Home Feature Download Purchase FAQ Tutorial Contact

Xlight FTP Server Frequently Asked Questions

General questions

Mapped Network Drive will be available only after the user logs into Windows Computer. However, Windows service applications are started before the user logs into Windows Computer. That is the reason that you cannot access the virtual path linked to Mapped Network Drive when running Xlight FTP Server as a system service.

To use Network Drive in system service, you need to use UNC path format "\\host-name\share-name\file_path", where the host-name can be an IP address or network name.

Server Upgrade & Backup questions

Before upgrading, you must stop the running FTP Server. If FTP Server is running as a system service, you need to go to "Control Panel->Manage Tools->Service", find and select "Xlight FTP Server" in the service window, click the mouse right button, select "Stop" from PopupMenu and then close the service window. Then you can choose either one of the following methods:

  • Method 1: Uninstall the old version of Xlight, old configuration files are still kept. Reinstall the new version to the old installation path.
  • Method 2: Download 32-bit xlight.zip or 64-bit xlight-x64.zip , unzip the file and use it to overwrite the old Xlight FTP server executable, which by default is under "c:\program files\xlight".

Under the Xlight FTP server installation folder ("c:\program files\xlight"), there are 5 files: "ftpd.hosts","ftpd.option","ftpd.password", "ftpd.rules"."ftpd.users". These are configuration files of the Xlight FTP server. For server configuration, you only need to back up these 5 files. If you use the quotas function in the Xlight FTP server, you may also need to backup the file ".quota" in the same directory.

From the Xlight FTP Server version 3.2 and above, there is a new option to automatically backup configuration files. The option is at [Global Option]->[General]->[Backup After Configuration Change]. You need to select a destination directory for storing configuration backup.

You need to do the following 3 steps:

Step 1. Download and install Xlight FTP in the new server.

Step 2. Under the old server's Xlight FTP installation folder ("c:\program files\xlight"), there are 5 files: "ftpd.hosts","ftpd.option","ftpd.password", "ftpd.rules"."ftpd.users". You need to copy these 5 files to the folder where Xlight FTP is installed in the new server. If you use the quotas function in the Xlight FTP server, you may also need to copy the file ".quota" to the new server.

Step 3. The Xlight FTP license in the older server is stored in the registry at either one of the following two locations:

  • "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Xlight FTP"
  • "HKEY_LOCAL_MACHINE\SOFTWARE\Xlight FTP"

You will need to copy the license to the new server in the same location of the registry.

Network related questions

There are three ways to input IP address ranges in Xlight FTP Server. 1. You can use character * to represent IP range 192.168.0.1 - 192.168.0.255 as 192.168.0.* . 2. You can set IP range directly, such as 192.168.1.15 - 192.168.1.45. 3. You can use a subnet mask such as 192.168.0.1/24 or 192.168.0.1/255.255.255.0.

"An existing connection was forcibly closed by the remote host"

It means that the remote side closed the connection(usually by sending a TCP/IP RST packet to the server). The likely causes are:

  • The network link between the client and server is going down for some reason.
  • The client exits the FTP client without a proper TCP shutdown sequence(Kill the software, directly shut down the computer etc.).

So it is a quite common error from the client side or for the network between the client and server.

FTP protocol needs two ports to work. The common port 21 is for FTP commands. The data port is for transferring files and directory lists. If you can not see the directory list from outside, but the server can work internally(you can test the server using loopback IP 127.0.0.1, with a client in the same machine), then the FTP data port might be blocked by a firewall. Windows has a software firewall, you would better add the Xlight program to its exception list. If your company has a hardware firewall and the user has the problem is outside the firewall. You would better follow the link to set up firewall port forwarding.

The default TCP buffer size for Xlight is set as 32KB optimized for thousands of online users. If you don't have that many users, you can adjust the TCP buffer size to increase network performance for users. TCP buffer size can be adjusted in the virtual server at [Virtual Server Configuration] - [Advanced] - [Socket Buffer Size] or for individual users at [User Configuration] - [Option] - [Socket Buffer Size]. The base unit for this option is KB. So if you want to set a 64KB buffer, you can put a value 64 in it. You can check the Xlight help document for details of this option.

If your server has multiple NIC cards, the Dynamic IP(0.0.0.0) will bind to all NIC cards available. That means that your virtual server will listen on all NIC cards. If you select a specific IP associated with a NIC card, then the virtual server will listen only on this NIC card. If you moved your server later and the IP has changed, you won't need to worry when using Dynamic IP, because it isn't associated with a specific IP. But if you bind a virtual server to a specific IP, you need to adjust accordingly, otherwise virtual server with an incorrect IP will not be able to start.

"The requested address is not valid in its context".

You get this error because your virtual server was bound to a specific IP and this IP is no longer valid after you moved the server. You need to go to [Virtual Server Configuration] - [General] - [Virtual Server] - [Server IP and Port] to set the new IP for your virtual server.

Goto [Virtual Server Configuration] - [Security] - [IP Address Auto Blocking], Enable this option.

Set "IP auto-blocking last for" to a value such as 600 seconds. Set the number of "failed logins" or "Hammer connections" to a value such as 5 and "in seconds" to 60.

This will auto-block the IP for 600 seconds if it makes 5 connections or "failed logins" within 60 seconds. Set the checking period for "failed logins" is only available after Xlight FTP version 3.9.3.

To check auto-blocked IPs or unblock one of them, from Xlight FTP main Windows, go to "Connection Detail", and click the top left small icon.

Active Directory, LDAP and ODBC database questions

From [Virtual Server Configuration] - [General] - [external user authentication], click the setup button. You can see the option "Show debug trace information in Error Log". Enable this option will allow you to see debug information for external authentication in the Xlight FTP Server error log.

Microsoft has a special security policy, normal domain users cannot log on to the Active Directory domain controller. So when the Xlight FTP Server is run in the domain controller, normal domain users cannot log on to the Xlight FTP Server through Active Directory authentication. You would better run the Xlight FTP Server in a different domain machine.

In case you must run the Xlight FTP Server in the domain controller, you have to grant the Allowed logon locally system right to that user account in the domain. You can follow the step "Grant a Member the Right to Logon Locally" from Microsoft. You must reboot your machine for the change to take effect.

"IP xxx.xxx.xxx.xxx had made over 6 failed logins in the past 60 seconds, the server will automatically ban this IP for 600 seconds to prevent it from being lockout by Active Directory for hammering."

When Xlight FTP Server is configured to use Active Directory to authenticate users. If in a short period, there are many failed login attempts to Active Directory from the Xlight program, Active Directory will think that the Xlight FTP program is hammering it and will block the Xlight FTP program from accessing it. When this happens, you have to restart the Xlight service to unblock it, which is undesirable. So Xlight FTP Server has an internal protection mechanism to prevent this from happening, which is the error message that you see in the Xlight error log.

If you open the server port to the public internet, hackers are looking for new victims to exploit using a port scanner. A port scanner will try to log in(break into) your server and could generate a lot of failed logins for a short time. If those logins are forwarded to Active Directory, it could trigger the Xlight FTP server to prevent those IPs from hammering Active Directory. That could be the source of the above error message.

If you don't want those logins being forwarded to Active Directory, you might be able to do something. A port scanner normally uses a particular account such as "root" to break into your server. You can create a local FTP account "root" with nothing in it and select the Xlight user option “Bypass the external authentication for this user” from [User Configuration – Account] – [Account Other Options] – [Option for external authentication] for this account. By selecting this option, all logins to this account will be local and will not be forwarded to Active Directory. You could do this step for other accounts attacked by a port scanner.