How To Configure FTP Server on Windows Server 2019 Azure VM

How To Configure FTP Server

How To Configure FTP Server on Windows Server 2019 Azure VM

Preface

In this guide Configure FTP Server on Azure Virtual Machine, we are going to configure Windows server 2019 as an FTP server. This must be started with adding FTP Server role service under the Web Server role group. The following guidelines help you access the FTP services from outside network and the files can be uploaded or downloaded through the FTP client that you choose. I’m using FileZilla as an FTP client, but you can use any FTP client to access this service.

Azure Virtual Machine

As we all know how to deploy a Windows Server 2019 on Azure, the Azure virtual machine deployment process skipped, and we are setting on FTP Server directly to the Windows Server assuming that the Azure VM deployment steps you already know. Click here to go to the Microsoft website for creating Azure VM

Add Web Server Role To Configure FTP Server

Remote Desktop (RDP) into Windows Server 2019 with the admin credentials you have with Azure Virtual machine and go to Server Manager and Add Roles and Features under manage menu as depicted in the screenshot below.

Configure FTP Server

Select Role-based or feature-based installation as installation type and click next.

Configure FTP Server

Leave the server selection as it is with the local server selected on the server pool and click Next.

Configure FTP Server

In the Roles selection list click on the webserver (IIS) and you will be prompted to add features such as webserver management tools. Click Add Features

Configure FTP Server

In the Features, selection leaves the features as selected and Click Next

Configure FTP Server

Go through the Web Server Role information page and click next.

Configure FTP Server

In the Role Services checkboxes, select the checkboxes next to FTP Server and it will select FTP services and click next.

Click install and sit back and wait for the FRP role Services to get installed on the Windows Server 2019.

Once the Installation succeeded shown click close.

A screenshot of a cell phone

Description automatically generated

Add FTP Site

The Internet information services management console can be opened by selecting the Internet Information Services (IIS ) manager on the tools menu of the server manager.

A screenshot of a cell phone

Description automatically generated

Right-click Sites and select Add FTP Site

A screenshot of a social media post

Description automatically generated

In the IIS manager management console we are going to add an FTP Site. Type a name for the FTP Site and browse and select a physical path where you want to store the FTP files.

A screenshot of a cell phone

Description automatically generated

The port 21 is default port for FTP services and this can be changed with your choices, but the port that you choose here should be added to the allow inbound port on Windows Server Firewall and Azure Network Security Group. Continue with the port selection and SSL option, select No SSL and click next.

A screenshot of a cell phone

Description automatically generated

Select Basic authentication and permission as you want. You can select All Users, User groups and specific users in the Authorization, in this example we selected All Users and Read and Write permission. Click FinishAdd FTP Site wizard.

A screenshot of a cell phone

Description automatically generated

Configure Data Channel Port Range

The next step in configuring FTP Services is to set Firewall support on the server node and the FTP site node on the IIS Manager. Select the Server node and click FTP Firewall Support as in the screen below.

A screenshot of a computer

Description automatically generated

In the FTP Firewall Support on the workspace, type the Data Channel Port range as you want, but note that the same ports to be opened on the inbound ports rule on the Windows Firewall and Azure Network Security Group. In this example, we have given 3000 to 3005 as the data channel port range. Click apply in the Action pane.

A screenshot of a social media post

Description automatically generated

Click OK to the information pop up to allow the Data channel port to the firewall.

A screenshot of a social media post

Description automatically generated

Configure External IP address of Firewall

Now select FTP Site in the connection pane and open FTP Firewall Support in the workspace.

A screenshot of a computer

Description automatically generated

In the External IP address of the firewall, type the IP address of the Azure Virtual machine and Click apply on the action pane.

A screenshot of a social media post

Description automatically generated

Click OK to the information pop up.

Configure FTP Server

Create the Windows Firewall inbound port rule

Next in the implementation to allow data channel port range and FTP server port on the windows firewall. Click the search icon on the taskbar and type firewall you would see the search result windows defender firewall. Click on that and the firewall window will open.

Configure FTP Server

In the left side navigation select advanced settings and on the advanced security window select Inbound rule as shown in the screen capture below.

Configure FTP Server

Click New Rule and the wizard will open to create an inbound rule.

Configure FTP Server

Select Port in the rule type and click Next.

Configure FTP Server

In the Protocol and Ports type the specified local ports that are exactly as in the data channel port range and FTP server port. I have given 21 as an FTP Server listening port and 3000-3005 as data channel port range. Type the ports and port range and click Next.

Configure FTP Server

This inbound rule is to allow the connection, so click allow connection and click Next.

A screenshot of a cell phone

Description automatically generated

Select all three firewall profiles (default it is selected all) click next.

A screenshot of a cell phone

Description automatically generated

Type a Name for this rule and click Finish.

A screenshot of a social media post

Description automatically generated

We have opened the data channel and FTP server ports on the Windows Firewall, now the next step is to open the ports on the inbound rules under the Azure Network Security Group of the Virtual Machine.

Create an inbound port rule on Azure Network Security Group (NSG)

Go to Networking in the left side navigation of the FTP Server Virtual machine and click Add inbound port rule.

A screenshot of a cell phone screen with text

Description automatically generated

Type the FTP Server port and Data Channel port range in the Destination port range column. In this example 21, 3000-3005. Type a name for the rule and click Add.

A screenshot of a cell phone

Description automatically generated

Test FTP Server access using an FTP client

Now the ports have been opened on the Windows Server Firewall and Azure network security group. You can access FTP using an FTP client such as FileZilla type the IP address of the FTP server in the host and the same username and password you use to connect RDP and click quick connect. If the FTP client doesn’t connect and it gives “Failed to retrieve directory listing”, go back to FTP Server and open the services console, and restart “Microsoft FTP Service” then connect again.

A screenshot of a social media post

Description automatically generated

Conclusion

This topic covered how to Configure FTP Server in the Windows Server 2019 on An Azure Virtual Machine. The first step is to configure the data channel port range and external IP address on FTP Firewall Support in Internet Information Server Manager console and the data channel port range and FTP Server port have been opened on the Windows Firewall and Azure Network Security Group. The FTP Server access has been tested with the FileZilla FTP Client. This is the end of the guide with the topic Configure FTP Server on Azure Virtual Machine.

2 Comments on "How To Configure FTP Server on Windows Server 2019 Azure VM"

    I am not an admin, but I needed an FTP server to do some testing in Flow/Power Automate. This walkthrough was detailed enough for a non-admin type person to step through and get it done. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *


*