« Previous Next »

• 12-26-2008, 3:22 AM

  frettfreak Joined on 12-26-2008, 8:16 AM Posts 5

  FTP Over SSL Issue Reply Contact I am attempting to use SSL to secure my FTP site. i can access my FTP site and everything works great without SSL. When I try to use SSL, i get the following on my ftp client (filezilla) after the "User Logged in" message: Command: SYST Response: 215 Windows_NT Command: FEAT Response: 211-Extended features supported: Response: LANG EN* Response: UTF8 Response: AUTH TLS;TLS-C;SSL;TLS-P; Response: PBSZ Response: PROT C;P; Response: CCC Response: HOST Response: SIZE Response: MDTM Response: 211 END Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode (74,208,78,155,192,16). Command: LIST Response: 150 Opening BINARY mode data connection. Error: Connection timed out Error: Failed to retrieve directory listing What am I doing wrong and how do i fix it?

  Tags: SSLFTP authorizationIIS 7AuthenticationIIS7 Windows Authentication Host Headers SSLftp

• 12-26-2008, 7:40 AM

  In reply to

  ma_khan Joined on 03-16-2008, 8:26 PM Posts 690	Re: FTP Over SSL Issue Reply Contact Have you done all the steps mentioned here??? Regards, MA Khan http://www.iisworkstation.com “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• 12-31-2008, 4:16 AM

  In reply to

  Leo Tang - MSFT Joined on 12-11-2008, 9:47 PM Posts 940

  Re: FTP Over SSL Issue Reply Contact Hi, Please adjust your FileZilla Client’s debug information level to 4-debug in its options. After that, please reproduce the issue. Then more detailed information will be displayed in the message log, which should help us turn up the cause. Leo Tang Microsoft Online Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• 12-31-2008, 10:24 AM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 3,964	Re: FTP Over SSL Issue Reply Contact It's bombing when entrying PASV mode.  Try logging into the SSL session with ACTV mode, you need to assign certain ports most likely for PASV connections on your firewall. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 01-02-2009, 6:35 PM

  In reply to

  frettfreak Joined on 12-26-2008, 8:16 AM Posts 5	Re: FTP Over SSL Issue Reply Contact Just making sure... moving to ACTV mode is under transfer settings in the site manager? It was set to default.

• 01-02-2009, 6:38 PM

  In reply to

  frettfreak Joined on 12-26-2008, 8:16 AM Posts 5

  Re: FTP Over SSL Issue Reply Contact I set the debug info to level 4 and this is what i get: Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::OnSend() Trace: CTlsSocket::OnRead() Trace: CTlsSocket::Handshake() Trace: CTlsSocket::OnRead() Trace: CTlsSocket::Handshake() Trace: CTlsSocket::OnRead() Trace: CTlsSocket::Handshake() Trace: Handshake successful Trace: Cipher: AES-128-CBC, MAC: SHA1 Status: Verifying certificate... Trace: CFtpControlSocket::SendNextCommand() Command: USER upload.mimrix.com|madmin Status: TLS/SSL connection established. Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 331 Password required for upload.mimrix.com|madmin. Trace: CFtpControlSocket::SendNextCommand() Command: PASS ******** Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 230 User logged in. Trace: CFtpControlSocket::SendNextCommand() Command: SYST Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 215 Windows_NT Trace: CFtpControlSocket::SendNextCommand() Command: FEAT Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 211-Extended features supported: Response: LANG EN* Response: UTF8 Response: AUTH TLS;TLS-C;SSL;TLS-P; Response: PBSZ Response: PROT C;P; Response: CCC Response: HOST Response: SIZE Response: MDTM Response: 211 END Trace: CFtpControlSocket::SendNextCommand() Command: OPTS UTF8 ON Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Trace: CFtpControlSocket::SendNextCommand() Command: PBSZ 0 Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 200 PBSZ command successful. Trace: CFtpControlSocket::SendNextCommand() Command: PROT P Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 200 PROT command successful. Status: Connected Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Status: Retrieving directory listing... Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::ChangeDirSend() Command: PWD Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 257 "/" is current directory. Trace: CFtpControlSocket::ResetOperation(0) Trace: CControlSocket::ResetOperation(0) Trace: CFtpControlSocket::ParseSubcommandResult(0) Trace: CFtpControlSocket::ListSubcommandResult() Trace: state = 1 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 1 Command: TYPE I Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 200 Type set to I. Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 2 Trace: state = 1 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 2 Command: PORT 10,0,77,65,4,198 Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 501 Server cannot accept argument. Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 5 Trace: state = 2 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 2 Command: PASV Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 227 Entering Passive Mode (74,208,78,155,241,175). Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 2 Trace: state = 2 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 4 Command: LIST Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 150 Opening BINARY mode data connection. Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 1 Trace: state = 4 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 5 Error: Connection timed out Trace: CFtpControlSocket::ResetOperation(2114) Trace: CControlSocket::ResetOperation(2114) Trace: CFtpControlSocket::ResetOperation(2114) Trace: CControlSocket::ResetOperation(2114) Error: Failed to retrieve directory listing

• 01-02-2009, 6:53 PM

  In reply to

  frettfreak Joined on 12-26-2008, 8:16 AM Posts 5	Re: FTP Over SSL Issue Reply Contact Also, Changing to ACTIVE mode didnt change anything. Is there a different port i need to open on the firewall for SSL over FTP? When we we setup the site in IIS, it appears as if it is still communicating over port 21??

• 01-02-2009, 7:07 PM

  In reply to

  frettfreak Joined on 12-26-2008, 8:16 AM Posts 5	Re: FTP Over SSL Issue Reply Contact And yes i did do everything listed on the post you directed me to above.

• 01-02-2009, 8:21 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 3,964

  Re: FTP Over SSL Issue Reply Contact I would set the PASV ports and ip address clients would connect with to see if you can get past the error.  I ran into a similar error you posted during the beta days.  It was corrected in later builds.  Make sure you are running the latest bits of the FTP 7.0 service.  In the article below is what I mean about setting the firewall settings.  Also, by default when you setup an FTP site, it sticks to port 21.  I tried to reproduce the issue and was able to when the PASV ports were blocked.  Once I allowed the PASV ports on the firewall, I was able to list the files / folders in my ftp site. http://www.iislogs.com/articles/adftparticle/step3_CreateFTPSite/ Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 05-15-2009, 11:23 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 3,964	Re: FTP Over SSL Issue Reply Contact Here is an article on PASV ports. http://weblogs.asp.net/steveschofield/archive/2009/05/15/configure-passive-pasv-ports-for-ftp-7.aspx   Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 11-25-2009, 12:31 PM

  In reply to

  yuko.aihara Joined on 10-22-2009, 6:21 AM Posts 42

  Re: FTP Over SSL Issue Reply Contact   steve schofield: Here is an article on PASV ports. http://weblogs.asp.net/steveschofield/archive/2009/05/15/configure-passive-pasv-ports-for-ftp-7.aspx   Hi, In your blog, you filled the external ip address of firewall with 192.168.0.1. Does this IP belong to your gateway or your server? Becaue both router and server have firewall, it make me confused.   Thank you.  Here is my internet connection speed (clickable). The fiber optic line is used to connect my "modem+router" to the ISP. With this connection I am configuring an experimental web server running on IIS 7.5. Starting from zero by trial-and-error method makes my learning curvature undifferentiable. If you want to test yours, click here www.speedtest.net

• 11-25-2009, 10:06 PM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 3,964

  Re: FTP Over SSL Issue Reply Contact In my particular setup, I run RRAS, which is a router / server both.  it has an external facing IP and internal.  When I setup NAT on port 21, I used the internal address.  The ip is whatever answers on, if it's NAT'd, then put the private address, otherwise if it's a publish address, you can put that.  Hope that helps. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget

• 11-26-2009, 12:28 AM

  In reply to

  yuko.aihara Joined on 10-22-2009, 6:21 AM Posts 42

  Re: FTP Over SSL Issue Reply Contact steve schofield: In my particular setup, I run RRAS, which is a router / server both.  it has an external facing IP and internal.  When I setup NAT on port 21, I used the internal address.  The ip is whatever answers on, if it's NAT'd, then put the private address, otherwise if it's a publish address, you can put that.  Hope that helps.  Thanks for your reply. It is difficult for me to understand your high level explanation. In my case, I have the following setting, let me know which IP address corresponds to EXTERNAL IP ADDRESS OF FIREWALL.   WRT54GC Router: (this router also has IP forwarding and blocking) WAN IP  : xxx.xxx.xxx.xxx (dynamic ip address) LAN IP : 192.168.1.1 (static ip address)     My Machine running IIS: (I also enable Windows Firewall) LAN IP : 192.168.1.10   Again, which IP should I use for "External IP of Firewall"?   Thank you in advance.   regards,   Yuko.   Here is my internet connection speed (clickable). The fiber optic line is used to connect my "modem+router" to the ISP. With this connection I am configuring an experimental web server running on IIS 7.5. Starting from zero by trial-and-error method makes my learning curvature undifferentiable. If you want to test yours, click here www.speedtest.net

• 11-26-2009, 6:05 AM

  In reply to

  steve schofield Joined on 06-10-2002, 8:54 PM MI Posts 3,964	Re: FTP Over SSL Issue Reply Contact I would try 192.168.1.10, this is an internal address and your router would NAT packets coming in, assuming you have port forwarding setup. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget