTP server. Your FTP server now waits at port 351 for all FTP client requests and your FTP client connects only to an FTP server at port 351. To verify the new FTP port settings:

• At a command prompt, type the command ftp. The ftp> prompt appears.
• Type the command open 127.0.0.1 21 and then press enter. The IP address 127.0.0.1 is the loopback address for your computer. You are specifying 21 as the destination port address. The following message should appear: -> ftp: connect:Connection refused
• Type the command open 127.0.0.1 351 and then press enter. You should be prompted with the following logon message: User <127.0.0.1:<none>>: This verifies that the FTP server is using port 351.

To change the Registry entry for FTP:

• Start the Registry Editor, Regedt32.exe.
• Click the HKEY_LOCAL_MACHINE window and locate the following key: \System \CurrentControlSet \Control \ServiceProvider \ServiceTypes \MSFTPSVC
• Click MSFTPSVC and then double-click the TcpPort value. The DWORD Editor dialog box appears.
• Click Decimal and enter 351 in the Data box. Click OK and close the Registry Editor.
• At the command prompt, type the following information:
     cd %systemroot%\system32\drivers\etc
     ren services services.ok
  This prevents the FTP server from using the port address in the Services file after it has been restarted.
• To implement the change, stop and restart the FTP service. Note, this situation affects the default port only on the FTP server. If you have completed the preceding steps, your FTP server now monitors port 351 for all FTP client requests. You can verify the new settings as explained above.

Back to SafeTP Home