WS_FTP Server 2017 Release Notes

In this File

WS_FTP Server 2017 Release Notes

This document describes the new features, defects resolved, and known issues for WS_FTP Server 2017, the Web Transfer Module, the Ad Hoc Transfer Module, and the Ad Hoc Transfer Plug-in for Outlook.

To upgrade to this release, you must have WS_FTP Server version 7.6 or higher.

Depending on which WS_FTP Server product you have purchased, portions of this document may not apply.

Security Update: 2017

Release 2017 includes OpenSSL 1.0.1t, which contains new security fixes described here: https://www.openssl.org/news/cl101.txt. These are DoS and SSL downgrade attack vectors that are applicable to WS_FTP Server. It also includes all prior upgrades that addressed the Heartbleed vulnerability, and includes OpenSSL version 1.0.1h.

What's New: 2017

What'sNew

New Editions

Faster Install

Improved Security: Addition of SHA2 Ciphers and MACs, TLS1.1, and 1.2 with the ability to disable the Diffie-Hellman-Group1.

New Web Transfer and Ad Hoc Web Interface Using HTML5: New interfaces with a cleaner display and better functionality.

PostgreSQL upgrade to version 9.3

Support for Windows 2016

Support for Outlook 2016 (workstation, not web)

What is WS_FTP™ Server?

Ipswitch WS_FTP™ Server is a highly secure, fully featured and easy-to-administer file transfer server for Microsoft Windows® systems. WS_FTP Server 2017 lets you create a host that makes files and folders on your server available to other people. Users can connect (via the Internet or a local area network) to your host, list folders and files, and (depending on permissions) download and upload data. Administrators can control access to data and files with granular permissions by folder, user, and group. Administrators can also create multiple hosts that function as completely distinct sites.

WS_FTP Server 2017 is proven and reliable. It is used by administrators globally to support millions of end users and enable the transfer of billions of files.

WS_FTP Server 2017 complies with the current Internet standards for FTP and SSL protocols. Users can connect to the server and transfer files by using an FTP client that complies with these protocols.

WS_FTP Server 2017 with SSH also includes support for SFTP transfers over a secure SSH2 connection.

Administration

Performance

Security and Compliance

WS_FTP Server 2017 Product Family

The WS_FTP Server 2017 product family provides a broad range of file transfer functionality, from fast file transfer via the FTP protocol to secure transfer over SSH, to a complete file transfer (server/client) solutions.

Following are some of the WS_FTP Server 2017 features available, dependent upon the product package:

Additional modules

WS_FTP Server 2017 Web Transfer Module: The WS_FTP Server Web Transfer Module enables users to transfer files between their computers and company servers over HTTP/S using a Web browser. As a result, employees and external business partners can connect to company networks simply and securely to share files, data, and other critical business information. WS_FTP Server Web Transfer Client is an IIS web application that installs on the WS_FTP Server computer to communicate with the WS_FTP Server 2017 database and FTP file system.

WS_FTP Server 2017 Ad Hoc Transfer Module: The WS_FTP Server Ad Hoc Transfer Module lets users send files from their computers to one or more individuals by sending an Ad Hoc Transfer message via email. Recipients of an Ad Hoc Transfer package can connect to a download page, hosted on the WS_FTP Server, and download the files that have been sent to them. This module lets your users send a secure transfer to colleagues and clients, without the need to set up temporary accounts. Users can send a package by using the Ad Hoc Transfer web interface or Microsoft Outlook. Ad Hoc Transfer Module is an IIS web application that communicates with the WS_FTP Server 2017 database and Ad Hoc file system.

SCP Protocol Defects Resolved in WS_FTP Server 2017 (8.0.2)

ID

Category

Issues

WSRVR-3832 WSRVR-3835

Security

CVE-2019-12144, CVE-2019-12145: Supplied filenames are validated to ensure that they are valid Windows filenames. Credit: Dan Bastone of Aon's Cyber Solutions.

WSRVR-3833

Security

CVE-2019-12146: Destination directories containing invalid Windows paths are rejected as invalid paths. Credit: Devon Greene of Aon's Cyber Solutions.

WSRVR-3834

Security

CVE-2019-12143: Authenticated users cannot download files outside of their home directory. If a user does not have access to a file, they receive a permission denied error. Credit: Devon Greene of Aon's Cyber Solutions.

Defects Resolved in WS_FTP Server 2017 (8.0.1)

ID

Category

Issues

WSRVR-1703

SSH

The last log on date is now updated for users that log on with an SSH client key.

In previous releases, the last log on date was not updated for users that logged on with an SSH client key.

WSRVR-3183

SSH, SSL

You can utilize all defined SHA2 MAC algorithms in WS_FTP Server 2017 (8.0.1).

In the WS_FTP Server 2017 (8.0) release, it was not possible to connect with an SSH Client using hmac-sha2-384 and hmac-sha2-512.

WSRVR-3188

Install, SSL

If there are no bindings on the targeted IIS website, the installer creates a binding. If there is one binding on the targeted IIS website, the installer will select and use that binding. If there are multiple bindings on the targeted IIS website, you must remove any bindings on the targeted IIS website, other than the SSL binding selected for use with the WS_FTP Server.

In the WS_FTP Server 2017 (8.0) release, the AHT and WTM logon failed if there was a pre-existing binding on the targeted IIS website, and the user elected to create a new binding during the installation.

WSRVR-3191

Install, Licensing

The number of license activations and the license file path in the registry were corrected.

In the WS_FTP Server 2017 (8.0) release, the “Too many activations for this license” message displayed when a user canceled an installation and used the same license to install on another machine.

WSRVR-3250

SSH, FTP

Fixed an issue that in previous releases, under heavy load, occasionally caused the WS_FTP Server SSH or FTP services to crash while making or removing directory calls.

Defects Resolved in WS_FTP Server 2017 (8.0)

ID

Category

Issues

WSRVR-1499

SSH

WS_FTP Server 7.6 SSH service stops responding to connections until it is restarted. Added handler for Maverick clients to handle bad packet sizes.

WSRVR-1566

Security

Password length increased from 40 to 128 characters for both the create user and change password pages. There is no length check (like previous versions). The control stops accepting characters after the 128th.

WSRVR-1587

Security

When listeners were set to "SSL Enabled" and hosts were set to "Force SSL" and the USER command was sent, there was a continued connection when the user didn't exist on a host, but a dropped connection when the user did exist on the host. Now all connections are dropped when all hosts on a particular listener are set to "Force SSL" and the connection doesn't send the AUTH command before the USER command.

WSRVR-1589

Security

Added functionality to add/remove specific ciphers for SSL listeners. 2017 installs/upgrades will populate tables with ciphers from the current OpenSSL dll, and by default will enable all. End users can remove/add/prioritize from this list using new/modified UI pages (Add Cipher and Remove Cipher).

WSRVR-1607

Security

Prior to 2017, WSFTP provided the ability to set the SSL security level on SSL listeners with these options:

  • Enable TLS only (more secure)
  • Enable TLS and SSL version 3
  • Enable TLS and SSL versions 1, 2, and 3

In 2017 these values have changed to explicit protocols where the security level can be changed to one or a combination of:

  • Enable SSL 3
  • Enable TLS 1.0
  • Enable TLS 1.1
  • Enable TLS 1.2

For new installs SSL listeners are defaulted to Enable TLS 1.2 only. Upgrades are mapped to the pre-2017 equivalent.

WSRVR-1630

Settings

Fixed issue where iftpaddu.exe ignored default host settings. Added default host settings to command line user creation.

WSRVR-1645

SSL

Added SHA dropdown to Create SSL Certificate page that allows user to select either SHA1 or SHA2 when creating certificates.

WSRVR-1718

FTP

In CuteFTP 8.3.4.0007 and CuteFTP 9.0.5.0007 (current) if the "Protocol type:" of the Site Profile was set to "FTP with SSL (AUTH SSL - Explicit) and the Global setting of "Reuse cached session for data connection" was applied (Tools > Global Options > Security > SSL Secutiry > Check "Reused cached session for data connection"), when the connection attempt was made it would crash the WS_FTP Server Service. The service had to be manually restarted before connections could be made. Added handler for socket shutdown so service no longer crashes.

WSRVR-2028

Core

Prior versions used file creation time for folder cleanup settings. In 2017, a Use File Create Time option (uncheck for File Copy Time) was added to the Host Details, Create Host, and Edit Folder pages. Selecting this checkbox will use the file copy time for cleanup. The default for install/upgrade is checked.

WSRVR-2078

Core, Security, SSH

A checkbox (Disable Diffie-Hellman Group1) was added under System Details. New installs and upgrades will default to off (unchecked). Checking this box will exclude this group from the kex algorithm.

WSRVR-2323

Licensing

If you upgrade from a previous version, and try to use an evaluation license, it will accept the license and allow you to log in, but the system settings (where license is listed), says the file is invalid. On a fresh install, the license works fine.

WSRVR-2414

Web Transfer Module

Image was missing when file extension contained uppercase letters. In order to add additional image file formats you can edit mimetype.xml file (default location is C:\Program Files (x86)\Ipswitch\WS_FTP Server\WebClients\ThinClient\Bin) and add a new row <mimeMap fileExtension=".newExtension" mimeType="image/newExtension" />

Known Issues in WS_FTP Server 2017 (8.0.1)

WS_FTP Server does not support multiple SSL bindings

You must remove any SSL bindings on the targeted IIS Website, other than the SSL binding selected for use with the WS_FTP Server.

AHT and WTM pages display a gray screen if Active Scripting is not enabled in Internet Explorer 11

AHT and WTM pages display a gray screen if Active Scripting is not enabled in Internet Explorer 11.

To enable active scripting, complete the following steps.

  1. On the web browser menu, click Tools or the Tools icon, and select Internet Options.
  2. On the Internet Options window, select the Security tab.
  3. On the Security tab, select the Internet zone and click the Custom level button.
  4. In the Security Settings - Internet Zone dialog box, locate the Scripting section. Click Enable for Active Scripting.
  5. To accept the changes for this zone, click Yes in the Warning window.
  6. To close the Internet Options window, click OK.
  7. To refresh the browser page and run scripts, click the refresh icon or F5.

If non-default ports are used, the AHT and WTM redirect fails, resulting in a “This page cannot be displayed” error message.

The default IIS port for HTTPS is 443. When IIS is configured to use a different port for HTTPS, the redirect from HTTP to HTTPS fails.

To mitigate this issue, add the correct port number to the Thinclient, AHT, or both web.config files, or disable the HTTP to HTTPS redirect.

To add the correct port number to the Thinclient and AHT web.config files, complete the following steps.

  1. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\WebClients\ThinClient\web.config with a source code editor.
  2. Locate the following line of code.

    <action type="Redirect" redirectType="Permanent" url="https://

    {HTTP_HOST}:443/ThinClient/{R:1}" />

  3. Replace 443 with the HTTPS port number that IIS is using for Thinclient.
  4. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\Ad Hoc Transfer\AHT\web.config with a source code editor.
  5. Locate the following line of code.

    <action type="Redirect" redirectType="Permanent" url="https://

    {HTTP_HOST}:443/AHT/{R:1}" />

  6. Replace 443 with the HTTPS port number that IIS is using for AHT.

To disable the HTTP to HTTPS redirect, complete the following steps.

  1. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\WebClients\ThinClient\web.config with a source code editor.
  2. Locate the following line of code.

    <rule name="HTTP to HTTPS redirect" stopProcessing="true" >

  3. Modify the code as follows.

    <rule name="HTTP to HTTPS redirect" stopProcessing="true" enabled="false">

  4. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\Ad Hoc Transfer\AHT\web.config with a source code editor.
  5. Locate the following line of code.

    <rule name="HTTP to HTTPS redirect" stopProcessing="true" >

  6. Modify the code as follows.

    <rule name="HTTP to HTTPS redirect" stopProcessing="true" enabled="false">

The default IIS port for HTTP is 80. When IIS is configured to use a different port for HTTP, the redirect from HTTP to HTTPS fails.

To mitigate this issue, replace {HTTP_HOST} with {SERVER_NAME} in the Thinclient, AHT, or both web.config files, or disable the HTTP to HTTPS redirect, as described above.

To replace {HTTP_HOST} with {SERVER_NAME} in the Thinclient and AHT web.config files, complete the following steps.

  1. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\WebClients\ThinClient\web.config with a source code editor.
  2. Locate the following line of code.

    <action type="Redirect" redirectType="Permanent" url="https://

    {HTTP_HOST}:443/ThinClient/{R:1}" />

  3. Replace {HTTP_HOST} with {SERVER_NAME}.
  4. Open C:\Program Files (x86)\Ipswitch\WS_FTP Server\Ad Hoc Transfer\AHT\web.config with a source code editor.
  5. Locate the following line of code.

    <action type="Redirect" redirectType="Permanent" url="https://

    {HTTP_HOST}:443/AHT/{R:1}" />

  6. Replace {HTTP_HOST} with {SERVER_NAME}.
  7. To implement this workaround for Internet Explorer, locate the following line of code.

    <action type="Redirect" url="AHT_UI/public/#/password" appendQueryString="true" logRewrittenUrl="true" />

  8. Add the following lines of code directly following the code in step 7.

    <conditions>

    <add input="

    {HTTP}" pattern="off" ignoreCase="true" />

    </conditions>

Password authentication fails during installation of WS_FTP Server 2017.

If the IPS_user's password utilizes the % character as the first character in the password, the password authentication fails during installation or upgrade to WS_FTP Server 2017 (8.0.1).

To mitigate this issue, uninstall WS_FTP Server 2017 (8.0.1) and delete the registry key containing the IPS_username. Re-install WS_FTP Server 2017 (8.0.1) with a different password.

WS_FTP Server 2017 (8.0.1) crashes during repair installations and upgrading from 2017 (8.0)

WS_FTP Server 2017 (8.0.1) crashes during repair installations and upgrading from 2017 (8.0) if modules are not installed.

To mitigate this issue, install the modules during installation.

Known Issues in WS_FTP Server 2017 (8.0)

Known Issues in Windows 2012R2

Eval License Issue

If you upgrade from a previous version and try to use an evaluation license, it will accept the license and allow you to log in, but the system settings (where license is listed), says the file is invalid. On a fresh install, the license works fine.

Cannot open WS_FTP Server Manager via the Metro UI programs list

The workaround requires that you modify your local security policy:

  1. Press the Windows key + R to bring up the Run box, and then type secpol.msc. Press Enter.
  2. On the Local Security Policy window, navigate to Security Settings > Local Policies > Security Options.
  3. On the right panel, double-click on the option User Account Control: Admin Approval mode for the Built-in Administrators Account and enable it.
  4. Click Apply and exit Local Security Policy.
  5. Press the Windows key + R to bring up the Run box, and then type regedit. Press Enter.
  6. On the Registry Editor window, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI. On the right side, double-click on default and change the value to 0×00000001(1). Click OK.
  7. Restart your computer. Now you should be able to run Modern UI Apps using the Built-in Administrator account.

Note: If http://127.0.0.1 has not already been added to the Trusted Sites you will see an error page that reads: This page can’t be displayed. Make sure the web address is correct. Look for the page in your search engine. Refresh the page in a few minutes. You will need to add http://127.0.0.1 to the Trusted Sites through the desktop Internet Explorer page. You can also go to Internet Explorer > Internet Options > Security tab > Trusted Sites > Sites and add 127.0.0.1 to the list of trusted websites. For more information, see Adding a website to your browser's Trusted Sites.

If Host's Password Policy not followed in Change Password form, user will be signed out from Web Transfer Module and Ad Hoc Transfer Module

If you change an Ad Hoc Transfer Module or Web Transfer Module password to a new password that does not comply with the Host's password policies (Server > Host details > Password Settings), the user will be signed out of those modules with a password change failure. You may encounter the following errors:

'Change user password failed - user user@host password change failed'
'Change user password failed - user user@host password change failed'
'Failed to Change Password'

Upgrading Resets Log Settings and Log Level

If the log settings on WS_FTP Server point to a remote server, upgrading WS_FTP Server will cause the log settings to change to 127.0.0.1. If the log level was set to anything other than Normal, upgrading will cause the log level to return to the default level of Normal.

Web Transfer Module Missing Icons in Internet Explorer 11

Internet Explorer 11 may not display the Rename and Delete icons in the Web Transfer Module. To fix this issue, in Internet Explorer go to Security Settings > Downloads > and enable Font Downloads.

On Reinstall, WS_FTP Server Folder not deleted

If you uninstall WS_FTP Server and leave the configuration data, on re-install you will get an invalid prompt that data in the WS_FTP Server folder exists and will be deleted on uninstall. When continuing the reinstall, the folder is actually not deleted.

On Upgrade of System with SQL Express, Manual Entry of Port Number with Server Name Required

When upgrading a system with SQL Express, using port 1433, you will have to enter the port number with the server name during the upgrade. For example: "localhost,1433".

Known Issues in All Versions

OpenSSL conflicts when installing WS_FTP Server V7.5.1 or later

The WS_FTP Server 2017 2017 installation programs installs a new version of the OpenSSL library. The new version (OpenSSL 0.9.8p for 7.5.1; OpenSSL 1.0.1c for 7.6), is required and gets installed to the installation folder (the default is: C:\Program Files\Ipswitch\WS_FTP Server).

If the installation program finds a version of the library in the Windows system folders, it will stop the installation and ask you to move or rename the library files. If these library files are used by other programs, you want to make sure that you retain a copy of them. We suggest you create a backup in another folder, or rename these files, then remove the files from these locations:

32-bit OS

64-bit OS

C:\Windows\libeay32.dll

C:\Windows\libeay32.dll

C:\Windows\ssleay32.dll

C:\Windows\ssleay32.dll

C:\Windows\system32\libeay32.dll

C:\Windows\SysWOW64\libeay32.dll

C:\Windows\system32\ssleay32.dll

C:\Windows\SysWOW64\ssleay32.dll

C:\Users\[username]\Windows\libeay32.dll or
C:\Documents and Settings\[username]\Windows\libeay32.dll

C:\Users\[username]\Windows\libeay32.dll or
C:\Documents and Settings\[username]\Windows\libeay32.dll

C:\Users\[username]\Windows\ssleay32.dll or
C:\Documents and Settings\[username]\Windows\ssleay32.dll

C:\Users\[username]\Windows\ssleay32.dll or
C:\Documents and Settings\[username]\Windows\ssleay32.dll

IP Lockouts do not carry over failed logon attempts after cluster failover

When a cluster fails over from node 1 to node 2, the number of failed logon attempts does not carry over to node 2. Therefore, the server does not lock out the user even if the failed logon count is cumulatively greater than the limit set by the IP Lockouts rule since the failed logon count per node is less than the IP Lockout rule allows. Once a user fails a number of logons on a single node equal to the IP Lockouts limit, then the user is locked out.

For example, assume a user account’s IP Lockouts rule is set to blacklist the user after 5 failed attempts. If a user fails to log on 3 times while node 1 is the active node and then the cluster fails over, the user will have to fail 5 more log on attempts on node 2 in order for WS_FTP Server to blacklist the user because the failed attempts do not transfer between nodes.

Currently, there is no work around for this issue.

See IP Lockouts do not carry over failed logon attempts after cluster failover in the Ipswitch Knowledge Base for more information.

Unhandled exception when using AHT and switching nodes after a failed send

When a cluster fails over from node 1 to node 2 while an Ad Hoc Transfer user attempts to send a package from the AHT site, the file transfer fails, the user is logged out, and the browser displays the Microsoft error "Internet Explorer cannot display the webpage." After node 2 becomes the active node, users attempting to log on to the AHT site again receive an error message about an unhandled exception.

To resolve this issue, the user must restart the browser session before logging back onto the site. Then the user can send packages normally.

See An unhandled exception when using AHT and switching nodes after a failed send in the Ipswitch Knowledge Base for more details and the content of the exception.

Unable to resume transfer or delete file after failover

When a cluster fails over from node 1 to node 2 during an upload, the transfer fails and the file transfer client‘s connection to the cluster drops (the message is "Connection is dead"). The upload does not resume when the user logs back into the server. Although the partially uploaded file is present, it cannot be deleted. This is caused by the share host (Windows UNC or Linux NAS) holding an open handle for node 1 on the partially uploaded file, presumably waiting for the client to (possibly) reconnect. Node 2 cannot modify the file at this time.

Since resuming the transfer is impossible, the user must delete the file and then restart the transfer.

To delete the file, the user must wait a few minutes until the share host releases its hold on the file handle, and then the user can delete the file. ("A few minutes" ranges from about 2 minutes on Windows, up to about 10 minutes on a Linux NAS.)

To delete the file sooner, an administrator can force a failover so that node 1 is active, allowing the user to modify the file again.

See Unable to resume transfer or delete file after failover in the Ipswitch Knowledge Base for more information.

Unable to delete files in the Web Transfer Client after failover

When a cluster fails over from node 1 to node 2 during an upload using the Web Transfer Client, both the browser session and the file transfer fail. When the user logs back in, the upload does not resume. Although the partially uploaded file is present, it cannot be deleted. This is caused by the share host (Windows UNC or Linux NAS) holding an open handle for node 1 on the partially uploaded file. Node 2 cannot modify the file at this time.

Since resuming the transfer is impossible, the user must delete the file and then restart the transfer, or overwrite the file on another upload attempt.

To delete or overwrite the file, the user must wait a few minutes until the share host releases its hold on the file handle, and then the user can delete the file. ("A few minutes" ranges from about 2 minutes on Windows, up to about 10 minutes on a Linux NAS.)

To delete the file sooner, an administrator can force a failover so that node 1 is active, allowing the user to modify files again.

See Unable to delete files in the Web Transfer Client after failover in the Ipswitch Knowledge Base for more information.

Error connecting in FIPS mode (FIPS mode cannot use the pre-7 default SSL certificate)

If you installed WS_FTP Server 6.x with the default SSL certificate, when you upgrade to WS_FTP Server 7.x, that default certificate is maintained. If you then enable FIPS mode, which requires the use of FIPS-validated ciphers in the certificate, the default certificate will cause a connection error when a user attempts a secure connection. The server log will show the following error:

Failed to begin accepting connection: SSL failed to load key file. Non-FIPS algorithms might be used in the selected SSL certificate.

To work around this issue, you need to use a certificate that uses a FIPS-validated algorithm, such as SHA1. You can select to use your own certificate, or create a new certificate in the WS_FTP Server Manager (from the Home page, select SSL Certificates).

System Requirements

WS_FTP Server Requirements

Supported Operating Systems

For a standalone WS_FTP Server 2017 installation:

Operating System

Edition

Supported Versions

Windows Server 2016

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2012 R2

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2012

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2008 R2

  • Standard
  • Enterprise
  • 64-bit: English

For a WS_FTP Server 2017 failover cluster using Microsoft Clustering Services:

Operating System

Edition

Supported Versions

Windows Server 2012 R2

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2012

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2008 R2

Enterprise

  • 64-bit: English

For a WS_FTP Server 2017 failover cluster using Microsoft Network Load Balancing:

Operating System

Edition

Supported Versions

Windows Server 2012 R2

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2012

  • Standard
  • Datacenter
  • 64-bit: English

Windows Server 2008 R2

  • Standard
  • Enterprise
  • 64-bit: English

Windows Server Components Activated Automatically

The WS_FTP Server 2017 installer automatically activates certain components in your Windows Server installation. This is necessary because after installation, Windows Server does not turn on non-core operating system components. However, before installing WS_FTP Server, you should be sure that these changes conform to your organization’s security policies.

When you install WS_FTP Server 2017, the install activates the following 2008 R2 Server roles:

Database Requirements

Configuring the database for remote connections

By default, the Microsoft SQL Server database will only accept connections coming from the local system. To use a remote notification server, to allow multiple servers to share a data store, or to allow a remote Web Transfer Client connection, you have to enable remote connections.

Microsoft's Knowledge Base (KB) provides the following information on remote connections:

"When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server:

Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections.This problem may occur when SQL Server 2005 is not configured to accept remote connections. By default, SQL Server 2005 Express Edition and SQL Server 2005 Developer Edition do not allow remote connections.

For instructions, see the Microsoft KB article: How to Configure SQL Server 2005 to Allow Remote Connections.

Web Server Requirements

During installation, you can select Microsoft Internet Information Services (IIS) as your web server (instead of WS_FTP's Web Server). If you choose this option, you need to have Microsoft Internet Information Services (IIS) 7.0 or later installed on your computer. If you opt to use IIS, WS_FTP Server requires the ASP .NET Web Server Role Service.

If you specify a user other than the default user to serve as the run as user on the IIS virtual folder (if you are using Microsoft IIS as your web server), you may get a HTTP 401 error when you attempt to open the WS_FTP Server 2017 Manager. If this occurs, you must open the WSFTPSVR virtual folder in IIS and change the anonymous access user password to match the specified user's password.

Framework and Accessibility Requirements

WS_FTP Server requires the Microsoft .NET Framework and other Microsoft packages for scripting and software accessibility. Microsoft .NET Framework 4.0 is included in the installation program.

Other Notes

Hardware Requirements

The minimum recommended hardware is the same as recommended for Windows Server 2008 R2. (For more information, see the Windows Server information on Microsoft's web site.) If you are using a later version operating system, you should meet the hardware requirements for that system.

Component

Requirement

Processor

Minimum: 1 GHz (x86 processor) or 1.4 GHz (x64 processor)
Recommended: 2 GHz or faster

RAM

  • Minimum: 512 MB RAM
    Recommended: 2 GB RAM or greater
  • Maximum (32-bit systems): 4 GB (Standard) or 64 GB (Enterprise and Datacenter)
  • Maximum (64-bit systems): 32 GB (Standard) or 1 TB (Enterprise and Datacenter) or 2 TB (Itanium-Based Systems)

Hard Drive

  • Minimum: 10 GB
  • Recommended: 40 GB or greater

Hard drive capacity depends on how much data you plan to store.

Virtualization Requirements

WS_FTP Server 2017 Manager

The WS_FTP Server Manager provides web-based administration from the local machine and also allows remote management of the server. WS_FTP Server 2017 Server Manager is a part of WS_FTP Server and is installed on the same machine.

Web Interface Requirements

See the Ad Hoc Transfer Plug-in for Outlook Requirements.

WS_FTP Server Web Transfer Client and Ad Hoc Transfer Module Requirements

The WS_FTP Server Web Transfer Client and the Ad Hoc Transfer Module come bundled with the WS_FTP Server installer. If your license includes these modules, make sure your system can support these requirements.

WS_FTP Server Web Transfer Client Requirements

The Web Transfer Module needs access to the file system on your FTP host or hosts so it can upload and download files. During the WS_FTP Server Web Transfer Client installation, you will specify a Windows user account with permissions to the top folder of each WS_FTP Server host (for each host for which you will enable WS_FTP Server Web Transfer Client). We recommend you create a Windows user account for use by the Web Transfer Module. Note that this Windows user account is used differently depending on the WS_FTP Server host settings and the user database configured for that host:

Ad Hoc Transfer Module Requirements

Before you install the Ad Hoc Transfer Module, verify that the WS_FTP Server computer has the following:

Requirements for the WS_FTP Server Web Transfer Client and Ad Hoc Transfer Module end user

The end user can use any computer with an operating system that can support the following:

Requirements for the WS_FTP Server Web Transfer Client and the Ad Hoc Transfer Module on Windows Server 2008 R2 or 2012

The WS_FTP installer automatically activates certain components in your Windows Server installation (in addition to the ones activated by a normal Server install). Before installing WS_FTP Server, you should be sure that these changes conform to your organization’s security policies.

The following list shows features activated by the Ad Hoc Transfer Module install under the IIS7 role. Features shown as indented indicate a nested relationship with the non-indented feature above it.

Common HTTP Features

Application Development

Health and Diagnostics

Security

Performance

Management Tools

The following list shows the Windows Server stand-alone features activated during WS_FTP Server install:

.Net Framework 4.5.2 Features

Remote Server Administration Tools

Windows Process Activation Service

Additionally, the Web Transfer Module install process does the following:

Also, if HTTPS is not enabled on the site hosting the Web Transfer Module, the install will:

Ad Hoc Transfer Plug-in for Outlook Requirements

The following software must be installed on the machine on which you install the Ad Hoc Transfer Plug-in for Outlook. If the required software is needed by only one of the clients, it is noted as such.

On the last screen of the installer, you can select to View Install Log.

Installing and Configuring the WS_FTP Server 2017, WS_FTP Server Web Transfer Client, and Ad Hoc Transfer Module

For detailed instructions for installing and configuring WS_FTP Server 2017 and activating a new or upgraded license, see the WS_FTP Server Installation and Configuration Guide.

WS_FTP Server 2017 supports direct upgrade installations from version 7.6 or higher only.

For More Information

For more assistance with WS_FTP Server 2017, consult the following resources:

Copyright

©1991-2017 Ipswitch, Inc. All rights reserved.

This document, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. Except as permitted by such license, no part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the express prior written consent of Ipswitch, Inc.

The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Ipswitch, Inc. While every effort has been made to assure the accuracy of the information contained herein, Ipswitch, Inc. assumes no responsibility for errors or omissions. Ipswitch, Inc., also assumes no liability for damages resulting from the use of the information contained in this document.

WS_FTP, the WS_FTP logos, Ipswitch, and the Ipswitch logo, MOVEit and the MOVEit logo, MessageWay and the MessageWay logo are trademarks of Ipswitch, Inc. Other products and their brands or company names, are or may be trademarks or registered trademarks, and are the property of their respective companies.

This document was published on 08 February 2017 at 11:53.