Start a new topic
Answered

IIS 7.5 and CrushFTP 7

My Windows Server 2008 R2 has three (3) IP addresses, and CrushFTP 7 uses port 443 on all the IP's. Attempting to assign port 443 to any IIS website causes an error. I've reviewed the other IIS topics here, and searched the Microsoft KB.


* Socket pooling is disabled

* IP Listen list includes the two IP's used by IIS, but not the IP used by CrushFTP

* All IIS sites respond properly on port 80

* Browsing to ANY IP address via SSL displays the CrushFTP web interface


Does CrushFTP always use port 443 for all IP's? What do you recommend in this situation? Thanks.


Best Answer

Then your issue is IIS.  CrushFTP is *really* only binding to one IP.  IIS is instead only processing requests that come in one two IPs, but its bound to all IPs.  Its a big difference.  And a stupid design choice by MS.


We have an old FAQ entry on how to fix this...process might be different now in newer IIS, but its still the same issue as always.


http://www.crushftp.com/crush7wiki/Wiki.jsp?page=FAQ


Search on IIS.  If a server binds to 0.0.0.0, nothing else can use any IP with the port that was used.  That is what IIS is doing.  When you go to use the IP that you have excluded, its just dropping the packets...but it still got the connection.


So fix IIS, and CrushFTP and IIS will coexist.


Thanks,

Ben



Go to your crush prefs, port 443, type in the IP you want it to listen on instead of its default "lookup".  Then it will bind to that one IP.  Lookup is the equivalent of "0.0.0.0" so that is all IPs.


Your IIS may still need configuring to truly stop its method of binding, but at least you can easily change the IP CrushFTP is binding to.


Thanks,

Ben

The crush prefs already include a single IP - the same IP that is excluded from the IP Listen list.

Answer

Then your issue is IIS.  CrushFTP is *really* only binding to one IP.  IIS is instead only processing requests that come in one two IPs, but its bound to all IPs.  Its a big difference.  And a stupid design choice by MS.


We have an old FAQ entry on how to fix this...process might be different now in newer IIS, but its still the same issue as always.


http://www.crushftp.com/crush7wiki/Wiki.jsp?page=FAQ


Search on IIS.  If a server binds to 0.0.0.0, nothing else can use any IP with the port that was used.  That is what IIS is doing.  When you go to use the IP that you have excluded, its just dropping the packets...but it still got the connection.


So fix IIS, and CrushFTP and IIS will coexist.


Thanks,

Ben


Provide a screenshot of your HTTPS port item too from the prefs.

I've already run the commands for binding IIS on Server 2008:


netsh

http

add iplisten ipaddress=[IP Address]


When I run show iplisten, I get a list of the two IP's that IIS is listening on, which does NOT include the IP specified in crush prefs.


Running netstat -ba shows that java.exe is listening on 0.0.0.0:445, and 0.0.0.0:49152, as well as all the expected IP's and ports.


According to everything I've read, the servers should be coexisting with the current config - but that's clearly not true.


If there's nothing more to be done with Crush, then I'll have to focus on IIS. Any other ideas?


Thanks.


Running netstat -a -o shows that PID 1428 is listening on 0.0.0.0:443. When I look that up in Process Explorer, PID 1428 is java.exe.

Provide a screenshot of your java preferences config for port 443.


Thanks,

Ben

Set your prefs, logging, debug level to 1.


Then on the server info tab,s top and start port 443.


What is logged?


If the IP used is invalid, CrushFTP will just bind to 0.0.0.0 instead.  Se let me know what is logged.


Thanks,

Ben

Here are the log entries after stopping and starting port 443.


STOP|03/02/2015 09:49:11 AM|---Server Stopped--- LAN IP=192.168.xxx.xxx WAN IP=63.171.1.41 PORT=443

POST|03/02/2015 09:49:11 AM|[HTTPS:7907:crushuser:192.168.xxx.xxx] WROTE: *HTTP/1.1 200 OK*

START|03/02/2015 09:49:11 AM|---Server Started--- LAN IP=192.168.xxx.xxx WAN IP=63.171.1.41 PORT=443

POST|03/02/2015 09:49:13 AM|[HTTPS:7907:crushuser:192.168.xxx.xxx] WROTE: *HTTP/1.1 200 OK*

Here is the log file with Debug Level 1.

txt
Login to post a comment