Passive FTP on Windows Azure Virtual Machine

Passive FTP should work fine in Windows Azure Virtual Machines. However, you may not be able to choose large port range since you can only have up to 25 endpoints in Azure and this could be limitation to have Passive FTP. This Forum discussion talk more about it.

You can find this blog which explains how they configure Passive FTP with IIS on Windows Virtual Machine.

An additional piece of info about the post referenced above (http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx) - at the end it says you need to use the following command to add the port range in IIS:

appcmd set config /section:system.ftpServer/firewallSupport \    /lowDataChannelPort:7000 /highDataChannelPort:7014

This failed for me, because the port range is locked so it can only be set on the root IIS node. The error is:

Support (Your site name) /lowDataChannelPort:5000 /highDataChannelPort:6000ERROR ( message:Can not set attribute "lowDataChannelPort" to value "5000".. Reason: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny"or the legacy allowOverride="false".. )

If you traverse up the IIS nodes to the root server node, choose Features View, then FTP Firewall Support, you can set the Data Channel Port Range there using the text box, without the need for scripting, and avoiding this error. Once this is done, you then need to restart the ftp service (as noted above), and passive FTP works well.

I've added this additional answer here because being unable to run the appcmd command to set the port range had me going around in circles for a number of hours, and this may help others avoid the same problem.

I thought others might run into this. If you get the security message indicating that the parent is locked, just go back into your FTP and turn OFF Require SSL Connections. Then rerun the command. Setup your endpoints, open the firewall, etc. THEN go in and turn back on Require SSL Connections!