IIS SSL Enabled FTP Timeout

Feb 2, 2012 at 3:42 PM

I am wondering if anyone has successfully used this tool with an IIS FTP server. I have tested the server with FileZilla and it works fine but when I try using this project the code hangs and times out with an error.

From FileZilla I get:

Status: Resolving address of dev1
Status: Connecting to 10.10.10.3:21...
Status: Connection established, waiting for welcome message...
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ftpuser
Status: TLS/SSL connection established.
Response: 331 Password required for ftpuser.
Command: PASS **********
Response: 230 User logged in.
Command: SYST
Response: 215 Windows_NT
Command: FEAT
Response: 211-Extended features supported:
Response: LANG EN*
Response: UTF8
Response: AUTH TLS;TLS-C;SSL;TLS-P;
Response: PBSZ
Response: PROT C;P;
Response: CCC
Response: HOST
Response: SIZE
Response: MDTM
Response: REST STREAM
Response: 211 END
Command: OPTS UTF8 ON
Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON.
Command: PBSZ 0
Response: 200 PBSZ command successful.
Command: PROT P
Response: 200 PROT command successful.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (10,10,10,3,221,203).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Response: 226 Transfer complete.
Status: Calculating timezone offset of server...
Command: MDTM a1Test987.xml
Response: 213 20111216165036
Status: Timezone offsets: Server: -18000 seconds. Local: -18000 seconds. Difference: 0 seconds.
Status: Directory listing successful

But when I try the following:

            using (FTPSClient ftpClient = new FTPSClient())
            {
                NetworkCredential credentials = new NetworkCredential(this.FTPUserName, this.FTPPassword);
                try
                {
                     ftpClient.Connect(this.FTPHostName, this.FTPPort, credentials, ESSLSupportMode.ControlAndDataChannelsRequested,
                        new System.Net.Security.RemoteCertificateValidationCallback(MyRemoteCertificateValidation),
                        null, 0, 0, 0, null, true);
                }
                catch (Exception ex)
                {
                    this.Error("Error connecting to FTP server", ex);
                    throw ex;
                }
                IList<AlexPilotti.FTPS.Common.DirectoryListItem> items = ftpClient.GetDirectoryList();
                good = true;

            }

The code goes all the way to the following line (1661 of FTPSClient.cs in the current source from codeplex svn):

             sslStream.AuthenticateAsClient(hostname, clientCertColl, SslProtocols.Default, sslCheckCertRevocation);

Sits there for a while and then times out with the error:

System.IO.IOException: Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

The IIS ftp site logs show this:

#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem sc-status sc-win32-status sc-substatus x-session x-fullpath
2012-02-02 15:32:10 10.111.3.8 - 10.1.8.240 21 ControlChannelOpened - - 0 0 253690a8-da0b-4c0f-bebe-a3ca15152a0c -
2012-02-02 15:32:13 10.111.3.8 - 10.1.8.240 21 AUTH TLS 234 0 0 253690a8-da0b-4c0f-bebe-a3ca15152a0c -

If I run from command:

>ftps -h dev1 -port 21 -U ftpuser -oda -ssl ControlAndDataChannelsRequested -l -v -lf log.txt

I see these in the log.txt file:

220 Microsoft FTP Service
AUTH TLS
234 AUTH command ok. Expecting TLS Negotiation.
QUIT

 

Any ideas of what I am doing wrong here?

Thanks.

Miguel.

Coordinator
Feb 2, 2012 at 10:33 PM

Can you connect to 10.10.10.3:21 or is it natted behid a firewall?

In case you can use the -oda switch.

Coordinator
Feb 2, 2012 at 10:35 PM

Sorry, just noticed that you were already using the -oda switch. Sounds like a SSL/TLS problem.

Feb 3, 2012 at 2:40 PM

Alex thanks for your reply. This is what I have:

Host OS - MAC OSX - FileZilla client works fine here connecting to the server.

VmWare Client OS - Win 7 - FileZilla and ftps fail with the same timeout error.

Could it be that running the code inside a VM is causing the problems?

Is there anything specific that I can look at to trouble shoot SSL/TLS problems?

Thanks.

Coordinator
Feb 3, 2012 at 7:20 PM

No, there's no specific reason about why it should fail in a VM. You might check your firewall and connectivity settings.

Check also if Win 7 is updated to the latest service pack and security updates. 

BTW ftps works also on Mac OS X in case you's like to test it there, you just need to install mono.

 

Best,

Alessandro