Troubleshooting IIS 7.5 FTP “Failed to Retrieve Directory Listing” Error for Administrator Accounts


1 views

When attempting to FTP into an IIS 7.5 server using an administrator account, you might encounter two distinct failure patterns:

// Passive Mode Failure Pattern
Command:    LIST
Response:    150 Opening BINARY mode data connection.
Response:    550 The network connection was aborted by the local system.
Error:      Failed to retrieve directory listing

// Active Mode Failure Pattern  
Command:    PORT 192,168,1,129,102,151
Response:    501 Server cannot accept argument.
Error:      Failed to retrieve directory listing

The most common culprit is Windows Firewall blocking passive FTP ports. Here's how to verify:

netsh advfirewall firewall show rule name="FTP Server Passive"
netsh advfirewall firewall show rule name="FTP Server (FTP Traffic-In)"

If these rules don't exist or are misconfigured, run:

netsh advfirewall firewall add rule name="FTP Server Passive" dir=in action=allow protocol=TCP localport=49152-65534
netsh advfirewall firewall add rule name="FTP Server (FTP Traffic-In)" dir=in action=allow service=FTPSVC

Ensure your FTP site is properly configured for passive mode:

// PowerShell check for passive settings
Get-ChildItem IIS:\Sites | Where-Object { $_.ServerAutoStart -eq $true } | 
ForEach-Object { 
    (Get-ItemProperty $_.PSPath -Name ftpServer.security.ssl.controlChannelPolicy).Value 
    (Get-ItemProperty $_.PSPath -Name ftpServer.firewallSupport.externalIp4Address).Value
    (Get-ItemProperty $_.PSPath -Name ftpServer.firewallSupport.passivePortRange).Value
}

To configure via command line:

appcmd.exe set config /section:system.ftpServer/firewallSupport 
    /externalIp4Address:"your.public.ip" 
    /lowDataChannelPort:50000 
    /highDataChannelPort:50100

For administrator accounts, you might need to adjust user isolation:

appcmd.exe set config /section:system.ftpServer/userIsolation 
    /mode:None

Or alternatively, specify an administrator-specific directory:

appcmd.exe set config /section:system.ftpServer/userIsolation 
    /mode:Custom 
    /customUserIsolation.administrator.homeDirectory:"C:\FTPRoot\Admin"

Try alternative FTP clients to isolate the issue. Here's a batch test script:

@echo off
set FTP_SERVER=your.ftp.server
set FTP_USER=administrator
set FTP_PASS=yourpassword

echo Testing with Windows native FTP...
echo open %FTP_SERVER%> script.txt
echo %FTP_USER%>> script.txt
echo %FTP_PASS%>> script.txt
echo dir>> script.txt
echo quit>> script.txt
ftp -s:script.txt
del script.txt

echo Testing with cURL...
curl ftp://%FTP_SERVER%/ --user %FTP_USER%:%FTP_PASS% -l

When all else fails, capture network traffic:

netsh trace start scenario=NetConnection capture=yes tracefile=C:\Temp\FTP_Trace.etl
netsh trace stop

Analyze the trace file with Network Monitor or Wireshark, focusing on:

  • FTP command channel (port 21)
  • PASV command responses
  • Data channel connection attempts

When connecting to an IIS 7.5 FTP server using an administrator account, you might encounter the frustrating "Failed to retrieve directory listing" error. This typically occurs after successful authentication but fails during directory listing operations. The error manifests differently in passive vs. active modes:

// Passive mode error
Command:    LIST
Response:    150 Opening BINARY mode data connection.
Response:    550 The network connection was aborted by the local system.
Error:      Failed to retrieve directory listing

// Active mode error
Command:    PORT 192,168,1,129,102,151
Response:    501 Server cannot accept argument.
Error:      Failed to retrieve directory listing

Several factors can trigger this behavior:

  • Firewall blocking data channel ports
  • Incorrect FTP binding settings in IIS
  • Permissions issues despite admin credentials
  • Network Address Translation (NAT) problems
  • Passive mode port range misconfiguration

First, verify your FTP site bindings:

// PowerShell command to check bindings
Get-WebBinding -Protocol "ftp" | Format-Table -Property Protocol, BindingInformation

Then configure the FTP Firewall Support:

// AppCmd syntax to set external IP
%windir%\system32\inetsrv\appcmd set site "Default FTP Site" /ftpServer.security.firewallSupport.externalIp4Address:"your.public.ip"

For passive FTP to work properly, you need to specify a port range:

// XML configuration snippet for applicationHost.config
<system.ftpServer>
    <firewallSupport>
        <externalIp4Address>your.public.ip</externalIp4Address>
        <dataChannelPortRange low="50000" high="50099" />
    </firewallSupport>
</system.ftpServer>

Try connecting with Windows native FTP client for basic testing:

ftp> open ftp.yourserver.com
ftp> passive
ftp> dir

For FileZilla, ensure these settings in Site Manager:

  • Servertype: FTP - File Transfer Protocol
  • Logontype: Normal
  • Transfer mode: Passive (recommended)

Enable FTP logging in IIS:

// Enable logging via PowerShell
Set-WebConfigurationProperty -Filter "/system.applicationHost/sites/siteDefaults/ftpServer/log" -Name "enabled" -Value "True"
Set-WebConfigurationProperty -Filter "/system.applicationHost/sites/siteDefaults/ftpServer/log" -Name "logInUtf8" -Value "True"

Check Windows Firewall rules:

netsh advfirewall firewall show rule name=all | find "FTP"

Remember to restart both IIS and the FTP service after making changes:

iisreset /restart
net stop ftpsvc & net start ftpsvc