cancel
Showing results for 
Search instead for 
Did you mean: 

Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

I am attempting to pull updates from a server that does not support passive (PASV) ftp mode. 

I can successfully pull sitestat.xml via windows command line ftp and can right-click save in IE (with passive mode disabled).

Here is the extract from the log file (sorry, this came from an air-gap network):

+--------------------------------------------------------------------------------------------------------------------------------------

FTPSessioninitialized

FTPsession 1 Logging into FTPServer: ftp.svc.aa.bb.ccusingUser:Anonymous in winsock-mode

FTPsession 1 command socket S216 connected

FTPsession 1 connected to FTPServer:ftp.svc.aa .bb.ccusingsocket

FTPsession 1 Raw data read 27 bytes this time: 220 Microsoft FTPService

FTPsession 1 Reply: 220 Microsoft FTPService

FTPsession 1 Logging on to FTPServer: ftp.svc.aa.bb.cc

FTPsession 1 Cmd: PASS • • •

FTPsession1sent 16 bytes on command socket 5216

FTPsession 1 Raw data read 72 bytes this time: 331 Anonymous access allowed, send identity (e-mail name) as password.

FTPsession 1 Reply: 331 Anonymous access allowed, send identity (e-mail name) as password.

FTP session 1 Cmd: PASS ·"

FTPsession 1 sent 30 bytes on command socket S216

FTPsession 1 Raw data read 21 bytes this time: 230 User logged in.

FTPsession 1 Reply: 230 User logged in.

FTPsession 1 Logged on to FTPServer:ftp.svc.aa.bb.ccinsocketmode

Started download session 1 for Site FUBAR CIRT ftpSite

CheckSiteStatus: Downloading file SiteStat.xml from site FUBAR ClRT ftpSite

Downloading file SiteStat.xml from session 1, locaIDir",C:\Windows\ TEMP\naiAF96.tmp\OOOOOOOI, RemoteDir:

FTPsession 1 Downloading file: /visig/HBSS/SiteStat.xml from FTPServer:ftp.svc.aa.bb.cc

FTPsession1 Downloading file from FTPserverftp.svc .aa.bb.ccusing winsock[in non-proxy mode)

FTPsession 1 Cmd: PASS ...

FTPsession 1 sent 8 bytes on command socket 5216

FTPsession 1 Raw data read 20 bytes this time: 20QType set to I.

FTP session 1 Reply: 200 Type set to I.

FTPsession 1 Looking for PASSIVE mode support

FTPsession 1 Sending PASV command to Server

FTPsession 1 sent 6 bytes on command socket S216

FTP session 1 Reading response for PASV command

FTPsession 1 Response received from Server for passive transfer

FTPsession 1 DownloadFile() connect failed on child socket, WSAGetlastError() : 10061

FTPsession 1 Failed to create data connection with FTPserver

Download file SiteStat.xml failed in session 1, nainet ret: O

CheckSiteStatus: Failed to download SiteStat.xml from site FUBAR CIRT ftpSite,hr:-2147467259

Download sitestat.xml failed, error -803

FTPsession 1 Cmd: QUIT

FTPsession 1 sent 6 bytes on command socket 5216

FTPsession 1 Raw data read 14 bytes this time: 221 Goodbye.

FTPsession 1 Reply: 221 Goodbye.

FTP Session 1 closed

+--------------------------------------------------------------------------------------------------------------------------------------

The error from WSAGetlastError() : 10061  translates to "Connection refused"

Thoughts?

Greg Kenoyer

HP

Message was edited by: gdkenoyer on 9/20/11 5:39:03 PM CDT
6 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

ePO will try passive first, and should fall back to active if passive fails. (See KB65898 for details.)

Can you get a wireshark capture of the download attempt? It should shed some light on what's actually being requested.

Also - is there any device between ePO and the FTP server that could be interfering with things?

HTH -

Joe

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

Ah! thanks for the link (I did search first, fwiw!).

> Can you get a wireshark capture of the download attempt?

That would indeed be useful, but just getting the app authorized would take a couple of weeks....

> is there any device between ePO and the FTP server that could be interfering with things?

Yep, a Microsoft ISA 2006 server.

There is a specific rule allowing ftp between the ePO and the ftp servers.

I did  monitor traffic using the IPs of both servers, but didn't see any rejects.  -> I'll dig into this a bit more.

But again, I did get IE (with Passive disabled) and command line ftp to work OK from the same system.

Greg Kenoyer

HP

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

Okay    

First step would be to rule out the ISA server. Can you set up an instance of the FTP server on the ePO side of the ISA box, load it with the same content and see if ePO can pull successfully?

If it can, then the problem's the ISA box: if it can't, then it's ePO (or the FTP server itself.) I have a sneaking suspicion that this section of the KB may be the issue; "If a device between the ePO server and the FTP server does not allow Passive FTP but the FTP server does, the communication will fail as the ePO server has already negotiated that communication to occur via Passive FTP."

HTH -

Joe

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

It appears to be the remote ftp server.

I have a web/ftp server out in a DMZ but subject to the same filtering as the remote ftp server.

I copied the files from the remote ftp server to my web/ftp server and was able to pull successfully.

So my workaround is to set up a job on my ftp server to pull in and duplicate the content of the remote ftp server.

- a Workaround but not really an answer.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

Hm - a bit weird, but at least you have a way round it now

Would you mind letting us know the version (and name) of the FTP software that's failing, in case anyone else runs into the same problem?

Thanks -

Joe

Re: Can ePO v4.5 pull packages in 'normal' ftp mode vs. PASV?

The ftp server answers up as Microsoft.   An error from the web page show IIS v7, so I am assuming Win2k8+