So in Windows 2008 R2, there is a bug when installing FTP within IIS when you have the firewall enabled.
After you install the role service, the system automatically sets up the firewall rules needed and enabled them. One of those inbound rules is “FTP Server (FTP Traffic-In)”. Though this port should be open you see that if you enable firewall logging its dropping any traffic on this port. The problem comes from the service “ftpsvc” didn’t get its service SID set correctly. More on service SIDs can be found at http://sourcedaddy.com/windows-7/understanding-service-sids.html and http://blogs.technet.com/b/askperf/archive/2008/02/03/ws2008-windows-service-hardening.aspx.
To view the current SID for ftpsvc run the following from a command problem.
sc qsidtype ftpsvc
(Note: You can’t just use “sc” in PowerShell because “sc” is an alias for Set-Content.)
Which should give the following output.
[SC] QueryServiceConfig2 SUCCESS
This looks correct, but if you run the following command that sets the service sid to what it already is:
sc sidtype ftpsvc unrestricted
Then restart ftpsvc with:
net stop ftpsvc
net start ftpsvc
The service now works, this has been a problem of over 2 years and a bug report exists at http://connect.microsoft.com/WindowsServerFeedback/feedback/details/524831/default-ftp-firewall-port-21-rule-is-broken-in-windows-2008-r2. Thank you Transsient77 for the fix.