Release Notes for WS_FTP Server 6 with SSH

Ipswitch, Inc.

In this File

About this document

This document contains information on how to install and configure WS_FTP Server 6 and WS_FTP Server 6 with SSH. If you are using WS_FTP Server 6, portions of this document pertaining to SSH do not apply.

Features

Administration

• Fully web-based administration for remote management
• Enhanced logging and reporting
• Connection port configurable by host
• Event-driven communication and automation

Performance

• Proven and reliable: Used by administrators globally to support millions of end users and enable the transfer of billions of files
• High availability architecture

Security and Compliance

• File integrity checking support
• Full support for file transfer using SFTP over SSH
• Implicit and explicit SSL support with up to 256 AES encryption
• Auto-expiring passwords and enhanced password controls
• Ability to hide login banner from client
• Support for non-repudiation of transfers (XSIGN command)

System Requirements

Tip: If a listed requirement is hyperlinked, you can click the link to get more information on obtaining and installing that prerequisite.

WS_FTP Server requires:

• An Intel Pentium® 4, 1 GHz or higher (or an equivalent processor)
• 512 MB RAM minimum
• 250 MB of drive space
• NTFS formatted drive
• TCP/IP enabled network interface card (NIC)
• Microsoft® Windows® XP Professional SP2 or later, Microsoft Windows 2000 Server SP4 or later, or Windows Server 2003 SP1 or later
• Microsoft .NET Framework 2.0
• Microsoft Data Access Component (MDAC) 2.80 or later
• Microsoft Windows Installer 3.1 or later
• Microsoft Internet Information Services (IIS) 5.0 or later
• Microsoft Windows Script Host 5.6 or later
• Broadband connection to the Internet (recommended)

Ipswitch Notification Server requires:

All requirements for WS_FTP Server, plus:

• Broadband or dial-up connection to the Internet (required for email notifications outside of the local area network)
• Modem and phone line (required for pager and SMS notifications)

WS_FTP Server Manager requires:

• Microsoft Internet Explorer 5.1 or later, Mozilla Firefox 2.0 or later, Netscape Navigator (or other Web browser that is CSS2 and HTML 4.01 compliant)
• Enabled Javascript support in the Web browser
• Enabled Cookie support in the Web browser

Installing WS_FTP Server

Important:If upgrading from WS_FTP Server 5.04 or higher, make a backup of your existing server before starting the install of WS_FTP Server 6. How to backup WS_FTP Server 5.04+. Previous versions of FTP Server will not upgrade to Server 6 and will need to be upgraded to at least 5.04 before attempting an upgrade. If you need to upgrade your current server version to 5.04, please visit the Download Center.

During the installation, a host using the internal WS_FTP Server user database is created. You can create hosts using Microsoft Active Directory, Microsoft Windows, or other external user database types after the install is completed.

Important: Installing WS_FTP Server on a domain controller is not recommended.

Important: Installing WS_FTP Server via Terminal Services is not recommended. You can use Terminal Services to install subsequent WS_FTP Server updates and installations.

To install WS_FTP Server:

1. Before you begin the WS_FTP Server installation, confirm that Microsoft IIS is running and that you can access the Web site on which you intend to install the WS_FTP Server Manager web application.
2. If you received an installation CD, insert it into a drive. If the Welcome screen does not appear, select Start > Run, and enter the drive path followed by launch.exe.

   Example: D:\launch.exe

   - OR -

   If you downloaded the software from our Web site, double-click the executable (.exe) file to begin the installation.

3. On the installation Welcome screen, click Read to read the release notes or View to download and view an electronic copy of the Getting Started Guide. Click Next to continue. The License Agreement dialog appears.
4. Read the license agreement carefully. If you agree to its terms, select I accept the terms of the license agreement and click Next. The Setup Type dialog appears.
5. The Setup Type dialog lets you select from two installation methods, Express and Custom.
   • Express installs the following components to default locations: WS_FTP Server or WS_FTP Server with SSH, Ipswitch Notification Server, Ipswitch Logging Server, and PostgreSQL.
   • Custom installation lets you select the specific components you want to install and specify specific locations to install each component to.
6. Select the installation method you want to use, then click Next.

To use the express install option:

1. Verify or enter the fully qualified host name for this server. The installation program provides the host name of the server, but you may need to add domain information. This host name is used to create the first host.
2. When you click Next, one of the following screens opens:
   • Specify a PostgreSQL Server and Administrator Account. This screen opens if PostgreSQL database server was previously installed on your computer. Go to step 3.
   • Create User Accounts. Continue to step 4.
3. In the Administrator Password box, enter a System Administrator Password for access to the system administrator (sa) account for the PostgreSQL database that hosts WS_FTP Server data. Click Next. The Enter Host Name screen opens.
4. The Create User Accounts screen opens. Set the appropriate options.
   • Create the WS_FTP Server system administrator account on this host. Select the host on which you want to create a system administrator account. If you are installing for the first time, only one host is available.
   • Username. Enter a username. This username is used to create:
     • a WS_FTP Server user to serve as the system administrator. This user belongs to the specified host, but is granted full system administrator permissions for all hosts on the server.
     • a non-privileged Windows user account named IPS_ plus the name you provide. For example, if you enter admin, the Windows user is named IPS_admin. This account is used by the configuration data store (PostgreSQL) and serves as the run-as user for the WSFTPSVR Microsoft IIS virtual folder.
   • Password and Confirm Password. Enter and confirm a password. This password is assigned to both the WS_FTP Server system administrator user and the Windows user account.

     Important: Your domain password policy may require that you use complex password rules. If so, make sure that you use a password that conforms to the domain requirements. The account will not be created without conforming to the domain password requirements.

5. Click Next. The Web Configuration screen opens.
6. In the Use this Web site list, select the preferred Internet Information Services (IIS) Web site.
7. Click Next. The Ready to Install the Program screen opens.
8. The install program is now ready to install the components you selected. Click Install. The install program installs and configures the components you selected. This may take a few minutes.

To use the custom install option:

1. When you select the Custom install option, the Select Features screen opens. Select the checkboxes next to the components you want to install. Click Next.
2. For each component that you selected to install, confirm the Destination Folder where the install program will install the component. To choose a new folder, select Browse and choose another folder. After you have made your selection, click Next.
3. Repeat step 2 for each component. When the destination folder for each component has been selected, the Enter host name screen opens.
4. Verify or enter the fully qualified host name for this server. The installation program provides the host name of the server, but you may need to add domain information. This host name is used to create the first host.
5. When you click Next, one of the following screens opens:
   • Specify a PostgreSQL Server and Administrator Account. This screen opens if PostgreSQL database server was previously installed on your computer. Go to step 6.
   • Create User Accounts. Continue to step 7.
6. In the Administrator Password box, enter a System Administrator Password for access to the system administrator (sa) account for the PostgreSQL database that hosts WS_FTP Server data. Click Next. The Enter Host Name screen opens.
7. The Create User Accounts screen opens. Set the appropriate options.
   • Create the WS_FTP Server system administrator account on this host. Select the host on which you want to create a system administrator account. If you are installing for the first time, only one host is available.
   • Username. Enter a username. This username is used to create:
     • a WS_FTP Server user to serve as the system administrator. This user belongs to the specified host, but is granted full system administrator permissions for all hosts on the server.
     • a non-privileged Windows user account named IPS_ plus the name you provide. For example, if you enter admin, the Windows user is named IPS_admin. This account is used by the configuration data store (PostgreSQL) and serves as the run-as user for the WSFTPSVR Microsoft IIS virtual folder.
   • Password and Confirm Password. Enter and confirm a password. This password is assigned to both the WS_FTP Server system administrator user and the Windows user account.

     Important: Your domain password policy may require that you use complex password rules. If so, make sure that you use a password that conforms to the domain requirements. The account will not be created without conforming to the domain password requirements.

     Important: The Windows user account must comply with the security policies on your Windows server. Once the install completes, verify that the account is not set to expire at the next logon and that you are aware of any expiration policies that apply to the account.

8. Click Next. The Web Configuration screen opens.
9. In the Use this Web site list, select the preferred Internet Information Services (IIS) Web site. Click Next. The Ready to Install the Program screen opens.
10. The install program is now ready to install the components you selected. Click Install. The install program installs and configures the components you selected. This may take a few minutes.

Release Notes

• Prior to installing, the Microsoft Internet Information Services Web site on which you intend to install WS_FTP Server Manager must be configured to use a port that is not already in use. If another application, such as the Web server included with Ipswitch WhatsUp Gold, is operating on the same port as the Web site, you must take one of the following actions:
  • change the port used by the existing application.
  • configure the Web site to use a port that is not already in use.
• If installing on a Windows Server 2003 domain controller, some required user accounts may not be present. For more information, please see knowledge base article 827016 on the Microsoft Web site.

  Note: Installing on a domain controller is NOT recommended.

• To install on Windows XP, the Windows "Guest" account must be disabled. To disable the "Guest" account:
  1. Right-click on My Computer and select Manage. The Computer Management console opens.
  2. Expand Local Users and Groups and select Users. The list of users appears in the main pane of the Computer Management console.
  3. Double-click Guest. The Guest Properties dialog appears.
  4. Select Account is disabled and click OK.
• After upgrading to WS_FTP Server 6 with SSH, some permissions may differ from the permissions granted in WS_FTP Server 5.x.
  • The Anonymous user is no longer included in the Everyone group.
  • When connecting via FTP or SFTP, host administrators and system administrators have expanded control over the folders on the host they administer. In WS_FTP Server 5.x, administrator permissions are determined by explicit permissions set on each folder. In WS_FTP Server 6 with SSH, administrators have full permission to all folders on the hosts they administer unless an explicit deny permission is set to limit permission.
  • If any Folder Rules were applied to a user in WS_FTP Server 5.x that prevented him from completing an action, the upgrade creates a Deny permission on all affected folders to reproduce the restriction in WS_FTP Server 6 with SSH.
  • Permissions that are set to propagate do not propagate into virtual folders.
• Mapped drives are no longer supported. Use UNC paths in place of mapped drives.
• The setup program makes the following changes to your IIS configuration:
  • On the Web site, Web Services Extensions will be set to Allow ASP Pages.
  • On the WSFTPSVR Virtual Directory, Enable Parent Paths will be enabled.
  • On the WSFTPSVR Virtual Directory, Application Pooling will be set to the Medium/Pool level.
• If the WS_FTP Server 5.x that you are upgrading is set to run as any user other than the default Local System, the upgrade changes the run as user to Local System. You may reset this after the upgrade is complete, or set the impersonation user on the host.
• To use a remote notification server, or to allow multiple servers to share a data store, you must enable PostgreSQL support for remote connections. Make the following changes to PostgreSQL configuration files, both located in C:\Program Files\PostgreSQL\data\:
  • In postgresql.conf, locate the line that reads

    listen_addresses = "localhost"

    and modify it to read

    listen_addresses = "*"

    If the line is preceded by a number sign (#), delete the number sign.

  • In pg_hba.conf, append a line at the end of the file that reads

    host all all <ipaddress>/32 password

    where <ipaddress> is the IP address of the remote log or notification server. For more than one remote server, you can enter a second line.

  After making the above changes, you must restart your PostgreSQL server.

• On servers running Windows 2000, you must enable the Act as part of the operating system local security policy for the WS_FTP Server user account in Windows if you want to use Microsoft Windows or Microsoft Active Directory user databases. If you are upgrading on Windows 2000 with a WS_FTP Server host that uses Windows NT user database, you must set this policy for the user account under which you are logged in when you run the install program.

  Note: Domain-level security policies override local security policies.

  To enable the Act as part of the operating system security policy for a user:

  1. From the Start menu, select Control Panel. The Control Panel opens.
  2. Double-click Administrative Tools. The Administrative Tools folder opens.
  3. Double-click Local Security Policies. The Local Security Settings console opens.
  4. Expand Local Policies, then select User Rights Assignment.
  5. In the pane on the right side of the window, double-click Act as part of the operating system. The Act as part of the operating system Properties window opens.
  6. Click Add User or Group. The Select Users or Groups dialog appears.
  7. Select the users for which you need to enable the Act as part of the operating system local security policy. When you are done, select OK.
  8. To ensure the changed policies are in effect, restart Windows.

  For more information about this local security policy, see "Act as part of the operating system" on the Microsoft Web site.

• On 64-bit versions of Windows, if 32-bit applications are not allowed to run under IIS, a "Service Unavailable" error is displayed in the browser. To correct this, you must run the following command from the command line to enable 32-bit applications to access IIS:

  cscript %SystemDrive%\inetpub\AdminScripts\adsutil.vbs set w3svc/AppPools/Enable32bitAppOnWin64 1

  After running the command, you must restart IIS.

• If net.exe has been removed from the computer on which you want to install WS_FTP Server, you must create a user account to serve as the WS_FTP Server account in Windows before installing. The account name must begin with IPS_, and it is recommended that it be configured so that the password never expires.

  During the install, when you reach the Create User Accounts dialog, specify this username without the IPS_ at the beginning.

  For example, if you created a Windows user account called IPS_wsftpadmin, enter wsftpadmin for the username on the Create User Accounts dialog.

  • Note: If you are upgrading a previous version of WS_FTP Server with hosts that use Windows NT user databases exclusively, the username you create must be IPS_ plus the username of an existing Windows NT user that has system administrator privileges in WS_FTP Server.

Known Issues

• Microsoft Windows XP Systems NOT on a Windows domain may encounter problems creating and validating system administrator account entries against local system accounts during the install. To complete the install, a registry value must be edited. Launch Regedit and navigate to the key HLKM\SYSTEM\CurrentControlSet\Control\Lsa. Find the value forceguest. Set the value to 0 to allow account validation. Following the installation, this value may be set back to the original value; however, future installations may also require this change in order to install.
• If you select to install to a Web site that uses a custom host header or port, the desktop shortcut created does not use the host header or port. To correct this, you must create a new shortcut using the correct host header and port.
• In some cases the install will display the error message Could not enable ASP. This typically occurs when Active Server Pages in the IIS Server Extension section have been enabled. To verify this:
  1. Right-click My Computer, then click Manage. The Computer Management console opens.
  2. Click Services and Applications > Internet Information Services > Web Service Extensions. The Web Service Extensions are displayed in the right-hand console window.
  3. Make sure that the Active Server Pages status is set to Allowed. If it is not, right-click Active Server Pages and select Allow.
  4. Close the Computer Management console.
• When creating a rule for Failed Login, Folder Action, Quota Limits, or Bandwidth Limits, the Group Search function does not work.
• When failed login attempts are logged, passwords are stored in the clear.
• If you specify a user other than the default user to serve as the run as user on the IIS virtual folder, you may get a HTTP 401 error when you attempt to open the WS_FTP Server Manager. If this occurs, you must open the WSFTPSVR virtual folder in IIS and change the anonymous access user password to match the specified user's password.
• When upgrading a host using an external (ODBC) user database, you must manually set permissions to the external database file after the upgrade completes.
• The Enable SSL versions 1 and 2 option in WS_FTP Server 5.x has been changed to Enable SSL versions 1, 2 and 3 in WS_FTP Server 6.0. This means that upgrading a host with the option enabled in WS_FTP Server 5.x forces clients to use SSL version 3.1 or higher in WS_FTP Server 6.0 instead of SSL version 2 or higher in WS_FTP Server 5.x.
• When multiple hosts with firewall settings configured share a single listener, the firewall settings for the first of those hosts that a user logs into are applied to all of the hosts that share the listener and have firewall settings configured. Hosts that do not have firewall settings configured are not effected by this issue. We recommend that all hosts that are assigned to a common listener share the same firewall settings.

Restoring WS_FTP Server 5.x

To return to WS_FTP Server 5.x from WS_FTP Server 6.0:

1. Locate the registry files (.REG) in the WS_FTP Server installation folder (usually C:\iFtpSvc\) and copy them to a safe location. These files contain the configuration information for WS_FTP Server 5.x. If you do not copy them to a safe location, they are removed when you uninstall WS_FTP Server 6 with SSH
2. In the Add or Remove Programs window in the Windows control panel, select Ipswitch WS_FTP Server and select Change/Remove and follow the onscreen prompts to uninstall.
3. Run the WS_FTP Server 5.x install program.
4. Follow the onscreen prompts to complete the installation.

   Note: If you originally installed to a folder other than C:\iFtpSvc\, you must select Custom on the Setup Type screen and specify the same folder.

5. Locate and double click on the IFTPSVC_BACKUP.REG file that you saved from the WS_FTP Server installation folder in Step 1. Select Yes on the confirmation dialog that appears.
6. Open WS_FTP Server Manager and verify that your server has been restored to the condition it was in prior to installing WS_FTP Server 6 with SSH.

Note: If you need to restore the Ipswitch Notification Server, you must save the .REG files from the Ipswitch Notification Server installation folder (usually C:\iNotifySvc\) prior to uninstalling WS_FTP Server 6. Then, install Ipswitch Notification Server using the WS_FTP Server 5.x install program. When the install is complete, locate and double click the INOTIFYSVC_BACKUP.REG file you saved from the Ipswitch Notification Server installation folder.

For More Assistance

For more assistance with WS_FTP Server, consult the following resources:

• Application Help. Contains dialog assistance, general configuration information, and how-to's that explain the use of each feature. The application help can be accessed from any page in the WS_FTP Server Manager by clicking Help.
• User Guide. This guide describes how to use the application out-of-the-box. It is also useful if you want to read about the application before installing. To view or download the User Guide, select Start > Programs > Ipswitch WS_FTP Server > WS_FTP Server User Guide.
• WS_FTP Server Forum. Provides a resource for you to interact with other WS_FTP Server users to share helpful information about the application.
• The Ipswitch Knowledge Base. Search the Ipswitch Knowledge Base of technical support and customer service information.