Administrator can't login to FTP site root folder

Posted on 2007-12-05
Last Modified: 2013-11-29
We're using Windows Server 2003 Web Edition.

I've setup an FTP site with the "Isolate Users" option (non-AD)
I've setup the ftproot folder as below

When I try to access the FTP site using Customer1's credentials, I am able to login fine and see files in ftproot/LocalUser/Customer1

When I try to access the FTP site using Administrator's credentials, I can't login and I get the message
530 User Administrator cannot login, home directory inaccessible.

If I add a folder for Administrator... as in the example below.... Administrator can login fine but can only see ftproot/LocalUser/Administrator


The webserver not in a domain... it's in it's own workgroup.
User Administrator has full security permission to the root of the drive and the ftproot folder shows inherited permissions.

What I would like to do is this...
I have an internal account called Upload
1.  I would like Upload to be able to connect to the FTP server and see ftproot and all it's subfolders.
2.  I would like the anonymous account to connect to the FTP server and only see ftproot/LocalUser/Public
3.  Any customer accounts would be able to connect to the FTP server and only see
      ftproot/LocalUser/CustomerName  folder

Item 3 seems to work fine now...
Item 2 also seems to work fine now...

Item 1 is the problem....  I can't even do this as the Administrator...
I think once we can figure out why the Administrator account can't connect via FTP and see the root, I'll be able to get it to work on the "Upload" user account.

Any ideas?

Question by:Die-Tech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 27

Expert Comment

by:Dan McFadden
ID: 20413842
Well, an ftp error code of 530 states that the user is not logged in.  Is it possible to see what the IIS ftp logs say?  I would recommend blacking out the fields that contain sensitive info...

As a test, I suggest the following:
- create a new virtual directory on the ftp server
- make the path "ftproot/LocalUser/"
- name it "Administrator"
- enable read and write permissions in the ftp virtual directory
- login as administrator and see if you can traverse the ftp structure

If you can not traverse the structure, I tend to think is it an NTFS ACL issue.

Also, playing with ACLs can get ugly, I usually recommend setting up FTP using predominately Virtual Directories.  This helps ease the isolation customer data from one another.  You would setup a read only ftproot that is an empty directory and the customer directories should be in another location outside of the empty ftproot.  The Virtual Directories are then named according to the user logging, this will automatically be their home directory.  Since the structures under ftp are mostly virtuals, there is no directory structure to be browsed off the root.

For example:

D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

In this example, the customer directories would outside the browseable ftp root and then need to be set up as virtuals off the root of the ftp server.  This will also help prevent unintended ACL inheritance when modifying ACLs on new customer structure.  In this exampe, I would also set up the Administrator virtual as having the path of D:\FtpService.

Hope this helps.


Author Comment

ID: 20413965
I had CuteFTP retry logging in as Administrator...

Here is an exerpt from the IIS ftp log...

19:00:38 [1405]USER Administrator 331 0
19:00:38 [1405]PASS - 530 5
19:00:39 [1406]QUIT - 220 0
19:00:39 [1407]USER Administrator 331 0
19:00:39 [1407]PASS - 530 5
19:00:42 [1408]USER Administrator 331 0
19:00:42 [1408]PASS - 530 5

After 3 tries, I closed CuteFTP
Each try gave me the 530 error.... but like I mentioned earlier, if you make an Administrator folder under ftproot\LocalUser   it works fine... so it's definitely not a password problem.

I'm going to try making the virtual directory as see what that does.


Author Comment

ID: 20413985
Ok.... I did the following...
- created a new virtual directory on the ftp server
- made the path "ftproot/LocalUser/"
- named it "Administrator"
- enabled read and write permissions in the ftp virtual directory
- Tried to login as administrator and got the 530 errors
LVL 27

Expert Comment

by:Dan McFadden
ID: 20414082
Based on the log snippet and your last comment, I believe there is an issue with your administrator accoutn and password.

An ftp error code of 331 is user name ok, bu tpassword needed
An ftp error code of 530 means the user is not properly logged in.

The password being used for the admin account is incorrect.  I would verify the admin password.

Accepted Solution

Die-Tech earned 0 total points
ID: 20414305
The password is definitely correct.... I'm also connect to the same FTP server via Remote Desktop Connection using Administrator and the same password.

I think the problem has to do with this "Isolate Users" option... when you create the FTP site.

I'm new to IIS6.0, in the old 4.0 and 5.0 days, I would make an FTP site, make a group that had only List permission to ftproot    put all FTP users in the group.... then manually manage the permissions for the folders under ftproot   Administrator would connect and be able to transverse the whole folder structure... any other users would only be able to see the subfolders, if they tried to change to one they didn't have access to, they would be denied.

I just tried making the following...
D:\FtpService (just a structure to isolate ftp from other services)
--- ftproot (contains read-only permissions)
--- --- public (if necessary... apply the necessary ACLs for access)
--- customer1
--- customer2
--- customer3

I can't get logged in using Administrator or customer1... or anonymous

I'm going to try and do the same folder structure but without making the site isolate users.
I think using the virtual folders will do all the isolation I need...  I'll let you know how that goes.


Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
slow IIS responses after Microsoft December 2016 patches 3 82
IIS 8.5 WebDav Shared Handler Mappings 6 59
Domain Controller FSMO 7 73
what is mstp 6 64
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question