commeng
asked on
Error 530 User Cannot Log In
I am trying to create an FTP site with SSL. I get the following message everytime I attempt to connect from within the network, there are no firewalls between me and the server and because I was having problems, I added my test user to the local Administrator Group on the server, but still can't get past the error:
Connect socket #5020 to 172.16.0.65, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
USER LOC
331 Password required for LOC.
PASS **********
530 User cannot log in.
Connection Failed
Connect socket #5020 to 172.16.0.65, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
USER LOC
331 Password required for LOC.
PASS **********
530 User cannot log in.
Connection Failed
ASKER
In the user setup I gave them a home directory d:\sftp\ftpuser1 will full rights. But I created a ftpuser1 folder in the inetpub directory, with appropriate rights, but that did not resolve the problem either.
Hi again,
In IIS click the FTP server once and click basic settings, where does this physical path lead to?
In IIS click the FTP server once and click basic settings, where does this physical path lead to?
ASKER
D:\SFTP
ASKER
OK, what did I miss. If I click test connection this is what I get:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
I believe your FTP is configured using default apppool which has networkservice rights and are automatically injected to that folder once you created the FTP server in IIS.
Can you tell or show us what "FTP Authorization Rules" (IIS->FTP server) looks like?
Can you tell or show us what "FTP Authorization Rules" (IIS->FTP server) looks like?
ASKER
FTP Authorization Rules are
Mode: Allow
Users: All Users
Permissions: Read,Write
Mode: Allow
Users: All Users
Permissions: Read,Write
Cool, is this test ftp user you created a member of all users on the ftp server?
ASKER
Yes
ok, is the data range specified while creating FTP server freed in the firewall? (check FTP Firewall Support)
next:
In FTP SSL Settings-> what does it say? (should be allow certificate)
next:
In FTP SSL Settings-> what does it say? (should be allow certificate)
ASKER
FTP Firewall Support is blank
FTP SSL Setting are
SSL Certiciation: share.domain.com
SSL Policy: Allow SSL Connections
Use 128-bit encryption for SSL connections is checked.
FTP SSL Setting are
SSL Certiciation: share.domain.com
SSL Policy: Allow SSL Connections
Use 128-bit encryption for SSL connections is checked.
No data channels? is this ftp server for a very small group of users?
what happens if you solely add that test user to FTP AUTHORIZATION RULES?
what happens if you solely add that test user to FTP AUTHORIZATION RULES?
ASKER
Yes it is very small.
OK if I add the user alone then the Test Connection completes!
but when I go to my FTP Client it displays the same error message
OK, let me change that statement, if I Connect As the user during the test it works, if I us Pass-through authentication it still fails, on the test
OK if I add the user alone then the Test Connection completes!
but when I go to my FTP Client it displays the same error message
OK, let me change that statement, if I Connect As the user during the test it works, if I us Pass-through authentication it still fails, on the test
Ah then we are close to the solution!
In IIS click the FTP server and click Basic Settings. What application pool user is specified. remember it.
Go to application pool users-> click the application pool once and select advanced settings. What is specified in 'identity'? toggle between localservice/networkservic e/others to find out which one works.
In IIS click the FTP server and click Basic Settings. What application pool user is specified. remember it.
Go to application pool users-> click the application pool once and select advanced settings. What is specified in 'identity'? toggle between localservice/networkservic
ASKER
It just says pass-through authenication and I cannot find application pool users, can you point me a direction?
ASKER
I don't see an Application Pool for the FTP site, should there be one?
Which version server/IIS are you using? (i was assuming 2008/IIS7)
If that is the case then yes, there should be an application user.
If that is the case then yes, there should be an application user.
ASKER
Yes Windows 2008R2 IIS 7.5
Where would application user be?
Where would application user be?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is basically what I did with success with test user, but I still could not connect with an FTP client remotely.
ASKER
Yes I see the DefaultAppPool
ASKER
The identity is ApplicationPoolIdentity
So go to application pools (left top corner), select the default apppool and click on advanced settings -> identity
ASKER
OK if I change the ApplicationPoolIdentity to my test user the basic test setting work. However, when I go to my FTP client I am still getting:
onnect socket #6188 to 172.16.0.65, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
USER LOC
331 Password required for LOC.
PASS **********
530 User cannot log in.
onnect socket #6188 to 172.16.0.65, port 21...
220 Microsoft FTP Service
AUTH SSL
234 AUTH command ok. Expecting TLS Negotiation.
USER LOC
331 Password required for LOC.
PASS **********
530 User cannot log in.
Then it looks like your credentials are incorrect. What do you use as username? testuser or domain\testuser or testuser@domain.xx ?
Check event viewer -> security what is the error.
Check event viewer -> security what is the error.
ASKER
I am using testuser to login both in the basic settings and when using the FTP Client.
When I use the Basic Settings, I see it in the Security in Event Viewer. When I use the client from computer there is no entry in Security.
When I use the Basic Settings, I see it in the Security in Event Viewer. When I use the client from computer there is no entry in Security.
ASKER
I feel like I may be making progress now.
I went to FTP User Isolation and I selected User name directory (disable global virtual directories).
Now when I log in I receive the follow error:
Connect socket #1848 to 172.16.0.65, port 21...
220 Microsoft FTP Service
USER domain|LOC
331 Password required for ceishare.commeng.com|LOC.
PASS **********
530 User cannot log in, home directory inaccessible.
So what am I missing
I went to FTP User Isolation and I selected User name directory (disable global virtual directories).
Now when I log in I receive the follow error:
Connect socket #1848 to 172.16.0.65, port 21...
220 Microsoft FTP Service
USER domain|LOC
331 Password required for ceishare.commeng.com|LOC.
PASS **********
530 User cannot log in, home directory inaccessible.
So what am I missing
ASKER
OK, so here is what I did to solve the problem. Thank you Patrick for your help.
I had bind the domain name to the site and change the login name to domain|user and I turned of UAC on the server. Everything started working.
I had bind the domain name to the site and change the login name to domain|user and I turned of UAC on the server. Everything started working.
Does this 'user' have a home directory in FTP logical path?
If user is called 'ftpuser1' there should be a folder in e.g. c:\inetpub\ftp\ftpuser1
Offcourse this user needs to have read/write/modify rights on this folder.