We help IT Professionals succeed at work.

SSL FTP Configuration

I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

The strange thing is I have no problems connecting via regular FTP on the same server.  

I'm using IIS for Windows Server 2016 FTP site.

On the client side I'm using WinSCP.

I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
Watch Question

James BunchSystems Engineer
What SSL settings are you using to connect to the SFTP. If you choose an authentication mode that does not match the expected mode of the server it won't connect/authenticate.
Systems Engineer
A few questions:

1. Are you using a Self-Signed Cert or do you have a valid SSL Cert from a known Certificate Authority?
2. Is this for internal (LAN) or external (Internet) access?
3. If for external access, is there an external firewall involved or only the Windows Firewall Service?

Here is a good how to on the WinSCP website:


my FTP SSL Settings are:
*.corp.domain.com is my SSL Certificate issued from a known cert authority.  

I've set it to allow SSL connections

I'm using basic authentication.

This is for external users.

The user is set for Read Write.

FTP Dir browsing is MS-DOS with nothing checked.

FTP Firewall support is not active, because the server don't have a firewall, but our Sonicwall does that.  I currently have only port 21 pointed to that server.  I've set the external IP address properly and assigned data ports of 6000-7000 in the FTP firewall support.  While not currently opened.  At one point I had directed Port 20, 990, and the 6000-7000 to that server.  However no difference.  

There are no restrictions on IP currently.

There is no request filtering.

There is no user isolation.  Users start in the root directory.

I wonder if I need to configure some ports on the client side in order for things to work smoothly?

At the top level I just turned on asp.net impersonation.
I"ve reopened Port 990 and the data range 6000-7000.  

I've got bindings on port 21 and 990 on the FTP server.  

I tested non encrypted access.  Success.  I can do what I want.

Now SSL:
Using WinSCP I've toggled only encyrption to use port 990.  
it says:
connection to ftp.domain.com:990
TLS connection established.  Waiting for welcome message...
Starting the session...
Reading Remote Directory...
At this point an error message pops up:
Error listing directory '/'.
Could not retrieve directory listing
Server cannot accept argument.

ok... let's try passive mode.  

And that's it.  I could swear I tried  that yesterday a bunch of times.  However today I restarted the Microsoft FTP service after making my changes.  Perhaps that's what made the difference.  I had thought that iisreset /restart would do the same thing, or recycling the FTP site or the app pool.  But everything failed before that.  

Thanks for helping!
It's now working