IIS6 Directory Listing Timeout with Windows Firewall

This issue comes up every so often. No matter what, even if you manually define all the passive ports in Windows firewall, add an exception for inetinfo.exe, the works, certain directory listings still hang on the client end. This issue is apparent only with the Firewall enabled — disabling the firewall allows the listings to complete, but leaves the server at risk.

The symptom

Status:	Connection established, waiting for welcome message...
Response:	220 Microsoft FTP Service
Command:	USER xxxxxxxx
Response:	331 Password required for xxxxxxxx.
Command:	PASS ***********
Response:	230 User xxxxxxxx logged in.
Status:	Connected
Status:	Retrieving directory listing...
Command:	CWD /productos
Response:	250 CWD command successful.
Command:	TYPE I
Response:	200 Type set to I.
Command:	PASV
Response:	227 Entering Passive Mode (x,x,x,x,19,137).
Command:	LIST
Response:	125 Data connection already open; Transfer starting.
Response:	226 Transfer complete.
Error:	Connection timed out
Error:	Failed to retrieve directory listing

The Fix

Go to Start -> Run… (or a command prompt) and paste the following:

%SystemRoot%\System32\inetsrv\inetmgr.exe

Go to FTP Sites (right click) -> Properties

1. Under the ‘FTP Site’ tab:

Change ‘Connection timout (in seconds)’ to 300.

2. Under the ‘Home Directory’ Tab:

Change ‘Directory listing style’ from MS-DOS to UNIX.

You can now open those problematic directories:

Status:	Connection established, waiting for welcome message...
Response:	220 Microsoft FTP Service
Command:	USER xxxxxxxx
Response:	331 Password required for xxxxxxxx.
Command:	PASS ***********
Response:	230 User xxxxxxxx logged in.
Status:	Connected
Status:	Retrieving directory listing...
Command:	CWD /productos
Response:	250 CWD command successful.
Command:	TYPE I
Response:	200 Type set to I.
Command:	PASV
Response:	227 Entering Passive Mode (x,x,x,x,19,139).
Command:	LIST
Response:	125 Data connection already open; Transfer starting.
Response:	226 Transfer complete.
Status:	Directory listing successful

In step 1, some folder listings were fixed, even though the listings are generated in well under 2 seconds. In step 2, the rest were fixed. How the heck could Windows Firewall have anything to do with these settings? Please let me know.

One Response to IIS6 Directory Listing Timeout with Windows Firewall

  1. Eugene Kraus says:

    Thanks for this very helpful tip. I could get directory listings with active transfer mode but not passive. Your tricks worked for me and I am back to passive mode use.