How To Enable Passive FTP Transfer Mode in Microsoft IIS Server When Windows Firewall is On?

Problem

When you turn on Windows firwall in Microsoft Windows Server 2008/2003, FTP will only works in "Active Transfer Mode" but NOT "Passive Transfer Mode". Some FTP clients do need passive transfer mode if they are behind a firewall. Some FTP publish services like blogger.com can only support passive ftp transfer mode as well.

Solution

You can enable passive ftp transfer mode in Microsoft IIS server. Please follow these steps.

a. Enable direct metabase edit

Open Start > Programs > Administrative Tools > Internet Information Service (IIS) Manager. Right click "ServerName (local computer)" and choose "Properties". Check on "Direct Direct MetaBase Edit" and click "OK".

b. Add PassivePortRange

Open C:\WINDOWS\system32\inetsrv\MetaBase.xml with NotePad or other editors. Add a new line 'PassivePortRange="5001-5008"' in "IisFtpService" section.

c. Disable direct metabase edit and re-start iis

C:\>iisreset

d. Open firewall ports

Open Start > Settings > Control Panel > Firewall. Add the TCP ports 5001-5008 to the firewall exception list.

e. Test

Now you should be able to connect to ftp server with passive transfer mode.

Other Resources

1. How To Configure PassivePortRange In IIS
2. Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections