Administrator can't login to FTP site root folder

Posted on 2007-12-05
Last Modified: 2013-11-29
We're using Windows Server 2003 Web Edition.

I've setup an FTP site with the "Isolate Users" option (non-AD)
I've setup the ftproot folder as below

When I try to access the FTP site using Customer1's credentials, I am able to login fine and see files in ftproot/LocalUser/Customer1

When I try to access the FTP site using Administrator's credentials, I can't login and I get the message
530 User Administrator cannot login, home directory inaccessible.

If I add a folder for Administrator... as in the example below.... Administrator can login fine but can only see ftproot/LocalUser/Administrator


The webserver not in a domain... it's in it's own workgroup.
User Administrator has full security permission to the root of the drive and the ftproot folder shows inherited permissions.

What I would like to do is this...
I have an internal account called Upload
1.  I would like Upload to be able to connect to the FTP server and see ftproot and all it's subfolders.
2.  I would like the anonymous account to connect to the FTP server and only see ftproot/LocalUser/Public
3.  Any customer accounts would be able to connect to the FTP server and only see
      ftproot/LocalUser/CustomerName  folder

Item 3 seems to work fine now...
Item 2 also seems to work fine now...

Item 1 is the problem....  I can't even do this as the Administrator...
I think once we can figure out why the Administrator account can't connect via FTP and see the root, I'll be able to get it to work on the "Upload" user account.

Any ideas?

Question by:Die-Tech
  • 3
  • 2
LVL 27

Expert Comment

by:Dan McFadden
ID: 20413842
Well, an ftp error code of 530 states that the user is not logged in.  Is it possible to see what the IIS ftp logs say?  I would recommend blacking out the fields that contain sensitive info...

As a test, I suggest the following:
- create a new virtual directory on the ftp server
- make the path "ftproot/LocalUser/"
- name it "Administrator"
- enable read and write permissions in the ftp virtual directory
- login as administrator and see if you can traverse the ftp structure

If you can not traverse the structure, I tend to think is it an NTFS ACL issue.

Also, playing with ACLs can get ugly, I usually recommend setting up FTP using predominately Virtual Directories.  This helps ease the isolation customer data from one another.  You would setup a read only ftproot that is an empty directory and the customer directories should be in another location outside of the empty ftproot.  The Virtual Directories are then named according to the user logging, this will automatically be their home directory.  Since the structures under ftp are mostly virtuals, there is no directory structure to be browsed off the root.

For example:

D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

In this example, the customer directories would outside the browseable ftp root and then need to be set up as virtuals off the root of the ftp server.  This will also help prevent unintended ACL inheritance when modifying ACLs on new customer structure.  In this exampe, I would also set up the Administrator virtual as having the path of D:\FtpService.

Hope this helps.


Author Comment

ID: 20413965
I had CuteFTP retry logging in as Administrator...

Here is an exerpt from the IIS ftp log...

19:00:38 [1405]USER Administrator 331 0
19:00:38 [1405]PASS - 530 5
19:00:39 [1406]QUIT - 220 0
19:00:39 [1407]USER Administrator 331 0
19:00:39 [1407]PASS - 530 5
19:00:42 [1408]USER Administrator 331 0
19:00:42 [1408]PASS - 530 5

After 3 tries, I closed CuteFTP
Each try gave me the 530 error.... but like I mentioned earlier, if you make an Administrator folder under ftproot\LocalUser   it works fine... so it's definitely not a password problem.

I'm going to try making the virtual directory as see what that does.


Author Comment

ID: 20413985
Ok.... I did the following...
- created a new virtual directory on the ftp server
- made the path "ftproot/LocalUser/"
- named it "Administrator"
- enabled read and write permissions in the ftp virtual directory
- Tried to login as administrator and got the 530 errors
LVL 27

Expert Comment

by:Dan McFadden
ID: 20414082
Based on the log snippet and your last comment, I believe there is an issue with your administrator accoutn and password.

An ftp error code of 331 is user name ok, bu tpassword needed
An ftp error code of 530 means the user is not properly logged in.

The password being used for the admin account is incorrect.  I would verify the admin password.

Accepted Solution

Die-Tech earned 0 total points
ID: 20414305
The password is definitely correct.... I'm also connect to the same FTP server via Remote Desktop Connection using Administrator and the same password.

I think the problem has to do with this "Isolate Users" option... when you create the FTP site.

I'm new to IIS6.0, in the old 4.0 and 5.0 days, I would make an FTP site, make a group that had only List permission to ftproot    put all FTP users in the group.... then manually manage the permissions for the folders under ftproot   Administrator would connect and be able to transverse the whole folder structure... any other users would only be able to see the subfolders, if they tried to change to one they didn't have access to, they would be denied.

I just tried making the following...
D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

I can't get logged in using Administrator or customer1... or anonymous

I'm going to try and do the same folder structure but without making the site isolate users.
I think using the virtual folders will do all the isolation I need...  I'll let you know how that goes.


Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS8 Internal IP Address Disclosed in HTTP Headers 21 167
extend vlan through a layer 3 connection 31 147
Questions about DHCP migration 5 61
TLS/SSL Diable 3DES ciper suites 4 30
Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question