Accessing FTP via IE wont work for ISA clients



  • 1. Unable to process error
    I have ISA 2004 std edt as my edge firewall. I havea rule - Unrestricted Internet Access/Allow/ All outboundTraffic/from Internal/ to External /My Domain Users. Well most of the things are fine except when a user on my lan uses outlook/OE to send a mail to a rediffmail account, the mail show as send sucessfully but never reaches the rediffmail account. There is a alert that I see in ISA that says: "The response was rejected because a compressed response was not requested. ISA server blocks compressed HTTP response when it does not request compression." Now someone ple tell me how do I resolve this.
  • 2. Require all users to authenticate
    Hello all! In all my rules i put the group authenticated users. In my internal network, i enabled the web proxy and left blank the option "Require all users to authenticate". What is the best? use or not this option? Without this option, users can access internet without being identified? thanks in advance! cheers Maurit.
  • 3. web page on isa 2004 client---asking credentials
    Hi, After a week of deloying ISA 2004, the client is now experiencing credentials authentication when they access the company's website. Client is running and applied to the proxy settings on the IE6. How do I fix this? Thanks, Ricky
  • 4. Question
    Can one use W2K3, IAS, as a radius server instead of using Steel Belted or any other type of WLAN authentication software? If so is there a KB article that describes how to properly set this up? Thanks, Tony

Accessing FTP via IE wont work for ISA clients

Postby TGFycnkgSGVpbWVuZGluZ2Vy » Thu, 17 Nov 2005 14:40:05 GMT

A bunch of FTP questions, seems tragic it is so tough.

Mine goes like this.  I am managing two distinct domains with ISA 2004 in 
front of each.  There is a dediicated VPN channel opened between them, and 
everything works great.

The access rules are nearly identical on each ISA box.  From inside of one 
network, users can download FTP files from IE on sites such as Symantec and 
HP, but the connection times out on the other network.  On the working one, 
the log monitor shows an FTP connection on port 21 followed by an FTP 
connection on a high port.  In both accesses, FTP is the publishing rule and 
protocol recognized.

On the other network, the FTP connection on port 21 is followed by an 
unrecognized protocol on a high port, and that happens twice more (same 
outside IP address).  The attempt to download a file fails.

I have looked at the access rules and system rules till my eyes have crossed 
trying to come up with any differences.  I even deleted the rule from the 
non-working network, exported it from the working one and then imported it. 
Still no results that are positive.

The FTP rule says allow traffic from internal, local and VPN clients to 
External.  The only protocol in the rule is FTP and the filter is checked in 
the properties.  No internal FTP server.  The failure occurs no matter which 
IE or Firefox browser I try (some IE 6 and IE 5 on the working network).

Any ideas?  I have the impression that just setting up that access rule 
would work, and that is precisely what happened on the working network.

I thank you all in advance for whatever help you might be able to provide.

Re: Accessing FTP via IE wont work for ISA clients

Postby Phillip Windell » Fri, 18 Nov 2005 00:31:28 GMT

In the advanced properties of IE there are two things involving FTP. One is
the "folder view for FTP" toggle and the other one is the "active/passive"
toggle. Try various combinations of those to find something that works.  FTP
is not "simple", is a very complex protocol and IE is a very *lousey*
FTP Client, you will probably always have a certain amount of trouble.

If the users are only downloading and not uploading then you a 100% better
off to just use a web service, can make it behave similar to an FTP
site by turning on Directory Browsing for the target folder in the IIS MMC
and not putting any HMTL files in there, will list the files the same
as FTP and they can download the same as FTP. And you won't have all the

This is exactly what I do here when we have to supply files to outside
clients. I use FTP initially, it simply wasn't worth the trouble.  FTP is
only really usefull of they are doing uploads, and then we insist that they
use a "real" FTP client,...I am just not going to "babysit" everyone's IE
situation if they are trying to use it as an FTP Client.

I don't know anything about "other" browsers.

Phillip Windell [MCP, MVP, CCNA]
Understanding the ISA 2004 Access Rule Processing

Microsoft Internet Security & Acceleration Server: Guidance

Microsoft Internet Security & Acceleration Server: Partners

Re: Accessing FTP via IE wont work for ISA clients

Postby TGFycnkgSGVpbWVuZGluZ2Vy » Fri, 18 Nov 2005 01:17:02 GMT

I have played with both settings and all four combinations dont change the 

Other browsers was essentially meant to be Firefox.  

What still bothers me and what I hoped was the most salient point of my post 
was the way in which the failure is occuring:  the connection on port 21 is 
recognized as FTP and is allowed, but subsequent high-port connectiions fail 
as unrecognized.  However, in the other domain I manage, it works slick as 
can be with FTP coming up for the high port connections.  This was 
implemented simply by adding the access rule, no tweaking of anyone's IE or 
anything else.

THe main reason for getting this successful is application software that 
provides for automatic updates.  The users have several of these, and they 
seem to work via ftp over a web interface only (some by running an imbedded 
IE page).  

The internal IT guys also rely on downloading drivers, etc. from specific 
web sites and use IE as their principal tool.  While it may suck in the minds 
of many, it nevertheless works extraordinarly well on one implementation of 
ISA and not at all on another, almost identical one.  With a specific 
requirement and need, I prefer not to tell users they are just idiots for 
wanting to do something (that they know full well they can and it works) 
simply because I can't find the reason.

I will endeavor to keep looking. Thanks.

Re: Accessing FTP via IE wont work for ISA clients

Postby ZVR » Fri, 18 Nov 2005 05:27:04 GMT

our problem could be summed up as "the FTP access filter does not work", on
the ISA instance where you're seeing this. I am not sure what could cause
that, you are correct that it should not happen. The only suggestion I have
for you is to export all your rules/config on the ISA machine that doesn't
work, then remove and re-install ISA... Probably not the answer you were
looking for but nothing obvious comes to mind.


"Larry Heimendinger" < XXXX@XXXXX.COM > wrote in
message news: XXXX@XXXXX.COM ...

RE: Accessing FTP via IE wont work for ISA clients

Postby TGFycnkgSGVpbWVuZGluZ2Vy » Fri, 18 Nov 2005 12:56:03 GMT

FYI, I have found and solved the problem.  Simply put, ISA was working 
perfectly.  I was not.

In the ISA manager, there is a section called Add-Ins, and one of the tabs 
is for application filters.  Lo and behold, FTP was not enabled.  Enabling it 
and restarting the service fixed all.

So, if any of you have the problem of FTP not allowing securenat clients to 
connect to the dynamic port when you otherwise have a perfectly good access 
rule, please check that the application filter is enabled.

Re: Accessing FTP via IE wont work for ISA clients

Postby Phillip Windell » Fri, 18 Nov 2005 23:29:16 GMT

OK, sounds good.

"Larry Heimendinger" < XXXX@XXXXX.COM > wrote in


Similar Threads:

1.ISA 2004 FTP Upload via FWclient also not working

Setup: 1X ISA 2004 Std with 2 NIC's on W2K server.
Problem: I cannot upload to FTP external sites
Pertinent info:

1. This server was upgraded from ISA 2000, where the above was
actually working
2. I know FTP upload will not work with Web-Prxy, only FW Clnt +
SecureNAT. Client has ISA2004Clnt installed, and is functioning *not*
as WebProxy. I checked this by looking at the Monitoring section on
MMC, showing the FTP app, showing the session as Firewall client.
3. We tried on different client machines
4. We tried with different FTP apps, including IE
5. We tried uploading to diff sites, no-go, but does work when not
working behind ISA
6. From the Clients I can download from FTP no problem

I am exasperated, don't know where else to look. Any help


2.FTP Client Access Error using Web Proxy Client mode ISA 2000 S

3.FTP Client Access Error using Web Proxy Client mode ISA 2000 Stand

I have a Trouble when try to connect to any External FTP using WEb Browser 
(IE6). I receive the follow error:

HTTP 502 Proxy Error - The login request was denied. The logon account might 
have been disabled or logon information might have changed. Log on again to 
verify that the information was typed correctly. If the problem continues, 
report the problem to the administrator of the Internet server you are 
requesting. (12015)
Internet Security and Acceleration Server

Only I can to connect to External FTP Site non authenticated 
(, but when try with a FTP requierd User and Password ISA 
show error.

Please Help Me about that. I Use ISA Server 2000 Standard Edition mode Web 
Cache update wont work and IE 6 wont work correctly when inside

My windows update wont work and when in IE 6 on a web page if there is a next 
or continue button it will not go anywhere? Same for win update when it comes 
up to install express(recommended) or custom and you press the button or 
highlight nothing happens..    I need to uninstall IE 6 and then reinstall it 
I think?

Thanks Rick

5.ISA server won't connect via IE but clients will

I've got the exact opposite problem.

My fix to get the ISA server to browse the 'net was to add a custom
packet filter to allow Port 80 on the remote system and a "dynamic
port" on the local system.

What was your fix to get clients to map through the ISA server to the

On Tue, 22 Jul 2003 02:01:49 -0700, "Chris Wade"
< XXXX@XXXXX.COM > wrote:

>I've just configured a new isa server and everything works 
>fine from the client side. (internet connection, etc.) The 
>server itself won't connect to the internet via IE. Is 
>there any settings I need to change to get this this to 

6. FTP access via ISA(proxy)

Return to ISA


Who is online

Users browsing this forum: No registered users and 35 guest