FTP connection timedout when Vista Windows Defender active

Le
Golard
Hi,
Since few years, I'm developping a professionnal software.
I want to make it work on Vista SP1, with Windows Defender active.

* WITHOUT windows defender, it's OK.
* With Windows Defender active, I've got a FTP error (error n°10060: The
current connection has timedout).
* With Windows Defender active, FTP commands are working in a command
console

I've add an inbound and an outbound rule in windows defender to open port 20
& 21 but nothing change
My application is using a COM object to do FTP.

Please can you help me to make my application work ???
Vidéos High-Tech et Jeu Vidéo
Téléchargements
Vos réponses Page 1 / 2
Gagnez chaque mois un abonnement Premium avec GNT : Inscrivez-vous !
Trier par : date / pertinence
Golard
Le #17588211
"Golard" wrote:

Hi,
Since few years, I'm developping a professionnal software.
I want to make it work on Vista SP1, with Windows Defender active.

* WITHOUT windows defender, it's OK.
* With Windows Defender active, I've got a FTP error (error n°10060: The
current connection has timedout).
* With Windows Defender active, FTP commands are working in a command
console

I've add an inbound and an outbound rule in windows defender to open port 20
& 21 but nothing change...
My application is using a COM object to do FTP.

Please can you help me to make my application work ???






French traduction:
Pour maximiser mes chances de réponses, voici la traduction française de mon
message:

Salut,
Je développe un programme "professionnel" depuis plusieures années.
Je désire aujourd'hui le faire fonctionner sous Vista SP1, avec le pare-feu
Windows Defender actif.

* SANS windows defender, tout fonctionne.
* Avec windows defender actif, j'ai une erreur FTP (error n°10060: The
current connection has timedout).
* Toujours avec windows defender actif, les commandes FTP fonctionnent en
utilisant l'invite de commandes MSDOS.

J'ai essayé d'ajouter des règles entrantes et sortantes dans windows
defender pour ouvrir les ports 20 & 21, mais ça ne change rien...

Mon application utilise un composant tiers de type "COM object" pour le FTP.

SVP pouvez-vous m'aider à paramétrer windows defender ???
Ollis
Le #17594871
"Golard" wrote:

Hi,
Since few years, I'm developping a professionnal software.
I want to make it work on Vista SP1, with Windows Defender active.

* WITHOUT windows defender, it's OK.
* With Windows Defender active, I've got a FTP error (error n°10060: The
current connection has timedout).
* With Windows Defender active, FTP commands are working in a command
console

I've add an inbound and an outbound rule in windows defender to open port 20
& 21 but nothing change...
My application is using a COM object to do FTP.

Please can you help me to make my application work ???






Are you sure you're talking about the right program? Are you talking about
the Windows Firewall and not Windows Defender?

I can't see where Windows Defender would be concerned with FTP ports.
Golard
Le #17596801
"Ollis"


"Golard" wrote:

> Hi,
> Since few years, I'm developping a professionnal software.
> I want to make it work on Vista SP1, with Windows Defender active.
>
> * WITHOUT windows defender, it's OK.
> * With Windows Defender active, I've got a FTP error (error n°10060: The
> current connection has timedout).
> * With Windows Defender active, FTP commands are working in a command
> console
>
> I've add an inbound and an outbound rule in windows defender to open


port 20
> & 21 but nothing change...
> My application is using a COM object to do FTP.
>
> Please can you help me to make my application work ???
>
>
>

Are you sure you're talking about the right program? Are you talking about
the Windows Firewall and not Windows Defender?

I can't see where Windows Defender would be concerned with FTP ports.




"Windows Defender" is the name of the new Windows Vista firewall.
Of course Windows Defender control TCP and UDP ports and many other things.
Does anybody know HOW to setup windows defender concerning my problem above
?
Ollis
Le #17597221
"Golard" wrote:


"Ollis"
>
>
> "Golard" wrote:
>
> > Hi,
> > Since few years, I'm developping a professionnal software.
> > I want to make it work on Vista SP1, with Windows Defender active.
> >
> > * WITHOUT windows defender, it's OK.
> > * With Windows Defender active, I've got a FTP error (error n°10060: The
> > current connection has timedout).
> > * With Windows Defender active, FTP commands are working in a command
> > console
> >
> > I've add an inbound and an outbound rule in windows defender to open
port 20
> > & 21 but nothing change...
> > My application is using a COM object to do FTP.
> >
> > Please can you help me to make my application work ???
> >
> >
> >
>
> Are you sure you're talking about the right program? Are you talking about
> the Windows Firewall and not Windows Defender?
>
> I can't see where Windows Defender would be concerned with FTP ports.
>

"Windows Defender" is the name of the new Windows Vista firewall.
Of course Windows Defender control TCP and UDP ports and many other things.
Does anybody know HOW to setup windows defender concerning my problem above
?



http://en.wikipedia.org/wiki/Windows_Defender
http://www.microsoft.com/windows/windows-vista/features/firewall.aspx
http://whitepapers.silicon.com/0,39024759,60265463p,00.htm


So which one are you talking about the Vista FW, Onecare's FW, or Windows
Defender?
Golard
Le #17597381
"Ollis"


"Golard" wrote:

>
> "Ollis" >
> >
> >
> > "Golard" wrote:
> >
> > > Hi,
> > > Since few years, I'm developping a professionnal software.
> > > I want to make it work on Vista SP1, with Windows Defender active.
> > >
> > > * WITHOUT windows defender, it's OK.
> > > * With Windows Defender active, I've got a FTP error (error n°10060:


The
> > > current connection has timedout).
> > > * With Windows Defender active, FTP commands are working in a


command
> > > console
> > >
> > > I've add an inbound and an outbound rule in windows defender to open
> port 20
> > > & 21 but nothing change...
> > > My application is using a COM object to do FTP.
> > >
> > > Please can you help me to make my application work ???
> > >
> > >
> > >
> >
> > Are you sure you're talking about the right program? Are you talking


about
> > the Windows Firewall and not Windows Defender?
> >
> > I can't see where Windows Defender would be concerned with FTP ports.
> >
>
> "Windows Defender" is the name of the new Windows Vista firewall.
> Of course Windows Defender control TCP and UDP ports and many other


things.
> Does anybody know HOW to setup windows defender concerning my problem


above
> ?

http://en.wikipedia.org/wiki/Windows_Defender
http://www.microsoft.com/windows/windows-vista/features/firewall.aspx
http://whitepapers.silicon.com/0,39024759,60265463p,00.htm


So which one are you talking about the Vista FW, Onecare's FW, or Windows
Defender?



Ok, it appears that "Windows Defender" may be not the name of Vista FW...
So I'm talking about VISTA FIREWALL (include in Vista environment).
Maybe I will have more answers with this correction !!!
Can you help me Ollis ?
Ollis
Le #17598001
"Golard" wrote:


"Ollis"
>
>
> "Golard" wrote:
>
> >
> > "Ollis" > >
> > >
> > >
> > > "Golard" wrote:
> > >
> > > > Hi,
> > > > Since few years, I'm developping a professionnal software.
> > > > I want to make it work on Vista SP1, with Windows Defender active.
> > > >
> > > > * WITHOUT windows defender, it's OK.
> > > > * With Windows Defender active, I've got a FTP error (error n°10060:
The
> > > > current connection has timedout).
> > > > * With Windows Defender active, FTP commands are working in a
command
> > > > console
> > > >
> > > > I've add an inbound and an outbound rule in windows defender to open
> > port 20
> > > > & 21 but nothing change...
> > > > My application is using a COM object to do FTP.
> > > >
> > > > Please can you help me to make my application work ???
> > > >
> > > >
> > > >
> > >
> > > Are you sure you're talking about the right program? Are you talking
about
> > > the Windows Firewall and not Windows Defender?
> > >
> > > I can't see where Windows Defender would be concerned with FTP ports.
> > >
> >
> > "Windows Defender" is the name of the new Windows Vista firewall.
> > Of course Windows Defender control TCP and UDP ports and many other
things.
> > Does anybody know HOW to setup windows defender concerning my problem
above
> > ?
>
> http://en.wikipedia.org/wiki/Windows_Defender
> http://www.microsoft.com/windows/windows-vista/features/firewall.aspx
> http://whitepapers.silicon.com/0,39024759,60265463p,00.htm
>
>
> So which one are you talking about the Vista FW, Onecare's FW, or Windows
> Defender?

Ok, it appears that "Windows Defender" may be not the name of Vista FW...
So I'm talking about VISTA FIREWALL (include in Vista environment).
Maybe I will have more answers with this correction !!!
Can you help me Ollis ?




http://support.microsoft.com/kb/947709

It's not your FTP COM object that it's talking about, but it does talk about
how to open the FTP port by setting a FW rule using Netsh at the Command
Prompt.


Are you trying to access the FTP service over the Internet? Is there a
router or firewall appliance that also needs the FTP ports open, if trying to
access the FTP over the Internet?

Are you in a LAN situation that you can use another machine on the LAN to
access the FTP server running on the host machine?
Beoweolf
Le #17600951
Diagnostics of Fire Wall problems, remotely, is extremely difficult,
frustrating and generally requires repeated "back and forth", repetitive
questioning.

From your reported attempts to resolve the problem, I am somewhat confident
that You know your way around the OS, so maybe the steps listed below may
help you find or at least narrow down possible solutions to the problem.

(This troubleshooting technique pretty much outlines the steps I would take
in chasing this issue). Bonheur


One of the security features included with Windows Vista (and Windows XP
Service Pack 2) is the Windows Firewall. It is a built in firewall component
that is designed to protect your computer when connected to an un-trusted
network such as the Internet. Because of the importance a firewall plays in
protecting your computer, it is enabled by default when you install Vista.

You may want to take this one step further and monitor the type of traffic
that is being discarded by your firewall. This can be done by enabling
security logging using the steps outlined below.

1. Click Start, All Programs, and Administrative Tools.
2. Select Windows Firewall with Advanced Security.
3. Click Windows Firewall Properties.
4. Click one of the profile tabs, such as Public Profile.
5. Click the Customize button within the Logging area.
6. Enable firewall logging from the dialog box that appears.
7. Click OK.


"Golard" news:ez$
Hi,
Since few years, I'm developping a professionnal software.
I want to make it work on Vista SP1, with Windows Defender active.

* WITHOUT windows defender, it's OK.
* With Windows Defender active, I've got a FTP error (error n°10060: The
current connection has timedout).
* With Windows Defender active, FTP commands are working in a command
console

I've add an inbound and an outbound rule in windows defender to open port
20
& 21 but nothing change...
My application is using a COM object to do FTP.

Please can you help me to make my application work ???




Golard
Le #17601571
"Ollis"


"Golard" wrote:

>
> "Ollis" >
> >
> >
> > "Golard" wrote:
> >
> > >
> > > "Ollis" > > >
> > > >
> > > >
> > > > "Golard" wrote:
> > > >
> > > > > Hi,
> > > > > Since few years, I'm developping a professionnal software.
> > > > > I want to make it work on Vista SP1, with Windows Defender


active.
> > > > >
> > > > > * WITHOUT windows defender, it's OK.
> > > > > * With Windows Defender active, I've got a FTP error (error


n°10060:
> The
> > > > > current connection has timedout).
> > > > > * With Windows Defender active, FTP commands are working in a
> command
> > > > > console
> > > > >
> > > > > I've add an inbound and an outbound rule in windows defender to


open
> > > port 20
> > > > > & 21 but nothing change...
> > > > > My application is using a COM object to do FTP.
> > > > >
> > > > > Please can you help me to make my application work ???
> > > > >
> > > > >
> > > > >
> > > >
> > > > Are you sure you're talking about the right program? Are you


talking
> about
> > > > the Windows Firewall and not Windows Defender?
> > > >
> > > > I can't see where Windows Defender would be concerned with FTP


ports.
> > > >
> > >
> > > "Windows Defender" is the name of the new Windows Vista firewall.
> > > Of course Windows Defender control TCP and UDP ports and many other
> things.
> > > Does anybody know HOW to setup windows defender concerning my


problem
> above
> > > ?
> >
> > http://en.wikipedia.org/wiki/Windows_Defender
> > http://www.microsoft.com/windows/windows-vista/features/firewall.aspx
> > http://whitepapers.silicon.com/0,39024759,60265463p,00.htm
> >
> >
> > So which one are you talking about the Vista FW, Onecare's FW, or


Windows
> > Defender?
>
> Ok, it appears that "Windows Defender" may be not the name of Vista


FW...
> So I'm talking about VISTA FIREWALL (include in Vista environment).
> Maybe I will have more answers with this correction !!!
> Can you help me Ollis ?
>

http://support.microsoft.com/kb/947709

It's not your FTP COM object that it's talking about, but it does talk


about
how to open the FTP port by setting a FW rule using Netsh at the Command
Prompt.




<http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for
-microsoft-ftp-publishing-service-for-iis-7-0.aspx>

Are you trying to access the FTP service over the Internet? Is there a
router or firewall appliance that also needs the FTP ports open, if trying


to
access the FTP over the Internet?

Are you in a LAN situation that you can use another machine on the LAN to
access the FTP server running on the host machine?






Thank you for your informations.

I have already try to use "netsh advfirewall firewall add ..." to open ports
20 & 21, but it doesn't change anything.
I use already "netsh advfirewall firewall add ..." to allow ICMPv4 echo
request to allow ping in and outbound, and it works.
I use also already "netsh advfirewall firewall add ..." to allow my
apllication to communicate in and outbound.

I think ports 20 & 21 are now open BUT it's maybe not the source of my
problem...
Let me mention again that I've got a FTP timedout connexion when vista
firewall is active, and that it works when it's deactivate.

To answer your questions, my application use FTP to transfert configuration
files between the PC and electronic devices (which are linux pcs also
developped in my company) on a LOCAL network (most of the time dedicated to
our system). So, nothing to do with internet connexion via a host machine.

My application use a COM object to do FTP (FTPX from "Mabry software" which
unfortunately is not support anymore) and I find in the documentation that
it "does not support SSL" (Secure Socket Layers). But I don't know what does
it mean... Do you think it can have something to do with my timedout problem
through the vista firewall ???

Thanks for your help
Ollis
Le #17602171
"Golard" wrote:

Thank you for your informations.

I have already try to use "netsh advfirewall firewall add ..." to open ports
20 & 21, but it doesn't change anything.
I use already "netsh advfirewall firewall add ..." to allow ICMPv4 echo
request to allow ping in and outbound, and it works.
I use also already "netsh advfirewall firewall add ..." to allow my
apllication to communicate in and outbound.

I think ports 20 & 21 are now open BUT it's maybe not the source of my
problem...
Let me mention again that I've got a FTP timedout connexion when vista
firewall is active, and that it works when it's deactivate.

To answer your questions, my application use FTP to transfert configuration
files between the PC and electronic devices (which are linux pcs also
developped in my company) on a LOCAL network (most of the time dedicated to
our system). So, nothing to do with internet connexion via a host machine.

My application use a COM object to do FTP (FTPX from "Mabry software" which
unfortunately is not support anymore) and I find in the documentation that
it "does not support SSL" (Secure Socket Layers). But I don't know what does
it mean... Do you think it can have something to do with my timedout problem
through the vista firewall ???




I don't know what to tell you. On one hand, you say that this FTP solution
works with the Vista FW down. On the other hand you say that it doesn't work
with the Vista FW up.

I would say that the issue may be at the FW, still.

If the host machine has IIS7 and you can enable the FTP server, I would test
that you can make contact with FTP that way, or you could install a 3rd party
FTP server like Filezilla for Vista and check-out the FTP ports 20 and 21
that way to see if things work.

If that works, then I guess it's back to this program you have hosting your
FTP COM object.
Golard
Le #17619521
"Beoweolf"
Diagnostics of Fire Wall problems, remotely, is extremely difficult,
frustrating and generally requires repeated "back and forth", repetitive
questioning.

From your reported attempts to resolve the problem, I am somewhat


confident
that You know your way around the OS, so maybe the steps listed below may
help you find or at least narrow down possible solutions to the problem.

(This troubleshooting technique pretty much outlines the steps I would


take
in chasing this issue). Bonheur


One of the security features included with Windows Vista (and Windows XP
Service Pack 2) is the Windows Firewall. It is a built in firewall


component
that is designed to protect your computer when connected to an un-trusted
network such as the Internet. Because of the importance a firewall plays


in
protecting your computer, it is enabled by default when you install Vista.

You may want to take this one step further and monitor the type of traffic
that is being discarded by your firewall. This can be done by enabling
security logging using the steps outlined below.

1. Click Start, All Programs, and Administrative Tools.
2. Select Windows Firewall with Advanced Security.
3. Click Windows Firewall Properties.
4. Click one of the profile tabs, such as Public Profile.
5. Click the Customize button within the Logging area.
6. Enable firewall logging from the dialog box that appears.
7. Click OK.




Hi Beowolf and thank you for the idea of enabling the log.

What I did:
* Log enabling in the 3 firewall profiles tabs.
* Activate Vista Firewall
* Activate all my inbound and outbound rules (allow for my application, for
ICMPv4 ping, 20 & 21 ports for FTP)
* Activate dynamically open ports for FTP data connections (set global
statefulFTP enable)
* Launch my application ==> FTP connexion timedout

The ONLY LINE I find in the log which seems to concern FTP is :
action=allow
protocol=TCP
src-ip= PC application IP (192.168.200.100)
dst-ip = target device IP (192.168.200.3)
src-portI183 ?
dst-port! (ok it's FTP command port, I suppose for the connexion)
path= SEND

There is NO lines coming from the target device (192.168.200.3) after the
line above.

After this I made again tests with vista FW disable:
* When I deactivate the vista firewall, FTP connexion and files tranfert os
OK (but no log of course...)
* When I activate the visat firewall, AND allow all incoming and outbound
connexions for each of the 3 firewall profiles, I have again the timedout.

What is the conclusion ? Does it means that it's not a firewall RULE
problem... but something else in the firewall ?
Do you know what can block my FTP connexion in the firewall when I allow all
in and out connexion ?
Publicité
Poster une réponse
Anonyme