IIS 7.5 add FTP site and IIS users

Yesterday is was trying to setup a small FTP server to test some things out for my 70-643 exam. Spend several hours on the following error : “530 user cannot login”. Turned out i’ve forgot to execute a few commands which will set the appropriate permissions on administration.config and redirection.config.

(In this example i have my windows firewall disabled)

Below is a short tutorial to setup an FTP site in IIS 7.5

Step 1, install roles
-Install the following role services : IIS management service / FTP server

Step 2, set appropriate permissions for the config folder and administration config and redirection.config (This important, else the following error will appear : 530 user cannot login)

ICACLS “%SystemDrive%\Windows\System32\inetsrv\config” /Grant “Network Service”:R /T (One folder will fail : config/schema)

ICACLS “%SystemDrive%\Windows\System32\inetsrv\config\administration.config” /Grant “Network Service”:R

ICACLS “%SystemDrive%\Windows\System32\inetsrv\config\redirection.config” /Grant “Network Service”:R

Step 3, configure IIS to accept IIS manager credentials
-Open IIS manager
-Browse to the server
-Open management service
-Select the following : windows credentials or IIS manager credentials
-Click apply in the action pane

Step 4, adding users who can acces the FTP site
-With the server-level node still opened click “IIS manager users” to add an user
-Click ”add” in the action pane
-Type in the name of the user and password

Step 5, after adding the user add a new FTP site
-browse to the site node and right click sites and select : add FTP site
-Type in the site name (for example : ftp.contoso.local) and select a folder which the users will be accessing. Click next
-In the next step of the wizzard select if you want to use SSL, in this example click : allow SSL. Change the binding if you have multiple network cards, select the one on which you want the FTP service to listen. (you don’t have to enable virtual host if you are using one site, if you’re using multiple sites type in a name for example : ftp.contoso.local. Also set the appropriate DNS records). After setting up the appropriate configuration click next.
-In the next step dont setup the authentication yet, this will be done later . Then set ”allow acces to” specified users and type in the user name you’ve set under IIS manager users. Select the permissions you want (read/write or both). Click Finish

Step 6, setting the authentication method to Iismanagerauth
-Expand your FTP site and select FTP authentication
-In the action pane click : custom providers
-In the custom providers screen select : Iismanagerauth, then click ok

If you’ve completed the steps above use for example filezilla client to connect to your FTP server (Host : ipaddress of the server / Username : user you’ve created earlier / Password : password you’ve created for the selected user)

If you’re are using a single ftp site without the virtual host name just type in the username. If you’re are using virtual hostnames type the following fpt.contoso.local|username (ftp.contoso.local is the virtual hostname of the FTP site)

If you’re are running into some problems , check the following :
-are the permissions set on the system32/config folder, redirection.config,administration.config (networkservice)
-Check your FTP authorization rules to check wether or user is allowed to acces the content
-Check your FTP authentication to check if the appropriate authentication is selected

If you’re going use a windows local account, you dont have to create a user in IIS. Just create the user in windows, setup you ftp site, select the created user, and set authentication method to basic. But remember, basic authentication will send the password in cleartext. Use SSL if you’re going to use basic authentication

Link to a site with really great video’s to setup FTP : http://weblogs.asp.net/owscott/archive/2012/02/13/ftp-firewall-settings-active-vs-passive-and-ftps-explicit-vs-implicit-week-47.aspx


About bruunit

Sysadmin at a small company
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to IIS 7.5 add FTP site and IIS users

  1. Patchou says:

    Merci 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s