Try telnet to port 22. Determine if it's firewall/network or permissions/configuration issue.

Try connecting using PASV(passive) setting in the client ?

Made some progress.
Baby steps, started with anonymous ftp. Poked a hole in the firewall using command line.
using Filezilla in passive mode.
This connects, but LIST fails:

Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: USER anonymous
Response: 331 Anonymous access allowed, send identity (e-mail name) as password.
Command: PASS **************
Response: 230-Directory has 73,186,422,784 bytes of disk space available.
Response: 230 User logged in.
Command: OPTS UTF8 ON
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,192,33).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Directory listing aborted by user
Response: 550 Data channel timed out.

Nearly there!

Thanks,

T.

Make sure you have "Allow SSL" set and not the default "Require SSL". And you need more than just the normal port 21 rule for passive FTP to work. If you have not, run this firewall rule:

netsh advfirewall set global StatefulFtp enable

Good luck trying to get FTP over TLS/SSL working. When it works it works well, but getting it to work can be a serious pain.

Hi

Thanks, have used that cmdline. I just tested and it is exactly the same with firewall fully off too, so I guess that is not it.

Does this help:

If I click on the site in IISM, Basic Settings, I have
name: Mt FTPSite
Application pool: DefaultAppPool (which is .net4.0, integrated pipeline)
physical path: c:\inetpub\ftproot
passthrough authentication

If I click Test Settings... I get

(tick) Authentication Pass-through authentication (DefaultAppPool:ApplicationPoolIdentity)
(yellow warning triangle) Cannot verify access to path (C:\Inetpub\ftproot).

Details:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

(I have given IIS AppPool/DefaultAppPool read permissions to the above folder. Heck, I even gave Everyone read permissions).

Thanks

T.

I wonder if any default policy setting is messing you up

I've found the Test Settings thing doesn't always work right. Even on a working FTP site the the path access will usually not come back working.

The easiest way to test whether it's firewall, client or setup related is to use FTP.exe on the local server.

Open the Command Prompt

ftp <ip address>

Enter username and password.

If you get an error using FTP.exe on the local server then you have a setup issue. If it works locally and not remotely then you have a firewall issue.

On a side note, be very careful with anonymous FTP access on a public server. Warez and hackers love exploiting anonymous access to push crackware and run up your bandwidth bill.

The most secure way of FTP'ing with IIS is to use an IIS Manager user with user isolation.