Administrator can't login to FTP site root folder

Posted on 2007-12-05
Last Modified: 2013-11-29
We're using Windows Server 2003 Web Edition.

I've setup an FTP site with the "Isolate Users" option (non-AD)
I've setup the ftproot folder as below

When I try to access the FTP site using Customer1's credentials, I am able to login fine and see files in ftproot/LocalUser/Customer1

When I try to access the FTP site using Administrator's credentials, I can't login and I get the message
530 User Administrator cannot login, home directory inaccessible.

If I add a folder for Administrator... as in the example below.... Administrator can login fine but can only see ftproot/LocalUser/Administrator


The webserver not in a domain... it's in it's own workgroup.
User Administrator has full security permission to the root of the drive and the ftproot folder shows inherited permissions.

What I would like to do is this...
I have an internal account called Upload
1.  I would like Upload to be able to connect to the FTP server and see ftproot and all it's subfolders.
2.  I would like the anonymous account to connect to the FTP server and only see ftproot/LocalUser/Public
3.  Any customer accounts would be able to connect to the FTP server and only see
      ftproot/LocalUser/CustomerName  folder

Item 3 seems to work fine now...
Item 2 also seems to work fine now...

Item 1 is the problem....  I can't even do this as the Administrator...
I think once we can figure out why the Administrator account can't connect via FTP and see the root, I'll be able to get it to work on the "Upload" user account.

Any ideas?

Question by:Die-Tech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 28

Expert Comment

by:Dan McFadden
ID: 20413842
Well, an ftp error code of 530 states that the user is not logged in.  Is it possible to see what the IIS ftp logs say?  I would recommend blacking out the fields that contain sensitive info...

As a test, I suggest the following:
- create a new virtual directory on the ftp server
- make the path "ftproot/LocalUser/"
- name it "Administrator"
- enable read and write permissions in the ftp virtual directory
- login as administrator and see if you can traverse the ftp structure

If you can not traverse the structure, I tend to think is it an NTFS ACL issue.

Also, playing with ACLs can get ugly, I usually recommend setting up FTP using predominately Virtual Directories.  This helps ease the isolation customer data from one another.  You would setup a read only ftproot that is an empty directory and the customer directories should be in another location outside of the empty ftproot.  The Virtual Directories are then named according to the user logging, this will automatically be their home directory.  Since the structures under ftp are mostly virtuals, there is no directory structure to be browsed off the root.

For example:

D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

In this example, the customer directories would outside the browseable ftp root and then need to be set up as virtuals off the root of the ftp server.  This will also help prevent unintended ACL inheritance when modifying ACLs on new customer structure.  In this exampe, I would also set up the Administrator virtual as having the path of D:\FtpService.

Hope this helps.


Author Comment

ID: 20413965
I had CuteFTP retry logging in as Administrator...

Here is an exerpt from the IIS ftp log...

19:00:38 [1405]USER Administrator 331 0
19:00:38 [1405]PASS - 530 5
19:00:39 [1406]QUIT - 220 0
19:00:39 [1407]USER Administrator 331 0
19:00:39 [1407]PASS - 530 5
19:00:42 [1408]USER Administrator 331 0
19:00:42 [1408]PASS - 530 5

After 3 tries, I closed CuteFTP
Each try gave me the 530 error.... but like I mentioned earlier, if you make an Administrator folder under ftproot\LocalUser   it works fine... so it's definitely not a password problem.

I'm going to try making the virtual directory as see what that does.


Author Comment

ID: 20413985
Ok.... I did the following...
- created a new virtual directory on the ftp server
- made the path "ftproot/LocalUser/"
- named it "Administrator"
- enabled read and write permissions in the ftp virtual directory
- Tried to login as administrator and got the 530 errors
LVL 28

Expert Comment

by:Dan McFadden
ID: 20414082
Based on the log snippet and your last comment, I believe there is an issue with your administrator accoutn and password.

An ftp error code of 331 is user name ok, bu tpassword needed
An ftp error code of 530 means the user is not properly logged in.

The password being used for the admin account is incorrect.  I would verify the admin password.

Accepted Solution

Die-Tech earned 0 total points
ID: 20414305
The password is definitely correct.... I'm also connect to the same FTP server via Remote Desktop Connection using Administrator and the same password.

I think the problem has to do with this "Isolate Users" option... when you create the FTP site.

I'm new to IIS6.0, in the old 4.0 and 5.0 days, I would make an FTP site, make a group that had only List permission to ftproot    put all FTP users in the group.... then manually manage the permissions for the folders under ftproot   Administrator would connect and be able to transverse the whole folder structure... any other users would only be able to see the subfolders, if they tried to change to one they didn't have access to, they would be denied.

I just tried making the following...
D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

I can't get logged in using Administrator or customer1... or anonymous

I'm going to try and do the same folder structure but without making the site isolate users.
I think using the virtual folders will do all the isolation I need...  I'll let you know how that goes.


Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question