SSL FTP Configuration

ScriptAddict
ScriptAddict used Ask the Experts™
on
I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

The strange thing is I have no problems connecting via regular FTP on the same server.  

I'm using IIS for Windows Server 2016 FTP site.

On the client side I'm using WinSCP.

I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
James BunchSystems Engineer
Commented:
What SSL settings are you using to connect to the SFTP. If you choose an authentication mode that does not match the expected mode of the server it won't connect/authenticate.
Systems Engineer
Commented:
A few questions:

1. Are you using a Self-Signed Cert or do you have a valid SSL Cert from a known Certificate Authority?
2. Is this for internal (LAN) or external (Internet) access?
3. If for external access, is there an external firewall involved or only the Windows Firewall Service?

Here is a good how to on the WinSCP website:

https://winscp.net/eng/docs/guide_windows_ftps_server#on_windows_server_2016_and_windows_server_2012

Dan
my FTP SSL Settings are:
*.corp.domain.com is my SSL Certificate issued from a known cert authority.  

I've set it to allow SSL connections

I'm using basic authentication.

This is for external users.

The user is set for Read Write.

FTP Dir browsing is MS-DOS with nothing checked.

FTP Firewall support is not active, because the server don't have a firewall, but our Sonicwall does that.  I currently have only port 21 pointed to that server.  I've set the external IP address properly and assigned data ports of 6000-7000 in the FTP firewall support.  While not currently opened.  At one point I had directed Port 20, 990, and the 6000-7000 to that server.  However no difference.  

There are no restrictions on IP currently.

There is no request filtering.

There is no user isolation.  Users start in the root directory.

I wonder if I need to configure some ports on the client side in order for things to work smoothly?

At the top level I just turned on asp.net impersonation.
Update:
I"ve reopened Port 990 and the data range 6000-7000.  

I've got bindings on port 21 and 990 on the FTP server.  

I tested non encrypted access.  Success.  I can do what I want.

Now SSL:
Using WinSCP I've toggled only encyrption to use port 990.  
it says:
connection to ftp.domain.com:990
TLS connection established.  Waiting for welcome message...
Connected
Starting the session...
Reading Remote Directory...
At this point an error message pops up:
Error listing directory '/'.
Could not retrieve directory listing
Server cannot accept argument.

ok... let's try passive mode.  

And that's it.  I could swear I tried  that yesterday a bunch of times.  However today I restarted the Microsoft FTP service after making my changes.  Perhaps that's what made the difference.  I had thought that iisreset /restart would do the same thing, or recycling the FTP site or the app pool.  But everything failed before that.  

Thanks for helping!
It's now working

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial