Can't connect to Windows Server 2012 (IIS 8) FTP when using

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
j.maletzky
504 Command not implemented
Posts: 10
Joined: 2013-05-07 08:17
First name: Joerg
Last name: Maletzky

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#106 Post by j.maletzky » 2013-05-21 09:24

@ Site Admin
The client then deems this as a failure and deletes the file.
Same problem here. Filezilla deletes files on that error.
Our users were not amused!!!

Disabling TLS 1.2 on the server AND change cipher suite priority to
TLS_RSA_WITH_RC4_128_SHA on top of the list of the server,
solves the problem for us.


Joerg

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#107 Post by botg » 2013-05-21 18:02

You're mistaken, FileZilla doesn't delete non-empty files on failed transfers.

j.maletzky
504 Command not implemented
Posts: 10
Joined: 2013-05-07 08:17
First name: Joerg
Last name: Maletzky

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#108 Post by j.maletzky » 2013-05-22 08:26

@Site Admin
You're mistaken, FileZilla doesn't delete non-empty files on failed transfers.
Fine. I 'll tell that our users. They will love that.

Joerg

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#109 Post by botg » 2013-05-22 19:13

Good.

Mr.Hinker
500 Command not understood
Posts: 3
Joined: 2013-05-22 17:33

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#110 Post by Mr.Hinker » 2013-05-22 19:28

I'm not a IIS admin but have flickered a bit with it and I got FileZilla to work with IIS8 by creating a self signed certificate using SHA256.

For interested parties a how-to can be found here -> http://www.madboa.com/geek/openssl/#cert-self
You need to add -SHA256

On the error where files are deleted when an error on upload occurs. I think this is the setting deleting them (screenshot), not FileZilla.

But as stated I don't normally work with IIS so not completely sure...
Attachments
IIS_setting.png
IIS_setting.png (16.37 KiB) Viewed 13279 times

gbaotic
504 Command not implemented
Posts: 10
Joined: 2012-12-04 11:30
First name: Goran
Last name: Baotic

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#111 Post by gbaotic » 2013-05-23 07:37

Mr.Hinker wrote:I'm not a IIS admin but have flickered a bit with it and I got FileZilla to work with IIS8 by creating a self signed certificate using SHA256.
When using a SHA256 self-signed certificate, handshake and directory browsing works just fine, but I get a "550 The supplied message is incomplete. The signature was not verified." when uploading.

Log:

Code: Select all

Trace:	Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-128-CBC, MAC: SHA256
Trace:	CTransferSocket::OnConnect
Trace:	CTlsSocket::Shutdown()
Trace:	CTransferSocket::TransferEnd(1)
Trace:	CFtpControlSocket::TransferEnd()
Trace:	CTlsSocket::OnRead()
Trace:	CFtpControlSocket::OnReceive()
Response:	550 The supplied message is incomplete. The signature was not verified. 
Trace:	CFtpControlSocket::TransferParseResponse()
Trace:	  code = 5
Trace:	  state = 7
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Trace:	CFtpControlSocket::ParseSubcommandResult(2)
Trace:	FileTransferSubcommandResult()
Trace:	CFtpControlSocket::ResetOperation(2)
Trace:	CControlSocket::ResetOperation(2)
Error:	File transfer failed

Mr.Hinker
500 Command not understood
Posts: 3
Joined: 2013-05-22 17:33

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#112 Post by Mr.Hinker » 2013-05-23 16:49

Yes I tested the upload on the w2k12 server and got the same problem.

Seems this is already recorded in this topic -> viewtopic.php?f=2&t=23740

And on this someone fixed the issue -> http://forums.iis.net/t/1163993.aspx/1

I have not tested this yet due to lack of time.

rossh
550 File not found
Posts: 35
Joined: 2013-03-11 09:46
First name: Ross

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#113 Post by rossh » 2013-05-24 09:15

botg wrote:
rossh wrote:The client then deems this as a failure and deletes the file.
FileZilla never deletes partial transfers.

Its not a partial transfer, it was a complete transfer. But because the server / client was missing some required / needed handshake component at the end of the transfer, it was then deemed a defect and the client / server would erase the file.

Now reading above about a self signed cert, interesting. This failure has the look of being unable to validate the certificate chain - just a guess, buts that where I'd start looking.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#114 Post by boco » 2013-05-24 09:28

A complete transfer in the sense of FTP includes everything, from beginning to final handshake. Even if all data has been transferred, if the final handshake fails it is still a partial transfer. And FileZilla never deletes those (else resuming wouldn't make sense). Servers tend to do such stupid things, on the other hand.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Mr.Hinker
500 Command not understood
Posts: 3
Joined: 2013-05-22 17:33

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#115 Post by Mr.Hinker » 2013-05-24 11:00

I have now tested the described fix (http://forums.iis.net/t/1163993.aspx/1)

Disabled SSL 2.0 and enabled TLS 1.1 and 1.2. moved TLS_RSA_WITH_RC4_128_SHA to the top of the priority list.

After restart of the server upload now worked. this was done on a W2012 IIS8 server.

Though the reason to why this works I can't explain !!

j.maletzky
504 Command not implemented
Posts: 10
Joined: 2013-05-07 08:17
First name: Joerg
Last name: Maletzky

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#116 Post by j.maletzky » 2013-05-24 12:17

@boco

Sounds resonable from a programmer's point of view, but from an
end user's point of view is this questionable.
Most users don't even know, that a resume functionality in FTP exists.

From an end user's point of view is a delete of incomplete (corrupt) files reasonable.

A helpful functionality would be a Filezilla popup dialog box, that tells the user what's
going on.

As this thread proves, there is a lack of information of what's happening.

Greetings
Joerg

xombiemp
500 Command not understood
Posts: 1
Joined: 2013-05-24 16:02

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#117 Post by xombiemp » 2013-05-24 16:24

botg wrote:Performing the TLS handshake succeeds if allowing RSA-SHA1 as X.509 signature algorithm.
I'm glad you were able to determine the problem. I have been checking signature algorithms on a bunch of SSL certs and everyone I've looked at so far have a signature algorithm of SHA1, including your filezilla-project.org cert. It seems that all CA's are still using the SHA1 signature algorithm either exclusively or by default.

Because SHA1 is still so pervasive, I'm hoping that you will make the changes necessary to allow a SHA1 signature algorithm.

Thanks for the filezilla project and the time/effort you put into it for free!

gbaotic
504 Command not implemented
Posts: 10
Joined: 2012-12-04 11:30
First name: Goran
Last name: Baotic

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#118 Post by gbaotic » 2013-05-26 16:38

I have just tested with FZ 3.7.0.2. True, handshake succeeds now on a sha1RSA certificate, but I can't upload any files.
FZ tries to upload a file couple of times, before it ends up in Failed transfers.

It is the very same error that I described in my previous post (2013-05-23 07:37), when I tested with FZ 3.7.0.1 and a SHA256-certificate.

Code: Select all

550 The supplied message is incomplete. The signature was not verified. 
See previous post for more details.

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#119 Post by botg » 2013-05-26 17:52

I'm trying to reproduce this using the test credentials you sent me a while ago, but it doesn't get that far, the data connection ports seem firewalls.

eXpress
500 Command not understood
Posts: 2
Joined: 2013-05-26 18:29

Re: Can't connect to Windows Server 2012 (IIS 8) FTP when us

#120 Post by eXpress » 2013-05-26 18:32

I also get the "550 The supplied message is incomplete. The signature was not verified." error with version 3.7.0.2, using explicit FTP over TLS.

Code: Select all

Status:	Starting upload of C:\temp\test.exe
Status:	Retrieving directory listing...
Command:	PASV
Response:	227 Entering Passive Mode (1,2,3,4,19,233).
Command:	LIST
Response:	150 Opening BINARY mode data connection.
Response:	226 Transfer complete.
Command:	PASV
Response:	227 Entering Passive Mode (1,2,3,4,19,234).
Command:	STOR test.exe
Response:	150 Opening BINARY mode data connection.
Response:	550 The supplied message is incomplete. The signature was not verified. 
Error:	File transfer failed after transferring 1'225'748 bytes in 4 seconds
The connection does established, but if you want to upload any file, the above error appears.

Server 2012 / IIS 8 / With passive mode

@botg, if you need a test account for troubleshooting / reproducing, please contact me :)

Post Reply