My advice would be to copy the upload temp file to your own temp directory and store it until either a certain amount of time expires (say 30 minutes?) and then send a cookie that tracks it's location, listing the filename instead of having an upload box. When they send the rest of the form without errors, just use the existing file instead of forcing them to waste bandwidth uploading it again.
Either that, or put all the things they could make errors on in the first page, and then have a second page (upload auth cookie hash?) that has just the upload dialog... or reverse that. I've seen several websites where you upload the file, THEN you fill out all the extra information.