I've tried the suggestions on a number of sites (http://blogs.thesitedoctor.co.uk/tim/Trackback.aspx?guid=e81a4682-0851-490b-a3d2-adf254a701e7 and http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx, and Passive FTP on Windows Azure Virtual Machine) and it won't work.

FTP active and passive both work from the VM to itself. FTP active works from the outside world. FTP passive fails with the server responding back with "550 The network connection was aborted by the local system" (this message returns on the control channel/port 21 immediately after the SYN packet is sent to one of the dynamic ports).

What I've done:

1) Configured IIS on the VM with an FTP site

2) Set the FTP firewall support IP address to the public IP address of the Azure VM instance (for what it's worth, I've also tried with this field empty and tried with the private IP address, none of them work)

3) Set up endpoints for FTP control (TCP/21), FTP data (TCP/20), and FTP dynamic ports (7000 through 7003)

4) Used appcmd.exe to set the port range for FTP (i.e. %windir%\system32\inetsrv\appcmd set config /section:system.ftpServer/firewallSupport /lowDataChannelPort:7000 /highDataChannelPort:7003)

5) Restarted the FTP server (net stop ftpsvc and net start ftpsvc)

6) Tried with the firewall both enabled and disabled (netsh advfirewall set global StatefulFtp enable)

Any ideas? I've verified with Wireshark that the client is trying to use the dynamic port, and that the dynamic ports are being used when I try locally.

Received an answer on MSDN forums. Apparently there is an issue with the management console and you have to use Azure Powershell: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/8f697f17-72b7-46f7-8c97-398b91190a2f/server-2012-vm-on-azure-passive-ftp-wont-work

I was able to get passive FTP to work on my Azure VM without using any Powershell commands. Just follow the steps at: http://blogs.msdn.com/b/wats/archive/2013/12/13/setting-up-a-passive-ftp-server-in-windows-azure-vm.aspx

The article above has all the steps you need in order to set up FTP on your Azure VM.

Hope this helps!

Azure VM endpoint have a 4 minutes timeout. For a FTP that means if a passive datatransport took longer then 4minutes, the main connection (port 21) get a timeout because nothink is happens while avtive file transfer!

Now you have two options:

1. It is possible to set the timeout of VM endpoints up to 30 minutes.

Powershell command to do this is:

> Get-AzureVM -ServiceName "MyService" -Name "MyVM" | Set-AzureEndpoint -Name "MyEndpoint" -IdleTimeoutInMinutes 30 | Update-AzureVM

More information here.

2. Create ILIP (instance level IP)

You can create a ILIP to bypass the VM webservice enpoint layer. The PowerShell command to do this is:

Get-AzureVM -ServiceName “MyService” -Name “MyVM” | Set-AzurePublicIP -PublicIPName "MyNewEndpoint" | Update-AzureVM

More information here.