IIS7 FTP Setup - An error occured during the authentication process. 530 End Login failed

Posted by robmzd on Server Fault See other posts from Server Fault or by robmzd
Published on 2012-10-23T22:26:55Z Indexed on 2012/10/23 23:02 UTC
Read the original article Hit count: 391

Filed under:
|

I'm having a problem very similar to IIS 7.5 FTP IIS Manager Users Login Fail (530) on Windows Server 2008 R2 Standard.

I have created an FTP site and IIS Manager user but am having trouble logging in. I could really do with getting this working with the IIS Manager user rather than by creating a new system user since I'm fairly restricted with those accounts.

Here is the output when connecting locally through command prompt:

C:\Windows\system32>ftp localhost
Connected to MYSERVER.
220 Microsoft FTP Service
User (MYSERVER:(none)): MyFtpLogin
331 Password required for MyFtpLogin.
Password: ***
530-User cannot log in.
 Win32 error:   Logon failure: unknown user name or bad password.
 Error details: An error occured during the authentication process.
530 End
Login failed.

I have followed the guide to configure ftp with iis manager authentication in iis 7 and Adding FTP Publishing to a Web Site in IIS 7

Things I have done and checked:

  • The FTP Service is installed (along with FTP Extensibility).
  • Local Service and Network Service have been given access to the site folder
  • Permission has been given to the config files
  • Granted read/write permissions to the FTP Root folder
  • The Management Service is installed and running
  • Enable remote connections is ticked with 'Windows credentials or IIS manager credentials' selected
  • The IIS Manager User has been added to the server (root connection in the IIS connections branch)
  • The new FTP site has been added
  • IIS Manager Authentication has been added to the FTP authentication providers
  • The IIS Manager user has been added to the IIS Manager Permissions list for the site
  • Added Read/Write permissions for the user in the FTP Authorization Rules

Here's a section of the applicationHost config file associated with the FTP site

<site name="MySite" id="8">
    <application path="/" applicationPool="MyAppPool">
        <virtualDirectory path="/" physicalPath="D:\Websites\MySite" />
    </application>
    <bindings>
        <binding protocol="http" bindingInformation="*:80:www.mydomain.co.uk" />
        <binding protocol="ftp" bindingInformation="*:21:www.mydomain.co.uk" />
    </bindings>
    <ftpServer>
        <security>
            <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
            <authentication>
                <basicAuthentication enabled="true" />
                <customAuthentication>
                    <providers>
                        <add name="IisManagerAuth" enabled="true" />
                    </providers>
                </customAuthentication>
            </authentication>
        </security>
    </ftpServer>
</site>

...

<location path="MySite">
    <system.ftpServer>
        <security>
            <authorization>
                <add accessType="Allow" users="MyFtpLogin" permissions="Read, Write" />
            </authorization>
        </security>
    </system.ftpServer>
</location>

If I connect to the Site (not FTP) from my local IIS Manager using the same IIS Manager account details then it connects fine, I can browse files and change settings as I would locally (though I don't seem to have an option to upload files). Trying to connect via FTP though either through the browser or FileZilla etc... gives me:

Status: Resolving address of www.mydomain.co.uk
Status: Connecting to 123.456.12.123:21...
Status: Connection established, waiting for welcome message...
Response:   220 Microsoft FTP Service
Command:    USER MyFtpLogin
Response:   331 Password required for MyFtpLogin.
Command:    PASS *********
Response:   530 User cannot log in.
Error:  Critical error
Error:  Could not connect to server

I have tried collecting etw traces for ftp sessions, in the logs I get a FailBasicLogon followed by a FailCustomLogon, but no other info:

FailBasicLogon  SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ErrorCode=0x8007052E
StartCustomLogon    SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | LogonProvider=IisManagerAuth
StartCallProvider   SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | provider=IisManagerAuth
EndCallProvider SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55}
EndCustomLogon  SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55}
FailCustomLogon SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ErrorCode=0x8007052E
FailFtpCommand  SessionId={cad26a97-225d-45ba-ab1f-f6acd9046e55} | ReturnValue=0x8007052E | SubStatus=ERROR_DURING_AUTHENTICATION

In the normal FTP logs I just get:

2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 ControlChannelOpened - - 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 USER MyFtpLogin 331 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 PASS *** 530 1326 41 e2d4e935-fb31-4f2c-af79-78d75d47c18e -
2012-10-23 16:13:11 123.456.12.123 - 123.456.12.123 21 ControlChannelClosed - - 0 0 e2d4e935-fb31-4f2c-af79-78d75d47c18e -

If anyone has any ideas than I would be very grateful to hear them. Many thanks.

© Server Fault or respective owner

Related posts about iis7

Related posts about ftp