SSL FTP Configuration

I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

The strange thing is I have no problems connecting via regular FTP on the same server.  

I'm using IIS for Windows Server 2016 FTP site.

On the client side I'm using WinSCP.

I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
LVL 12
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James BunchSystems EngineerCommented:
What SSL settings are you using to connect to the SFTP. If you choose an authentication mode that does not match the expected mode of the server it won't connect/authenticate.
Dan McFaddenSystems EngineerCommented:
A few questions:

1. Are you using a Self-Signed Cert or do you have a valid SSL Cert from a known Certificate Authority?
2. Is this for internal (LAN) or external (Internet) access?
3. If for external access, is there an external firewall involved or only the Windows Firewall Service?

Here is a good how to on the WinSCP website:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ScriptAddictAuthor Commented:
my FTP SSL Settings are:
* is my SSL Certificate issued from a known cert authority.  

I've set it to allow SSL connections

I'm using basic authentication.

This is for external users.

The user is set for Read Write.

FTP Dir browsing is MS-DOS with nothing checked.

FTP Firewall support is not active, because the server don't have a firewall, but our Sonicwall does that.  I currently have only port 21 pointed to that server.  I've set the external IP address properly and assigned data ports of 6000-7000 in the FTP firewall support.  While not currently opened.  At one point I had directed Port 20, 990, and the 6000-7000 to that server.  However no difference.  

There are no restrictions on IP currently.

There is no request filtering.

There is no user isolation.  Users start in the root directory.

I wonder if I need to configure some ports on the client side in order for things to work smoothly?

At the top level I just turned on impersonation.
ScriptAddictAuthor Commented:
I"ve reopened Port 990 and the data range 6000-7000.  

I've got bindings on port 21 and 990 on the FTP server.  

I tested non encrypted access.  Success.  I can do what I want.

Now SSL:
Using WinSCP I've toggled only encyrption to use port 990.  
it says:
connection to
TLS connection established.  Waiting for welcome message...
Starting the session...
Reading Remote Directory...
At this point an error message pops up:
Error listing directory '/'.
Could not retrieve directory listing
Server cannot accept argument.

ok... let's try passive mode.  

And that's it.  I could swear I tried  that yesterday a bunch of times.  However today I restarted the Microsoft FTP service after making my changes.  Perhaps that's what made the difference.  I had thought that iisreset /restart would do the same thing, or recycling the FTP site or the app pool.  But everything failed before that.  

Thanks for helping!
ScriptAddictAuthor Commented:
It's now working
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.