Answered by:
File upload fails in FTP 7.5, getting error 550

Question
-
User-117341026 posted
I have recently setup a FTP server using FTP for IIS 7.5. The server requires TLS connection. While creating new folders, renaming and deleting files are successful, uploading files result in Error "550 The supplied message is incomplete. The signature was not verified.". This is the first time I see this error and I have no idea how to fix it. What do I need to do to fix it?
Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: AUTH TLS Response: 234 AUTH command ok. Expecting TLS Negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER XXXX Status: TLS/SSL connection established. Response: 331 Password required for friend. Command: PASS *************** Response: 230 User logged in. Command: OPTS UTF8 ON Response: 200 OPTS UTF8 command successful - UTF8 encoding now ON. Command: PBSZ 0 Response: 200 PBSZ command successful. Command: PROT P Response: 200 PROT command successful. Status: Connected Status: Starting upload of C:\xxx\FileZilla_3.3.1_win32-setup.exe Command: CWD / Response: 250 CWD command successful. Command: PWD Response: 257 "/" is current directory. Command: TYPE I Response: 200 Type set to I. Command: PASV Response: 227 Entering Passive Mode. Command: STOR FileZilla_3.3.1_win32-setup.exe Response: 125 Data connection already open; Transfer starting. Response: 550 The supplied message is incomplete. The signature was not verified. Status: Retrieving directory listing... Command: PASV Response: 227 Entering Passive Mode. Command: LIST Response: 150 Opening BINARY mode data connection. Response: 226 Transfer complete. Status: Directory listing successful
Saturday, January 9, 2010 3:13 AM
Answers
-
User-117341026 posted
The problem has been resolved, it is related to TLS 1.1 and/or TLS 1.2. After disabling TLS 1.1 and TLS 1.2, connection with FileZilla is now fine.
- Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
Saturday, January 23, 2010 12:07 PM
All replies
-
User-117341026 posted
It seems that FileZilla (or some commands/connection methods used by FileZilla) is causing the problem, becuase the error does not occur with Core FTP LE.
Welcome to Core FTP, release ver 2.1, build 1637 (U) -- © 2003-2010 WinSock 2.0 Mem -- 4,183,628 KB, Virt -- 2,097,024 KB Started on Sunday January 10, 2010 at 14:27:PM Resolving DNS Connect socket #932 to xxx.xxx.xxx.xxx, port 21... 220 Microsoft FTP Service AUTH TLS 234 AUTH command ok. Expecting TLS Negotiation. TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit USER friend 331 Password required for xxx. PASS ********** 230 User logged in. SYST 215 Windows_NT Keep alive off... PWD 257 "/" is current directory. PBSZ 0 200 PBSZ command successful. PROT P 200 PROT command successful. PASV 227 Entering Passive Mode. LIST Connect socket #964 to xxx.xxx.xxx.xxx, port 57507... TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit 150 Opening ASCII mode data connection. 226 Transfer complete. Transferred 185 bytes in 0.011 seconds PWD 257 "/" is current directory. TYPE I 200 Type set to I. PASV 227 Entering Passive Mode. STOR TurboBoostSetup.exe Connect socket #1076 to xxx.xxx.xxx.xxx, port 57585... 150 Opening BINARY mode data connection. TLSv1, cipher TLSv1/SSLv3 (AES128-SHA) - 128 bit 226 Transfer complete. TurboBoostSetup.exe - 19275432 bytes transferred MDTM 20100108045438 TurboBoostSetup.exe 213 20100108045438 Transfer time: 00:00:01 QUIT 221 Goodbye.
The FTP log also shows a non-0 Windows status for those 550 error:
2010-01-10 06:22:45 [c-ip] [cs-username] [s-ip] 56723 DataChannelOpened - - 0 0 e28d12a4-f0d7-4420-a66c-3a7c1497ea12 - 2010-01-10 06:22:45 [c-ip] [cs-username] [s-ip] 56723 DataChannelClosed - - 2148074264 0 e28d12a4-f0d7-4420-a66c-3a7c1497ea12 - 2010-01-10 06:22:45 [c-ip] [cs-username] [s-ip] 21 STOR FileZilla_3.3.1_win32-setup.exe 550 2148074264 0 e28d12a4-f0d7-4420-a66c-3a7c1497ea12 /FileZilla_3.3.1_win32-setup.exe
Sunday, January 10, 2010 1:41 AM -
User1138193213 posted
The 2148074264 error is 0x80090318, which is the SSL Error code SEC_E_INCOMPLETE_MESSAGE, and the description for that is the error text that you are seeing: "The supplied message is incomplete. The signature was not verified."
That being said, I've used FileZilla with FTPS for some time now, so the problem isn't just FileZilla - it's some combination of factors in this scenario. With that in mind, what SSL certificate are you using? (e.g. Self-Signed, Verisign, etc.) Are there any servers between the FTP client and FTP server? (e.g. Are you locating your FTP server behind a firewire server like ISA server? Are you using the built-in Windows Firewall service on the FTP server?)
I would assume that you are not using some sort of firewall service on the client that might be trying to do stateful inspection of FTP traffic that's failing the data channel, otherwise you would not be seeing directory listings in FileZilla, but it's still a good thing to check to make sure that FileZilla has been configured to work through your client's firewall or any Internet security software.
Thursday, January 14, 2010 1:18 PM -
User-117341026 posted
The built-in Windows Firewall service is protecting the FTP Server. The server is directly connected to the internet. The certificate is self-signed and generated by markcert.exe in Program Files\Microsoft SDKs\Windows\v6.0A\Bin. FileZilla is working with another non-IIS FTPS.
This combination was working in Windows 7 RC.
Sunday, January 17, 2010 1:39 AM -
User-117341026 posted
The problem has been resolved, it is related to TLS 1.1 and/or TLS 1.2. After disabling TLS 1.1 and TLS 1.2, connection with FileZilla is now fine.
- Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
Saturday, January 23, 2010 12:07 PM -
User936683659 posted
The problem still persists on my server. Disabling TLS 1.1 and TLS 1.2 is no good solution regarding to the BEAST attack. What else can be done?
Update:
I did the following to resolve the issue on IIS 7.5 and get protected against the BEAST attack:
- disable SSL 2.0
- enable TLS 1.1
- enable TLS 1.2
- set the cipher priority to prioritize RC4
Have a look at this: http://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
Thursday, January 19, 2012 4:02 AM -
User-1672167363 posted
Hi,
Did you check the support links http://support.microsoft.com/kb/2643584
and latest Security Bulletin http://technet.microsoft.com/en-us/security/bulletin/ms12-006 ?
Regards,
Martin
Thursday, January 19, 2012 8:50 AM -
User1247989282 posted
I did the following to resolve the issue on IIS 7.5 and get protected against the BEAST attack:
- disable SSL 2.0
- enable TLS 1.1
- enable TLS 1.2
- set the cipher priority to prioritize RC4
Have a look at this: http://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx
Thanks bobbel78 !
I had the same problem, and your solution works perfectly, even with IIS 8 on Windows Server 2012.
A reboot is required after these modifications.
Wednesday, April 24, 2013 2:19 PM -
User-827746226 posted
Hi ther, Can you help me with this issue? Where will i disable the TLS 1.1/TLS 1.2 on the server or the FileZilla client?
TIA
Saturday, November 16, 2013 3:33 PM