I'm having a problem very similar to IIS 7.5 FTP IIS Manager Users Login Fail (530) on Windows Server 2008 R2 Standard.
I have created an FTP site and IIS Manager user but am having trouble logging in. I could really do with getting this working with the IIS Manager user rather than by creating a new system user since I'm fairly restricted with those accounts.
Here is the output when connecting locally through command prompt:
C:\Windows\system32>ftp localhost
Connected to MYSERVER.
220 Microsoft FTP Service
User (MYSERVER:(none)): MyFtpLogin
331 Password required for MyFtpLogin.
Password: ***
530-User cannot log in.
Win32 error: Logon failure: unknown user name or bad password.
Error details: An error occured during the authentication process.
530 End
Login failed.
I have followed the guide to configure ftp with iis manager authentication in iis 7 and Adding FTP Publishing to a Web Site in IIS 7
Things I have done and checked:
Here's a section of the applicationHost config file associated with the FTP site
<site name="MySite" id="8">
<application path="/" applicationPool="MyAppPool">
<virtualDirectory path="/" physicalPath="D:\Websites\MySite" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:80:www.mydomain.co.uk" />
<binding protocol="ftp" bindingInformation="*:21:www.mydomain.co.uk" />
</bindings>
<ftpServer>
<security>
<ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
<authentication>
<basicAuthentication enabled="true" />
<customAuthentication>
<providers>
<add name="IisManagerAuth" enabled="true" />
</providers>
</customAuthentication>
</authentication>
</security>
</ftpServer>
</site>
...
<location path="MySite">
<system.ftpServer>
<security>
<authorization>
<add accessType="Allow" users="MyFtpLogin" permissions="Read, Write" />
</authorization>
</security>
</system.ftpServer>
</location>
If I connect to the Site (not FTP) from my local IIS Manager using the same IIS Manager account details then it connects fine, I can browse files and change settings as I would locally (though I don't seem to have an option to upload files). Trying to connect via FTP though either through the browser or FileZilla etc... gives me:
Status: Resolving address of www.mydomain.co.uk
Status: Connecting to 123.456.12.123:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: USER MyFtpLogin
Response: 331 Password required for MyFtpLogin.
Command: PASS *********
Response: 530 User cannot log in.
Error: Critical error
Error: Could not connect to server
I have tried collecting etw traces for ftp sessions, in the logs I get a FailBasicLogon followed by a FailCustomLogon, but no other info:
FailBasicLogon SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ErrorCode=0x8007052E
StartCustomLogon SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | LogonProvider=IisManagerAuth
StartCallProvider SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | provider=IisManagerAuth
EndCallProvider SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55}
EndCustomLogon SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55}
FailCustomLogon SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ErrorCode=0x8007052E
FailFtpCommand SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ReturnValue=0x8007052E | SubStatus=ERROR_DURING_AUTHENTICATION
In the normal FTP logs I just get:
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 ControlChannelOpened - - 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 USER MyFtpLogin 331 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 PASS *** 530 1326 41 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 ControlChannelClosed - - 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
If anyone has any ideas than I would be very grateful to hear them. Many thanks.
So after many lost hours, I came back to this with fresh eyes and new fire in my soul. It seemed I was a little too focused on what settings the new FTP site had and paid little attention to other influences.
It turned out that there was a global 'Default FTP Site' which was catching all FTP requests on port 21, since the user wasn't added to the list of authorised accounts for this site, it was returning an unauthorised response.
Adding the user to the default FTP site enabled me to log in, but I was then getting put into the root FTP directory for the default site (similar to http://forums.iis.net/t/1156913.aspx). Changing the Log on to <hostheader>|<username>
didn't work either and returned a 530 Valid hostname is expected
response.
After banging my head on the desk a few times I went back and checked and re-checked each and every setting. Typically in the end it turned out to be a typo in the host header name set in the site bindings. Logging on using <hostheader>|<username>
subsequently worked once the typo had been fixed.
In Summary
<hostheader>|<username>
format in
order for IIS to pick up which site I intended to log in to Same issue here. What fixed it for me was setting a default domain.
I just wanted to add to this answer here, because it came up early in my search.
I found this question while looking for a solution to my scenario, which was:
A ftp user was able to login 90% of the time, but would almost always fail to login the first time.
This was quite an annoying problem. I was bleeding my eyes out trying to fix it.
The solution ended up being very simple: Reset the user's password. Problem solved. I hope this helps someone not waste some much time.
Also got this error on Windows 2012 IIS 8
My setup is a new simple ftp site, auth basic, auth rules allow domain users, ftp user isolation set to ftp root directory (no messing with AD)
Worked for old users, worked for admins - wouldn't work for new users!
Altered the defaultapppool
identity to be localsystem
, then it worked.
In my case, under the FTP site >> FTP Authentication >> Basic Authentication (Select 'Edit' under Actions on the right). When the prompt for 'Edit Basic Authentication Settings' pops up, leave the 'Default domain' as empty. This worked for us for Server 2008 R2.
User contributions licensed under CC BY-SA 3.0