Forum Moderators: open
Class C Subnet
200 domains
30 FTP sites
All on separate IPs
I have set up Directory Security to limit all IPs except the ones listed on one of my FTP sites. Whenever a user tries to access the ftp site and they are not on the IP access list, it generates a Time_Wait state when the session is over. It also generates an error in the systems event log stating that the "FTP server could not create a client worker thread for user at host ****.xxx.xxx.xxx. The connection to this user is terminated." In the active connections when you view via netstat -an, the Time_Wait state persists forever. These connections never close and they stay there until I either disable and re-enable the network or reboot the machine.
Is there a fix for this? I ran a query in the Knowlegde Base, but it only says that Microsoft is aware of the problem. There is no other information. No fixes or workarounds. I would like to be able to end the Close_Wait state without having to disable the network. I can end up with hundreds of these each week.
Thanks!
Since you're manually adding IP addresses to allow/deny anyway, why not do them at the firewall?
Leave FTP wide open on the SERVER and block access to port 21 at the firewall (or switch if it supports it) unless the visitor is coming from one of the IP's you've defined. If you need to add/remove an IP, just console in to your firewall and edit the access list.
You DO have a firewall since you're hosting websites, right? :)
These FTP sites are for mutliple companies, not just mine. There is no logistical way to cut off everyone and allow just particular IPs.
Weekly, I re-enable the network to clear the Close_Wait connections. I guess that if there is no fix, I will have to continue to do this.
It's a shame that Microsoft couldn't come up with a timed response to clear up these connections. I see that linux and OSX have workarounds, but can find nothing for IIS.
Tracey
