Loading

Sunday, November 29, 2009

How to Install and Configure IIS 7 FTP Publishing Service

The new FTP Publishing Service 7.5 has been rewritten for Windows Server 2008 and lot of new futures and additions included. (Integration with IIS 7, FTP over SSL (from v7.0), Improved Logging, etc..)

Prerequisites
1. Internet Information Services 7.0 installed.
2. Windows Server 2008 or Vista.
3. Download FTP Publishing Service 7.5
4. Create a folder for FTP Publishing Service and allow Full access for Administrators
  • mkdir “c:\inetpub\ftproot\ftp.mydomain.com”
  • cacls “c:\inetpub\ftproot\ftp.mydomain.com” /G administrators:F /T /E
In case we want to add access to specific backup user we can use the following command”
  • cacls “c:\inetpub\ftproot\ftp.mydomain.com” /G username:F /T /E
Permissions:
R  Read
W  Write
C  Change (write)
F  Full control
Installation
Before installing FTP Publishing Service 7.5 over IIS 7.0 be sure that you uninstall any previous versions of FTP Publishing Service.

  1. When the installation program of Microsoft FTP Service for IIS 7.0 begins, click Next.
  2. Accept the End-User License Agreement and click Next.
  3. Select the features you want to be installed and click Next.
  4. Click Install to begin the installation.
  5. At the end click Finish.

Creating the Certificate
After the installation finishes we open Internet Information Services 7.0  Manager and we select Server Certificates to create a self-signed SSL certificate. Another option is to create a certificate request to process with a 3rd party SSL provider which is recommended for production systems as they are from a trusted root.

Server Certificates

Click on Create Self-Signed Certificate…

Create a self-signed certificate

Specify a certificate name and click OK:

Specify certificate name


Creating the FTP Site
Right click the Sites node in the tree and click Add FTP Site…

Add FTP Site...

On the Add FTP Site wizard add the FTP site name and select the path we created in the prerequisites and click Next.

Add FTP Site Wizard

On the next page of the wizard we click the Require SSL option and we choose our SSL Certificate then we click Next.

Binding and SSL Settings

On the next page of the wizard we select Basic for Authentication and on Allow access to we select specified users and we define our backup ftp account with read and write permissions then we click on Finish. In case we want to allow anonymous ftp connections select Anonymous authentication and on Permissions we select the Read.

Authentication and Authorization Information


Configure the Firewall
If we are behind a firewall we should configure the FTP Firewall Support under Internet Information Services Manager and configure our firewall ports to accept passive connections on the ports we specify. In case we want to use dynamic port range under Data Channel Port Range we enter port range “0-0?.

FTP Firewall Support


Configure the FTP Client (FileZilla for example)
Configure FTP Client to connect to our FTP Site using FTP over explicit TLS/SSL.

FTP Client Settings


Troubleshooting
In case you get “534 Local policy on server does not allow TLS secure connections.” error this is because we need to select an SSL certificate at the Server Level.

FTP SSL Settings Server Level
FTP SSL Settings Certificate Selection

No comments:

Post a Comment