locked
I receive 530 User FTPUser cannot log in, home directory inaccessible error RRS feed

  • Question

  • User-1067248718 posted

    Hi,

    I am new to Windows Server 2008 R2 64Bits OS.  I created FTP site role in Server Manager and set up a specific directory for FTPUser on D:\FTPData folder.  Only FTPUser can send/receive data on this directory.  I granted Read and Update permission to this user in FTP site and the physical directory.  When I FTP to the server using this account, I am getting "530 User FTPUser cannot log in, home directory inaccessible." error.  I searched around this forums and I am unable to get a clear answer.  It appears I need to create a home directory for the FTPUser but don't know exactly where it should be created and how.  What did I miss?

    There is a new FTP mode called "Isolate users".  If we only allow this FTPUser to FTP files onto the server.  How to set it up properly? 

    Please advise and thanks in advance!

    Saturday, March 23, 2013 2:50 PM

Answers

  • User-1067248718 posted

    Jamie,

    It may be related to Firewall but not sure where to set.  I am able to FTP the TestMe.txt file on the FTP folder locally on the server.  Here is the FTP session message for your reference.  I even added port 21 by using the command from the link you sent.  I added: netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21.

    I was able to FTP when I connected to the server directly but not outside the server from the client PC.

    D:\Temp>ftp vmsvr34 Connected to VMSVR34.nationalstoresinc.com. 220-Microsoft FTP Service 220 MID 5.0 FTP Site. User (VMSVR34.nationalstoresinc.com:(none)): vmsvr34\FTPService 331 Password required for vmsvr34\FTPService. Password: 230-Welcome to MID 5.0 Application. 230 User logged in. ftp> dir 200 EPRT command successful. 125 Data connection already open; Transfer starting. 03-24-2013  03:03PM       <DIR>          FTPService 226 Transfer complete. ftp: 53 bytes received in 0.00Seconds 53000.00Kbytes/sec. ftp> put TestMe.txt 200 EPRT command successful. 125 Data connection already open; Transfer starting. 226 Transfer complete. ftp: 14 bytes sent in 0.00Seconds 14000.00Kbytes/sec. ftp> bye 221 Good Bye.

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Sunday, March 24, 2013 6:08 PM

All replies

  • User-218459230 posted

    Hi Brian,

    This definately sounds like a permissions issue on the user FTP home directory.

    If you would like a hand tracking down the permissions issue the following guide by Steve Schofield should help you.

    http://www.iislogs.com/steveschofield/530-user-cannot-log-in-home-directory-inaccessible-ftp-7-0-user-isolation-and-process-monitor

    Here's a good walkthrough on setting up a basic FTP site.

    http://support.orcsweb.com/KB/a338/create-an-iis-75-ftp-site-windows-server-2008-r2.aspx

    And here's a good walkthrough on setting up FTP with User Isolation:

    http://www.orcsweb.com/blog/terri/how-to-set-up-ftp-access-for-multiple-users-with-user-isolation/

    Saturday, March 23, 2013 3:14 PM
  • User-1067248718 posted

    Hi Jamie,

    Thanks for the fast response.  I appreciate you shared the information to me.  I followed the linke http://support.orcsweb.com/KB/a338/create-an-iis-75-ftp-site-windows-server-2008-r2.aspx you provided to setup the FTP site with two virtual directories.  One on C:\Inetpub\ftproot and the other on the FTPUser own FTP folder which is on D:\FTPUser.  I am able to connect to the server by using the FTPUser account.  However, when I send a file from my PC to the server I am getting "550 myfile.txt: Access is denied" error.  I looked at the FTP log on the server.  It is "Created myfile.txt 550 5."  I am not sure what it means.  In addition, when I run dir command after I established the FTP connection to the server, the server never response back to the prompt and it hangs until I pressed CRTL-C.

    I am unable to follow the second link which shows the User Isolation on the server.  It appears the FTP User Isolation in Windows 2008 Enterprise R2 server has been changed.  I am no longer be able to find the right hand side icons like FTP User Isolation.  The entire MainFTP Home section is not available.  The server asked me to launch the IIS 6.0 Manager which is similar to the old date FTP setting.

    Any ideas?

    Thanks,

    Brian.

     

    Sunday, March 24, 2013 1:26 AM
  • User-218459230 posted

    Hi Brian,

    The 550 error is usually a permissions issue. You can take the following steps to grant the user NTFS permissions on the folder.

    •  In IIS Manager select the FTP Site, then right click and select "Edit Permissions".  This will open the folder's properties dialog. 
    • Select the Security tab and click the Edit button to change the permissions. 
    • Click the Add button to add the FTPUser to the ACL and give the user at least Modify permission to the directory. 

    Now that you have granted the user NTFS permissions to their home folder, transfer some files to the FTP site again to see if this has resolved the issue.

    Sunday, March 24, 2013 11:05 AM
  • User-1067248718 posted
    Hi Jamie, I found out what happened after reading your advice. It turns out Windows server 2008 R2 does not come with FTP 7.0 installation package. If I turned on FTP within Server Manager role, it installed FTP 6.0 on the server. I never saw the FTP authentication and User Isolation information in the FTP site setting. Once I uninstall FTP 6.0, download FTP 7.0 package, and install on the server directly, I saw all the setting mentioned in the links your referred to. Now that I pass the login error and able to connect to the FTP site. However, I have two new issues. 1) When I perform DIR command, there is nothing return from the server. It appears the server did not get my command requested. 2) When I upload a file with "put myfile.txt", it just hang there forever without error. I do not see the file being FTPed to the server and no error on the FTP. I have checked the user have proper modify permission on the folder. In fact, my login has domain admin credential, I have the same problem. Any idea? Thanks, Brian.
    Sunday, March 24, 2013 2:13 PM
  • User-218459230 posted

    Hi Brian,

    You could check the FTP logs for clues.  They are stored in C:\inetpub\logs\LogFiles by default.  If you post the log here, we may be able to help troubleshoot the issue.

    This may be caused by the firewall blocking the FTP communication.  Here's a good post regarding configuring tht firewall for FTP.

    http://www.iis.net/learn/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7

     

    Sunday, March 24, 2013 2:48 PM
  • User-1067248718 posted

    2013-03-24 21:34:12 10.70.225.33 - 10.5.80.238 21 ControlChannelOpened - - 0 0 dd1fa20e-1604-4fc8-abfd-601e3ede9593 - 2013-03-24 21:34:15 10.70.225.33 - 10.5.80.238 21 USER FTPService 331 0 0 dd1fa20e-1604-4fc8-abfd-601e3ede9593 - 2013-03-24 21:34:19 10.70.225.33 - 10.5.80.238 21 PASS *** 530 1326 41 dd1fa20e-1604-4fc8-abfd-601e3ede9593 - 2013-03-24 21:34:24 10.70.225.33 - 10.5.80.238 21 QUIT - 221 0 0 dd1fa20e-1604-4fc8-abfd-601e3ede9593 - 2013-03-24 21:34:24 10.70.225.33 - 10.5.80.238 21 ControlChannelClosed - - 0 0 dd1fa20e-1604-4fc8-abfd-601e3ede9593 - 2013-03-24 21:34:27 10.70.225.33 - 10.5.80.238 21 ControlChannelOpened - - 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 - 2013-03-24 21:34:34 10.70.225.33 - 10.5.80.238 21 USER vmsvr34\FTPService 331 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 - 2013-03-24 21:34:38 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 PASS *** 230 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 / 2013-03-24 21:34:40 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 PORT 10,70,225,33,219,255 200 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 - 2013-03-24 21:35:01 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 LIST - 550 4294967295 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 / 2013-03-24 21:35:10 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 QUIT - 221 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 - 2013-03-24 21:35:10 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 ControlChannelClosed - - 0 0 d5b28ff2-5c7b-4b2b-aa78-a3ed9ef82613 - 2013-03-24 21:35:12 10.70.225.33 - 10.5.80.238 21 ControlChannelOpened - - 0 0 88b89da9-9ded-4de8-936f-17cbd56b2c18 - 2013-03-24 21:35:19 10.70.225.33 - 10.5.80.238 21 USER vmsvr34\FTPService 331 0 0 88b89da9-9ded-4de8-936f-17cbd56b2c18 - 2013-03-24 21:35:24 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 PASS *** 230 0 0 88b89da9-9ded-4de8-936f-17cbd56b2c18 / 2013-03-24 21:35:31 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 QUIT - 221 0 0 88b89da9-9ded-4de8-936f-17cbd56b2c18 - 2013-03-24 21:35:31 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 ControlChannelClosed - - 0 0 88b89da9-9ded-4de8-936f-17cbd56b2c18 - 2013-03-24 21:35:41 10.70.225.33 - 10.5.80.238 21 ControlChannelOpened - - 0 0 0b388797-1967-4cd2-a159-9f84a10da559 - 2013-03-24 21:35:47 10.70.225.33 - 10.5.80.238 21 USER vmsvr34\FTPService 331 0 0 0b388797-1967-4cd2-a159-9f84a10da559 - 2013-03-24 21:35:51 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 PASS *** 230 0 0 0b388797-1967-4cd2-a159-9f84a10da559 / 2013-03-24 21:35:59 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 PORT 10,70,225,33,220,4 200 0 0 0b388797-1967-4cd2-a159-9f84a10da559 - 2013-03-24 21:36:20 10.70.225.33 VMSVR34\FTPService 10.5.80.238 21 STOR mod10.c 550 4294967295 0 0b388797-1967-4cd2-a159-9f84a10da559 /mod10.c

    Here is the FTP command line.  Notice that I never get the FTP prompt back after upload the mod10.c file.  File never gets to the server neither.

    C:\Temp>ftp vmsvr34 Connected to vmsvr34.nationalstoresinc.com. 220-Microsoft FTP Service 220 MID 5.0 FTP Site. User (vmsvr34.nationalstoresinc.com:(none)): vmsvr34\FTPService 331 Password required for vmsvr34\FTPService. Password: 230-Welcome to MID 5.0 Application. 230 User logged in. ftp> put mod10.c 200 PORT command successful. 150 Opening ASCII mode data connection.

     

    Brian.

    Sunday, March 24, 2013 5:44 PM
  • User-1067248718 posted

    Jamie,

    It may be related to Firewall but not sure where to set.  I am able to FTP the TestMe.txt file on the FTP folder locally on the server.  Here is the FTP session message for your reference.  I even added port 21 by using the command from the link you sent.  I added: netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21.

    I was able to FTP when I connected to the server directly but not outside the server from the client PC.

    D:\Temp>ftp vmsvr34 Connected to VMSVR34.nationalstoresinc.com. 220-Microsoft FTP Service 220 MID 5.0 FTP Site. User (VMSVR34.nationalstoresinc.com:(none)): vmsvr34\FTPService 331 Password required for vmsvr34\FTPService. Password: 230-Welcome to MID 5.0 Application. 230 User logged in. ftp> dir 200 EPRT command successful. 125 Data connection already open; Transfer starting. 03-24-2013  03:03PM       <DIR>          FTPService 226 Transfer complete. ftp: 53 bytes received in 0.00Seconds 53000.00Kbytes/sec. ftp> put TestMe.txt 200 EPRT command successful. 125 Data connection already open; Transfer starting. 226 Transfer complete. ftp: 14 bytes sent in 0.00Seconds 14000.00Kbytes/sec. ftp> bye 221 Good Bye.

     

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Sunday, March 24, 2013 6:08 PM
  • User-1067248718 posted

    Jamie,

    Thanks for your help.  I was able to make it to work.  I need to open up FTP and port on my PC to receive the response from the server.  Microsoft turned on more security features on their newer FTP program.

    Thanks again.

    Brian.

    Sunday, March 24, 2013 6:47 PM