FTP Server on Windows Server 2012: Works on localhost, error accessing folder when using domain

This sounds like the stereotypical problem that neither the firewall, nor your router, recognise that you're running the FTP protocol, probably because you're using a non-standard port for the control connection.

When the data connection is announced (the PASV port) that port is possibly not opened by the Windows firewall, making connecting impossible.
Even if the Windows firewall does open the port in the systems firewall, because you're using port-forwarding without specifying the FTP helper module, your router doesn't inspect the responses from the FTP server over the control connection. Then it won't rewrite the internal IP-address of the Windows server to the public IP-address of the router in the PASV response, nor will the router dynamically create the correct port forwarding rule for the data connection.

Grief all around.

check the functioning of the non-standard FTP port from another host within the same network to confirm if the Windows firewall works correctly.

Then check the configuration of your NAT router.


The FTP protocol uses a plethora of ports: port 21 for the control connection, port 20 for the data connection in active mode, and a variable number of usually high ports for passive data connections.

In this case the FTP client is likely informing you that passive data connection to IP 192.168.1.165 on port 50297 failed. Almost always, when this happens, it's a firewall (or NAT) configuration problem.

In your case I think we can exclude the NAT issue, because you're connecting to an IP on your same LAN (192.168.1.0/24) therefore it must be a Windows Firewall issue.

Easy (but less secure) solution is to configure the Windows Firewall exceptions to trust the FTP Server process (it's EXE). That way it will be able to accept incoming connections on any port. More elegant (and safer) solution, is to configure the exact port range to be used by the FTP server for passive connections, and then open only those ports (plus port 2020) on your Windows Firewall.