Geeks With Blogs

Lance's TextBox

Its easy to forget about the –debug parameter, but a lot of times it can be very helpful, especially with NetCmdlets where in many cases –debug will output the protocol interface (the “PITrail” as we call it at /n software) of the connection.  The PITrail includes a trail of communication between the cmdlet and the remote host it is talking to.

Rob emailed me to ask for help diagnosing a 425 error he was getting when using the NetCmdlets get-ftp cmdlet.  As I described to Rob, in a nutshell the 425 problem happens because the FTP client (the cmdlet in this case) is unable to open a TCP data connection (for transferring data like file directory listings or file contents) on the ip and port that the server told it to use. 

Adding the -debug parameter to the get-ftp call, I can see what ip and port the server is telling me to connect to:

PS C:\> get-ftp -server -user myusername –password ******* -debug                                                    
DEBUG: VerbsCommon.Get-FTP started processing.

Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): a
DEBUG: Info: Connecting to FTP server.
DEBUG: Server: 220 (vsFTPd 2.0.4)
DEBUG: Client: USER myusername
DEBUG: Server: 331 Please specify the password.
DEBUG: Client: PASS *******
DEBUG: Server: 230 Login successful.
DEBUG: Server: 227 Entering Passive Mode (10,0,1,1,225,79)
DEBUG: Server: 150 Here comes the directory listing.

DirEntry : drwx------ 2 1036 100 144 Nov 16 2007 test.txt
FileName : test.txt
FileSize : 144
FileTime : Nov 16 2007
IsDir : True

DirEntry : -rw------- 1 1036 100 14 Jun 20 14:56 test2.txt
FileName : test2.txt
FileSize : 14
FileTime : Jun 20 14:56
IsDir : False
In Rob's case, his 415 error happened right after the LIST command.  By using –debug, we were able to see without a doubt that the server was actually sending a valid ip and port in its response, but that port simply wasn’t open on the firewall guarding the server machine. 

The firewall *should* have been able to see the port that the server chose and open it up, but I guess this particular firewall just isn’t that smart.  Anyway, Rob was able to correctly configure a smaller passive port range in IIS FTP and sync that range with his firewall.

Related:  FTP Error 425,
FTPS Through NAT

Posted on Thursday, September 11, 2008 4:41 PM General , PowerShell | Back to top

Comments on this post: PowerShell NetCmdlets -debug

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Lance Robinson | Powered by: