The Sky is not the limit

Entries tagged as ‘windows 2003’

How To Configure PassivePortRange In IIS ?

August 20, 2009 · Leave a Comment

How to add PassivePortRange in IIS and firewall exception fot Microsoft FTP service (MSFTPSVC) in windows server ?

Applicable to : Windows 2000 Server with IIS5
Windows 2003 Server with IIS6
Windows 2008 Server with IIS7

We have to do two things

A) Add Passive port range in IIS
B) Add firewall exception in windows firewall

For Windows 2000 Server

A) Add Passive port range in IIS

Configure PassivePortRange via Registry Editor
1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
3. Add a value named “PassivePortRange” (without the quotation marks) of type REG_SZ.
4. Close Registry Editor.
5. Restart the FTP service.

Note: The range that FTP will validate is from 5001 to 65535.

For Windows 2003 Server

A) Add Passive port range in IIS

a) To Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
adsutil.vbs set /MSFTPSVC/PassivePortRange “5500-5700″
4. Restart the FTP service.

You’ll see the following output, when you configure via ADSUTIL script:

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

PassivePortRange : (STRING) “5500-5700″


For Windows 2008 Server


A) Add Passive port range  in IIS

1. Go to IIS 7.0 Manager. In the Connections pane, click the server-level node in the tree.
2.  Double-click the FTP Firewall Support icon in the list of features.
3. Enter a range of values for the Data Channel Port Range.
4. Once you have entered the port range for your FTP service, click Apply in the Actions pane to save your configuration settings.

Notes:

1. The valid range for ports is 1024 through 65535. (Ports from 1 through 1023 are reserved for use by system services.)
2. You can enter a special port range of “0-0″ to configure the FTP server to use the Windows TCP/IP dynamic port range.
3. For additional information, please see the following Microsoft Knowledge Base articles:

* 929851 – http://support.microsoft.com/kb/929851/

4. This port range will need to be added to the allowed settings for your firewall server.

To configure the external IPv4 Address for a Specific FTP Site


1. Go to IIS 7.0 Manager. In the Connections pane, click the FTP site that you created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
2. Enter the IPv4 address of the external-facing address of your firewall server for the External IP Address of Firewall setting.
3. Once you have entered the external IPv4 address for your firewall server, click Apply in the Actions pane to save your configuration settings.

B) Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.
FOR /L %I IN (5500,1,5701) DO netsh firewall add portopening TCP %I “Passive FTP”%I
3. Each port in the range will be added with an “OK” confirmation.

Or you can manually add the port exception as follows.

1. Click Start >> Run >> firewall.cpl ( Hit enter) , and select the Exceptions tab.
2. Click the Add Port button.
3. Enter a Name for the Exception and the first number in the port range.
4. Click TCP if not already selected and click OK.
5. Repeat for each port in the range – for large ranges see the end of the document.
6. Enable the Windows Firewall on the General Tab.

Reference : http://support.microsoft.com/kb/555022

http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

Categories: Windows
Tagged: , , , , , , , ,

How to configure SQL Server 2005 to allow remote connections?

May 22, 2008 · 4 Comments

To configure SQL Server 2005 to allow remote connections, complete all the following steps.

• Enable remote connections on the instance of SQL Server that you want to connect to from a remote computer.
• Turn on the SQL Server Browser service.
• Configure the firewall to allow network traffic that is related to SQL Server and to the SQL Server Browser service.

Enable remote connections for SQL Server 2005 Express

1. Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.

2. On the SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.

3. On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Remote Connections, click Local and remote connections, click the appropriate protocol to enable for your environment, and then click Apply.

Note Click OK when you receive the following message:
Changes to Connection Settings will not take effect until you restart the Database Engine service.

4. On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Service, click Stop. wait until the MSSQLSERVER service stops, and then click Start to restart the MSSQLSERVER service.

Enable the SQL Server Browser service

1.Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.

2.On the SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.

3.On the Surface Area Configuration for Services and Connections page, click SQL Server Browser, click Automatic for Startup type, and then click Apply.

Note When you click the Automatic option, the SQL Server Browser service starts automatically every time that you start Microsoft Windows.

4.Click Start, and then click OK.

Create exceptions in Windows Firewall

SQL Server 2005 uses an instance ID as part of the path when you install its program files. To create an exception for each instance of SQL Server, you must identify the correct instance ID. To obtain an instance ID, follow these steps:
1. Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Configuration Manager.
2. In SQL Server Configuration Manager, click the SQL Server Browser service in the right pane, right-click the instance name in the main window, and then click Properties.
3. On the SQL Server Browser Properties page, click the Advanced tab, locate the instance ID in the property list, and then click OK.
To open Windows Firewall, click Start, click Run, type firewall.cpl, and then click OK.

Create an exception for SQL Server 2005 in Windows Firewall
To create an exception for SQL Server 2005 in Windows Firewall, follow these steps:
1. In Windows Firewall, click the Exceptions tab, and then click Add Program.
2. In the Add a Program window, click Browse.
3. Click the C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe executable program, click Open, and then click OK.

Note The path may be different depending on where SQL Server 2005 is installed. MSSQL.1 is a placeholder for the instance ID that you obtained in step 3 of the previous procedure.
4. Repeat steps 1 through 3 for each instance of SQL Server 2005 that needs an exception.

Create an exception for the SQL Server Browser service in Windows Firewall
To create an exception for the SQL Server Browser service in Windows Firewall, follow these steps:

1. In Windows Firewall, click the Exceptions tab, and then click Add Program.
2. In the Add a Program window, click Browse.
3. Click the C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe executable program, click Open, and then click OK.

For further information

  • http://support.microsoft.com/default.aspx/kb/914277
  • http://technet.microsoft.com/en-us/library/ms143516.aspx
  • http://www.microsoft.com/downloads/details.aspx?FamilyID=c243a5ae-4bd1-4e3d-94b8-5a0f62bf7796&displaylang=en

Categories: Windows
Tagged: , ,

Installing CDONTS in Windows Server 2003 Server

May 22, 2008 · 1 Comment

Microsoft Windows Server 2003 does not install Collaboration Data Objects (CDO) for NTS (CDONTS). Therefore, applications that use CDONTS do not function on a Windows Server 2003-based computer. Windows Server 2003 provides improved alternatives to CDONTS.

To make CDONTS functioning on a Windows Server 2003-based computer, use one of the following method.

1. Download CDONTS.ZIP file. Once you have downloaded it unzip the CDONTS.DLL and put it into %systemroot%\system32 folder (C:\Windows\system32 by default). You can also get CDONTS.DLL from your Windows 2000 CD.

download cdonts.zip from here


2. Register the CDONTS.DLL component on your server using the following command:

regsvr32 "%systemroot%\system32\cdonts.dll"

For example:

C:\WINDOWS\system32>regsvr32.exe cdonts.dll

3. After you have registered your CDONTS.DLL component you need to check whether your SMTP service is running.

Go to Administrative tools, IIS and expand your local machine. If SMTP service is listed then it is installed, else it’s necessary to install this service.

To install SMTP perform the following operation:

Go to Control Panel, Add/Remove Programs, Add/Remove Windows Components, Application Server, IIS, Check on SMTP service, Click OK.

4. Change the port number for SMTP service. Default port is 25. Use 25 only if you don’t have another SMTP service running. If another SMTP service is already running on your server you should switch IIS SMTP port to another, for example to 8025.

You can do through IIS management console: Control Panel, IIS, expand `local computer`, SMTP, Properties, General tab, click on Advanced button, Edit.

5. Configure SMTP service. The main things are to set a valid full-qualified domain name for SMTP service: Control Panel, IIS, expand `local computer`, SMTP, Properties, Delivery tab, click on Advanced button and configure Security for SMTP service.

It’s necessary to grant permissions to IIS_WPG standard IIS Worker Process Group. Control Panel, IIS , expand `local computer`, SMTP, Properties, Security tab , click on Add button, cick Object types… button, check on Groups item, click OK, type IIS_WPG as object name to add , click OK.

Additional setting: Choose Authentication and tick Anonymous Access and Integrated Windows Authentication. Click OK, and then click CONNECTION. Configure RELAY settings as you wish. Click the DELIVERY tab then click ADVANCED. Set the MAX hop count to whatever you like but we recommend at least 20

Now IIS SMTP service is configured and ready to work.

click here to download for the test script to verify the cdonts is installed and working in the server.

Additional information

http://support.microsoft.com/default.aspx?scid=kb;en-us;324649

http://support.microsoft.com/kb/315197/en-us

Categories: Windows
Tagged: ,