IIS FTP server stopped accepting connections, returning a "421 Service not avaialble, remote server has closed connection." error message after the instance was rebooted. The problem does not appear to be a firewall issue.
I had set up an IIS FTP server on an EC2 instance running Windows Server 2012 R2. Very basic, my boss just wanted plain FTP. I had previously set up an SFTP server on the same instance, using Cygwin sshd, that was working just fine. I set up the "default" IIS FTP server, and it was working fine for a few days, until during a file transfer, it hung. The CPU was pegged at 100%, according to the AWS monitor. I could not RDP into the instance, so I had to re-boot it. Ever since, I could not connect to the IIS FTP server. The "ftpsvc" process status is running, according to the task manager. I have stopped and started it several times. The Windows firewall is off, the AWS firewall has ports 20, 21, and 50,000-51,000 open. No settings, that I am aware of, have changed since it stopped working.
From a local command prompt:
> ftp localhost
Connected to MYINSTANCE
Connection closed by remote host.
From a remote command prompt:
$ ftp myact#xx.xx.xx.xx
Connected to xx.xx.xx.xx
421 Service not available, remote server has closed connection.
But SFTP works:
$sftp myact#xx.xx.xx.xx
myact#xx.xx.xx.xx's password: ****
Connected to xx.xx.xx.xx
I am not very familiar with IIS, and it seems to be running but I don't understand why FTP stopped working after the instance reboot. Note that the EC2 instance is using an Elastic IP, so its at the same public IP address as before the problem started.
I'll post here because this was a big headache for me too. I had to add svchost.exe to the windows firewall and everything worked.
http://youtu.be/l_sk5ITlICo?t=4m53s
Sorry, the problem turned out to be an incorrect setting in the IIS FTP-site Site Bindings. EC2 instances have 2 IP addresses, one private and one public. It seems that the FTP server was set with the EC2 instance private IP address, and when the instance re-booted, it got a different private IP, but was re-assigned the same public IP using the Elastic IP feature. Live and learn.
Related
does anyone know what i'm doing wrong here? i'm trying to access my windows-server 2019 ec2 node locally so i can successful collect metrics via WMI Exporter and point this at my prometheus instance.I'm trying to access port 9182 for WMI Exporter, and can connect fine via localhost on my remote widows instance, also the IPv4 Address on the same instance.I've also tried to configure the firewall port on the windows host 9182. When I try to access via localhost this returns This site can’t be reached, if i try via public address on both i get Can’t reach this page. Ive opened port 3389 inbound and all traffic ipv4 outbound. Any help would be great. I have also tried adding RDP Ip directly to the inbound security rules, yet still have the same issue. Many Thanks
After installing windows_exporter, the installer will create an inbound rule for windows_exporter itself. However it may be not enough and cause your issue for some reasons. See this similar issue.
Try to add a new inbound rule for the Windows firewall and let any programs can access the listening port (default 9182). That works for me.
I tried to look for solutions and most of them talk about adding HTTP, RDP, HTTPS to security group which I have already done. I have a basic hello world nodeJS application running on Amazon Windows Server 2012. I want to access this application using DNS but it's showing ERR_CONNECTION_TIMED_OUT in my local laptop browser.
Configuration:
I have RDP, HTTPS, HTTP, SSH, Custom TCP Protocol with 9000 port (nodeJS is running on port 9000) for inbound rules and for outbound default "All traffic" rule is present. I have not done any changes in the Windows Server 2012 configuration. WHen I run localhost:9000 in the windows server 2012 then server returns "Hello World" but when I try that on my local machine with DNS : 9000 then it says ERR_CONNECTION_TIMED_OUT
Thanks for everyone's support. Special thanks to Viccari. His suggestion (in the comments below the question) worked. I needed to add the port to the firewall. So basically after adding all the protocols to the security group, I had to add the new port on which the NodeJS is working, to the firewall in the server. Finally its working.
I got a problem with Azure Endpoint using Ubuntu.
SYMPTOMS
Online port scanner reported that port 1194 is closed even though the End point was defined to be open at Azure Web Interface for that VM
SETTINGS:
UFW, aka Ubuntu Firewall is inactive.
No IP Table was defined in Ubuntu
On Azure web management interface, endpoint called VPN, port TCP 443 and UDP
1194 was set to open, bidirectional allowing direct return. Public and Private port is both 1194, and both 443
lfor and netstat on ubuntu reported thata service is listening on 1194, got NC to listen to 443
DIAGNOSIS
From Ubuntu, I can see the internet. Pinging Google, getting updates works fine.
I can remote into the machine using default port 22, which is a default open endpoint defined by Azure Ubuntu Image
Restarted Ubuntu everytime a setting change.
Tried deleting and re-creating Endpoint rule, failed
Tried shutting down the VM, and delete and recreate endpoint rule, failed
I CAN Telnet to my local host from Ubuntu via 443.
TROUBLESHOOTING STEPS DEFINED
From my local computer, unable to telnet to the Ubuntu server via 443. Ok on 22, terminated because of protocol mismatch, but that is of course fine.
Online port scanners all report that 1194 was closed and so is 443
Some help would be appreciated.
I think that you need to manually configure the endpoint.
Please check https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/?rnd=1 for more information.
I have 2 servers which are located in different networks. On each of them IIS is installed. When I try to connect to the first IIS server from the second, it gives me error: "Could not connect to the specified computer. The remote name could not be resolved". Fierwall is switched off. Maybe I should configure something in DNS or somwhere else?
Update:
Ping is ok, no packages are lost.
What happens when you "ping" the address from the command prompt?
If it comes up with host not found, then you either need to configure DNS on the server trying to get to the remote computer OR create a static hosts file entry pointing the name to the ip address...
I have deployed the web application in my system using the integrated weblogic server in the jdeveloper 11 g.
But when I start the server and try to access the home page from another system using my ip , I am not getting the page.
Should I be doing any configuration for the same?
i would check to see if you can ping the ip successfully where the application is running from the other system. if ping is successful i would then check to see if you can telnet successfully to ip using the port jdeveloper is listening on. if ping or telnet is unsuccessful depending on your system you might want to check your firewall/iptable rules.