Problem about Window Xp SP2 firewall and the buildin FTP command

[msnews.microsoft.com]

Hi,
I find a problem that if running multiple FTP command at the same time,
the FTP will get hang
when issuing the get command if the buildin firewall in on (already add
ftp.exe program to the exception list).

Steps to reproduce the problem:
1. open multiple DOS shell(cmd.exe) (say 5)
2. on each DOS shell, type ftp -s:abc.txt (where abc is a file that contain
ftp command to get several files) but don't press enter.
3. press enter to run the ftp commands, one by one quickly at same time.
4. the problem will occur that after issuing the get command, the ftp hang!!

Is it that the buildin firewall can't handle too many connection at the same
time?
I check the event log, no strange or useful event generated.

Can anybody tell how can i solve it?
(as one of my program will execute ftp.exe many time at the same time!)

 

[Carey Frisch [MVP]]

Windows XP SP2 to limit Max Connections/sec
http://www.msfn.org/print.php?id=9017

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Hi,
| I find a problem that if running multiple FTP command at the same time,
| the FTP will get hang
| when issuing the get command if the buildin firewall in on (already add
| ftp.exe program to the exception list).
|
| Steps to reproduce the problem:
| 1. open multiple DOS shell(cmd.exe) (say 5)
| 2. on each DOS shell, type ftp -s:abc.txt (where abc is a file that contain
| ftp command to get several files) but don't press enter.
| 3. press enter to run the ftp commands, one by one quickly at same time.
| 4. the problem will occur that after issuing the get command, the ftp hang!!
|
| Is it that the buildin firewall can't handle too many connection at the same
| time?
| I check the event log, no strange or useful event generated.
|
| Can anybody tell how can i solve it?
| (as one of my program will execute ftp.exe many time at the same time!)

 

[Detlev Dreyer]

Is it that the buildin firewall can't handle too many connection at the
same time?

Not really.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#EIAA

I check the event log, no strange or useful event generated.

| Limited number of simultaneous incomplete outbound TCP connection
| attempts
| ...
| When it does occur, a new event, with ID 4226, appears in the system's
| event log.

 

[Tom Che [MSFT]]

Hi,

Thanks for posting here. Also thanks for Carey and Detlev's kindly reply.

From your post, my understanding of this issue is: If you keep Windows
Firewall enabled and run multiple FTP command at the same time, the FTP
will get hang. If this is not correct, please feel free to let me know.

Based on your description, I cannot reproduce this issue on my computer.
However, you may refer to our MVP's suggestion - modify the Registry
(TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
TCP/IP, and then test this issue. If this issue persists, please let me
know the following information if you need any further assistance:

1. Are you sure this issue will disappear if you turn off the Windows
Firewall?

2. Does this issue occur on other computers?

3. Have you tried to use third-party FTP application to do a same test?

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[a ms user]

Dear Tom,
Thanks for your reply.
***IN order to reproduce the error, you should press the ENTER key very
FAST!!! ***
I'm now at home without XP SP2, so can't modify the tcpnumconnections or
try netsh....
i will try them tomorrow at office.

Some ans. for your points:
1. Up to now, i try many times, this situation only occur when firewall
is on.
2. I think this issue should happen on other computers, as i can
reproduce this error on 3 other XP SP2 workstations.
(2 desktops, 1 notebook)
3. Haven't try third party FTP software. But ever try using window's
file explorer to down many files at the same time, no
problem occur!!!!

Today, in office, i run the ftp command in debug mode (issue command
debug), after issue a get command,
i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252) and
the pfirewall.log (locate at
c:\windows) that no connection to such port (1252?) is established, instead
many ports larger 5000, are used for
data transfer.....do the firewall do some port-forwarding activities?

BTW, today, i write a simple ftp program (using function FTPgetfileA,in
wininet.dll, to get files), the problem
occur too..

Don't know if this problem cause by firewall or limit of tcp connection
...
PS: i check the event log that no event of event id 4226 (generated when
exceed 10 simantenous
outgoing connection).

Tom, please follow the steps mentioned again to reproduce the error.
THANK YOU FOR YOUR KIND ATTENTION AND HELP.

below is a sample of the ftp command files:
--------------------------------------------------------
open ftp2.de.nero.com
anonymous
(e-mail address removed)
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
quit
--------------------------------------------------------

Hi,

Thanks for posting here. Also thanks for Carey and Detlev's kindly reply.

From your post, my understanding of this issue is: If you keep Windows
Firewall enabled and run multiple FTP command at the same time, the FTP
will get hang. If this is not correct, please feel free to let me know.

Based on your description, I cannot reproduce this issue on my computer.
However, you may refer to our MVP's suggestion - modify the Registry
(TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
TCP/IP, and then test this issue. If this issue persists, please let me
know the following information if you need any further assistance:

1. Are you sure this issue will disappear if you turn off the Windows
Firewall?

2. Does this issue occur on other computers?

3. Have you tried to use third-party FTP application to do a same test?

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[a ms user]

sorry make a mistake about the interpretation of message PORT
192,168,11,1,1,252
actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
(binary) or 64513 --> 1111 1100 0000 0011
but no matter which intrepretation, do not exist in the firewall log (i
setup to log successful connection)
thanks

Dear Tom,
Thanks for your reply.
***IN order to reproduce the error, you should press the ENTER key very
FAST!!! ***
I'm now at home without XP SP2, so can't modify the tcpnumconnections or
try netsh....
i will try them tomorrow at office.

Some ans. for your points:
1. Up to now, i try many times, this situation only occur when firewall
is on.
2. I think this issue should happen on other computers, as i can
reproduce this error on 3 other XP SP2 workstations.
(2 desktops, 1 notebook)
3. Haven't try third party FTP software. But ever try using window's
file explorer to down many files at the same time, no
problem occur!!!!

Today, in office, i run the ftp command in debug mode (issue command
debug), after issue a get command,
i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252) and
the pfirewall.log (locate at
c:\windows) that no connection to such port (1252?) is established, instead
many ports larger 5000, are used for
data transfer.....do the firewall do some port-forwarding activities?

BTW, today, i write a simple ftp program (using function FTPgetfileA,in
wininet.dll, to get files), the problem
occur too..

Don't know if this problem cause by firewall or limit of tcp connection
..
PS: i check the event log that no event of event id 4226 (generated when
exceed 10 simantenous
outgoing connection).

Tom, please follow the steps mentioned again to reproduce the error.
THANK YOU FOR YOUR KIND ATTENTION AND HELP.

below is a sample of the ftp command files:
--------------------------------------------------------
open ftp2.de.nero.com
anonymous
(e-mail address removed)
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
quit
--------------------------------------------------------

 

[Tom Che [MSFT]]

Hi,

Thanks for your update.

I have performed a lot of tests, but still have not expected result.
Please see my tests as below:

Note:
================
(1). I copy your example ftp command file to a.txt saved in C:\dell folder.

(2). I cannot turn off Windows Firewall, since it is controlled by Domain
Policy in my computer. Therefore, all the tests as below were finished
with enabled Windows Firewall.

(3). I cannot add attachment zip file contains 5 JPG files which are
screenshots in the newsgroup, so please let me know your E-mail and I will
send it to you directly.

Tests:
================
1. I do followed your instruction, and I opened 6 command windows all
including the same command "ftp -s:a.txt" under C:\dell. Please see 1.JPG.

2. I pressed ENTER on each window as fast as I could (I believed it was
finished in 2 seconds), then I got the results as 2.JPG. From the
screenshot, you can see that only 2 windows complete this command
successfully, but other 4 windows get different errors including
"Permission denied" and "Not connected". I have repeated step 1 & 2 about
a dozen of times, and I got the exactly same results - 2 successes, 3
"Permission denied" and 1 "Not connected".

3. I thought there is a better way to run the command at the same time -
using Scheduled Tasks to run 6 same tasks at one time. I edited a batch
file named a.bat containing "ftp -s:c:\dell\a.txt". I added a Scheduled
Task to run "a.bat > ao.txt" as 3.JPG.

4. I copied a.job to other 5 Task files including b.job, c.job and so on.
I also changed the output file to bo.txt, co.txt and so on. Please see
4.JPG.

5. At the scheduled time, these Scheduled Tasks were opened and run
themselves as expected. After a while, all windows were closed
automatically (I also noticed the error "Permission denied" appearing in
some windows before close). And then I checked the output files - you can
see the result from 5.JPG - ONLY 2 commands were successful again! Other 4
output files don't contain error information, but obviously they were
failed.

================
From above results, I believe this FTP Server (ftp2.de.nero.com) may allow
only 2 sessions from the same IP address simultaneously. Therefore, I
don't think this issue is related to Windows Firewall, but may be caused by
different network environment or FTP Server. I recommend that you do the
following tests for further troubleshooting:

1. Perform the multiple FTP commands test on a different network
environment with enabled and disabled Windows Firewall.

2. Create a FTP Server by yourself, and make its setting to allow multiple
sessions from one user at the same time. Then try this issue using your
own FTP Server.

BTW: I cannot find anything useful in my pfirewall.log file, either.

Hope this helps!

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: "a ms user" <[email protected]>
References: <e#[email protected]>

<[email protected]>

Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP command
Date: Tue, 7 Jun 2005 00:27:22 +0800
Lines: 167
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: 221.124.167.215
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:402810
X-Tomcat-NG: microsoft.public.windowsxp.general

sorry make a mistake about the interpretation of message PORT
192,168,11,1,1,252
actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
(binary) or 64513 --> 1111 1100 0000 0011
but no matter which intrepretation, do not exist in the firewall log (i
setup to log successful connection)
thanks
"a ms user" <[email protected]> ¦b¶l¥ó news:[email protected] ¤¤¼¶

 

[ping]

Dear Tom,

Sorry for so late to response to your reply on the
newsgroup.

I checked the firewall log, that the firewall drop
several TCP SYN packets that may cause the FTP hand
problem (seems waiting for server to connect to client
for file transfer).

Could you please give me your email address that i
can send the screen capture, firewall log, etc to you.


BTW, I always test the XP SP2 on both my own FTP
server, production FTP server(both IIS 5.0, window
2000 server, service pack 4, with max. connections =
100, 000) and FTP server on IBM AIX. The problem
occurs when firewall is turned on.

The site: ftp2.de.nero.com is a reference site only
that my FTP site is located within my company's
intranet that can't let you try to connect for
testing. Sorry for confusing you.

I think this situation do not happen on individual
PC due to wrong config. or installation problem, since
i have also tested 3 new PCs, preinstalled with XP SP2
(2 HP, 1 IBM), the same problem occurs.

Thank you for your kind attention.



Tom Che [MSFT] 寫é“：

Hi,

Thanks for your update.

I have performed a lot of tests, but still have not expected result.
Please see my tests as below:

Note:
================
(1). I copy your example ftp command file to a.txt saved in C:\dell folder.

(2). I cannot turn off Windows Firewall, since it is controlled by Domain
Policy in my computer. Therefore, all the tests as below were finished
with enabled Windows Firewall.

(3). I cannot add attachment zip file contains 5 JPG files which are
screenshots in the newsgroup, so please let me know your E-mail and I will
send it to you directly.

Tests:
================
1. I do followed your instruction, and I opened 6 command windows all
including the same command "ftp -s:a.txt" under C:\dell. Please see 1.JPG.

2. I pressed ENTER on each window as fast as I could (I believed it was
finished in 2 seconds), then I got the results as 2.JPG. From the
screenshot, you can see that only 2 windows complete this command
successfully, but other 4 windows get different errors including
"Permission denied" and "Not connected". I have repeated step 1 & 2 about
a dozen of times, and I got the exactly same results - 2 successes, 3
"Permission denied" and 1 "Not connected".

3. I thought there is a better way to run the command at the same time -
using Scheduled Tasks to run 6 same tasks at one time. I edited a batch
file named a.bat containing "ftp -s:c:\dell\a.txt". I added a Scheduled
Task to run "a.bat > ao.txt" as 3.JPG.

4. I copied a.job to other 5 Task files including b.job, c.job and so on.
I also changed the output file to bo.txt, co.txt and so on. Please see
4.JPG.

5. At the scheduled time, these Scheduled Tasks were opened and run
themselves as expected. After a while, all windows were closed
automatically (I also noticed the error "Permission denied" appearing in
some windows before close). And then I checked the output files - you can
see the result from 5.JPG - ONLY 2 commands were successful again! Other4
output files don't contain error information, but obviously they were
failed.

================
From above results, I believe this FTP Server (ftp2.de.nero.com) may allow
only 2 sessions from the same IP address simultaneously. Therefore, I
don't think this issue is related to Windows Firewall, but may be caused by
different network environment or FTP Server. I recommend that you do the
following tests for further troubleshooting:

1. Perform the multiple FTP commands test on a different network
environment with enabled and disabled Windows Firewall.

2. Create a FTP Server by yourself, and make its setting to allow multiple
sessions from one user at the same time. Then try this issue using your
own FTP Server.

BTW: I cannot find anything useful in my pfirewall.log file, either.

Hope this helps!

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

From: "a ms user" <[email protected]>
References: <e#[email protected]>

<[email protected]>

Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP command
Date: Tue, 7 Jun 2005 00:27:22 +0800
Lines: 167
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1478
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
Message-ID: <[email protected]>
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: 221.124.167.215
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:402810
X-Tomcat-NG: microsoft.public.windowsxp.general

sorry make a mistake about the interpretation of message PORT
192,168,11,1,1,252
actually i don't know if the port stand for 1252 or 508 --> 1 1111 1100
(binary) or 64513 --> 1111 1100 0000 0011
but no matter which intrepretation, do not exist in the firewall log (i
setup to log successful connection)
thanks
"a ms user" <[email protected]> ¦b¶l¥ó news:[email protected] ¤¤¼¶

¼g...
Dear Tom,
Thanks for your reply.
***IN order to reproduce the error, you should press the ENTER key very
FAST!!! ***
I'm now at home without XP SP2, so can't modify the tcpnumconnections or
try netsh....
i will try them tomorrow at office.

Some ans. for your points:
1. Up to now, i try many times, this situation only occur when firewall
is on.
2. I think this issue should happen on other computers, as i can
reproduce this error on 3 other XP SP2 workstations.
(2 desktops, 1 notebook)
3. Haven't try third party FTP software. But ever try using window's
file explorer to down many files at the same time, no
problem occur!!!!

Today, in office, i run the ftp command in debug mode (issue command
debug), after issue a get command,
i compare the message PORT IP_address,port(e.g. PORT 192,168,11,1,1,252) and
the pfirewall.log (locate at
c:\windows) that no connection to such port (1252?) is established, instead
many ports larger 5000, are used for
data transfer.....do the firewall do some port-forwarding activities?

BTW, today, i write a simple ftp program (using function FTPgetfileA,in
wininet.dll, to get files), the problem
occur too..

Don't know if this problem cause by firewall or limit of tcp connection
..
PS: i check the event log that no event of event id 4226 (generated when
exceed 10 simantenous
outgoing connection).

Tom, please follow the steps mentioned again to reproduce the error.
THANK YOU FOR YOUR KIND ATTENTION AND HELP.

below is a sample of the ftp command files:
--------------------------------------------------------
open ftp2.de.nero.com
anonymous
(e-mail address removed)
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
get iomega.zip
get gear.zip
quit
--------------------------------------------------------








"Tom Che [MSFT]" <[email protected]> ¦b¶l¥ó
¤¤¼¶¼g...
Hi,

Thanks for posting here. Also thanks for Carey and Detlev's kindly reply.

From your post, my understanding of this issue is: If you keep Windows
Firewall enabled and run multiple FTP command at the same time, the FTP
will get hang. If this is not correct, please feel free to let me know.

Based on your description, I cannot reproduce this issue on my computer.
However, you may refer to our MVP's suggestion - modify the Registry
(TcpNumConnections) or run "netsh winsock reset" to repair Winsock and
TCP/IP, and then test this issue. If this issue persists, please let me
know the following information if you need any further assistance:

1. Are you sure this issue will disappear if you turn off the Windows
Firewall?

2. Does this issue occur on other computers?

3. Have you tried to use third-party FTP application to do a same test?

Have a nice day!

Sincerely,

Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
Message-ID: <[email protected]>
Date: Sat, 04 Jun 2005 16:50:00 GMT
From: "Detlev Dreyer" <[email protected]>
Organization: Not responsible
Subject: Re: Problem about Window Xp SP2 firewall and the buildin FTP
command
References: <e#[email protected]>
X-Comment: MS-MVP Germany
X-Importance: Normal
X-Priority: 3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Lines: 17
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: ACB1D506.ipt.aol.com 172.177.213.6
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windowsxp.general:401625
X-Tomcat-NG: microsoft.public.windowsxp.general

:

Is it that the buildin firewall can't handle too many connection at the
same time?

Not really.


http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk..ms p
x#EIAA

I check the event log, no strange or useful event generated.

| Limited number of simultaneous incomplete outbound TCP connection
| attempts
| ...
| When it does occur, a new event, with ID 4226, appears in the system's
| event log.