25

I am trying to FTP to a new FTP site I setup with IIS 7.0 for the Windows Server Web (64-bit) edition. But I get the above error when I try to login to this site. But I can login to my other FTP sites.

Also, when I select this website from IIS Manager, the FTP section does not display in the middle section although it does display in Action panel. And I cannot successfully login to this FTP site either.

I have checked and I have Log on locally selected. I do not have allow only anonymous connections. I have Access this computer from the network selected.

I restarted my IIS and FTP services also.

The one different thing I noticed about this website in IIS different from the other site that has FTP working is that this one there are 3 virtual directories beneath the site. And that when I click on any one of these 3, then the FTP strip does appear in the center pane. Make sense?

How can I debug cause of this error? Any SW tools I can use?

salvationishere
  • 3,461
  • 29
  • 104
  • 143
  • did you ever get this resolved? – D3vtr0n Apr 08 '11 at 16:35
  • 2
    I dug around the interwebs quite a while trying to figure this out. Low and behold IIS allows me to add an IIS user as an FTP user. NOPE. You have to add a windows domain user and then specify that user in your FTP Authorization rules... So add a user `test` then in the textbox for allow rule you use the radio button for windows user then type `test`. – The Muffin Man Apr 23 '14 at 06:42
  • In my case, I simply entered the wrong password . I found out by looking at the Security event log, that was an entry saying "Unknown user name or invalid password." ("Unbekannter Benutzername oder ungültiges Kennwort." in German). – Uwe Keim Dec 02 '16 at 14:55
  • 1
    God I hate microsoft :@ – RicardoE May 17 '18 at 03:54

18 Answers18

20

Have you tried logging in from the FTP server? If you do this, and have "Show detailed messages from local requests" enabled under FTP Messages, then you'll get a clearer idea as to why the login if failing. In my case I got the following message (I am using IIS Manager Users, and Passthrough authentication)

530-User cannot log in.
 Win32 error:   Access is denied.
 Error details: Filename: \\?\C:\Windows\system32\inetsrv\config\redirection.config
 Error: Cannot read configuration file due to insufficient permissions

To solve this I gave the NETWORK SERVICES user read only access to the config directory specified in the error message. I'm not 100% sure this is the right thing to do, but it certainly fixed this issue for me.

Nigel
  • 1,203
  • 2
  • 11
  • 20
  • I had already gone through much of the troubleshooting in these other answers. After testing local through command line, this is the only thing that worked for me on server 2019 IIS 10. – Brett Spencer Feb 09 '22 at 17:50
16

in my situation, I was missing Role Service FTP extensibility, which is actually allows IIS Manager Auth. This is pretty tricky, as you could allow IIS Manager auth, but still it would not work until you have not installed FTP Extensibility

Anton Kuryan
  • 607
  • 6
  • 20
  • 1
    This was it for me as well. Following a few of the step-by-step guides makes missing that fairly easy. – ccook Aug 04 '17 at 21:50
15

In my case I forgot to enable the Basic authentication

enter image description here

Stefan Michev
  • 4,795
  • 3
  • 35
  • 30
7

There seem to be many different possible causes. In my case, I was unable to login with the plain "username" with the same error as mentioned.

It was solved when I logged in with ".\username" instead.

For some reason the FTP client was trying to login with a domain account, while I just wanted to login with a local computer account.

Hope this helps someone.

Allie
  • 1,081
  • 1
  • 13
  • 17
6

Try submitting your credentials in this format:

UserName: Domain|Username
Password: secretSquirrel
Mark Cidade
  • 98,437
  • 31
  • 224
  • 236
Brad
  • 61
  • 1
  • 1
  • While this may answer the question, providing additional context regarding how and/or why it solves the problem would improve the answer's long-term value. – mech Feb 25 '16 at 00:55
  • I've spent hours trying to get the IIS Manager users to work, and this had the clue I needed to let logins work. Putting the domain name in the front had it going instantly (after doing all the checks of the IIS info blogs etc). – mj2008 Oct 18 '16 at 10:16
2

I had the same problem, I removed the FTP site and followed this:

http://www.iis.net/learn/publish/using-the-ftp-service/configure-ftp-with-iis-manager-authentication-in-iis-7

Prerequisites - I set the permissions on the folders using the 4 command samples but this did not alone fix the issue, so I cannot in good faith say this step is needed, but it is what I did and it now works.

CONFIGURE THE IIS MANAGEMENT SERVICE AND ADD AN IIS 7 MANAGER -

Just do step 4, removing the existing user first and then re-adding them.

Creating a New FTP Site and Configuring an IIS 7 Manager Account -

All the steps here

CONFIGURE THE FTP SITE TO USE IIS 7 MANAGER AUTHENTICATION All 12 steps here, including the "administrator" setting in step 5.

Then it started working for me, I am guessing when I did this without a guide I skipped something simple.

artfulhacker
  • 4,823
  • 1
  • 37
  • 31
  • I did not remove the FTP site or the User before trying this. I had done everything but STEP 2: CONFIGURE THE FTP SITE TO USE IIS 7 MANAGER AUTHENTICATION. Once I enabled the IisManagerAuth provider, the IIS Manager User login started working. Win 2012 R2 - IIS 8.5. – mobill May 12 '16 at 20:09
1

In My case I have made that user a member of IIS_IUSERS.

user2315218
  • 11
  • 1
1

Using IIS Users.

Do not isolate users -> User name directory was working fine. Users started in the right folder.

When I was switching to Isolate Users -> User name Directory I had the following error: 

Response:   530 User cannot log in, home directory inaccessible.
Win32 error: The system cannot find the path specified.

For some reason, you need to add the LocalUser virtual directory that points to your root.

It has to be that exact name and it's case sensitive.

That worked for me.

Etienne Dupuis
  • 13,548
  • 6
  • 47
  • 58
0

I had the exact same error. In my case, I was using a local user defined on the server running FTP. The username was very short (3 characters). I could "run as" this user on the server, confirming that Windows was Ok with it, and allowed it to authenticate. But when testing FTP, it would return User cannot log in.

Solution? I renamed the user to be longer (4 characters). Of course, updated its name under Authorization as well. Then FTP worked. Hope it helps someone!

Sandra
  • 608
  • 2
  • 11
  • 23
0

For me, I've configured the IIS as per usual procedure properly. The anonymous authentication was working but specific user are not.

because, the user accounts were created in IIS. Actually it was also supposed to be created Windows local accounts.

Then it worked.

Krishna Kumar
  • 187
  • 1
  • 17
0

Per this knowledgebase article, you would need the log on locally privilege enabled.

http://support.microsoft.com/kb/200475

Fosco
  • 38,138
  • 7
  • 87
  • 101
0

Please Check the security of folder which is use that ftp . see if the user or group you select for that ftp is associate with security of that folder .

user8010887
  • 1
0

In my case I had to remove domain from user.

So, your user should be like username, not like domain\username.

Hope it helps to somebody.

Vlad Pulichev
  • 3,162
  • 2
  • 20
  • 34
0

For some reason my user was "locked". So I could "unlock" it at local user manager (computer management). Now it works fine. I hope it helps.

Felipe Marques
  • 121
  • 1
  • 2
  • Welcome to Stack Overflow! This does not seem to provide an answer to the question **fully**. To critique or request clarification from an author, leave a comment below their post. If you [earn](//meta.stackoverflow.com/q/146472) sufficient [reputation](//stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](//stackoverflow.com/help/privileges/comment). – Chris Feb 15 '19 at 00:11
0

I would recommend checking FTP logs first. The status code will give you more information about the issue. Here is the explanation of the status codes: The FTP status codes in IIS 7.0 and later versions

I had this issue because my IIS didn't support passive mode. After entering data in FTP Firewall Support module, the issue was solved.

enter image description here

More scenarios from this post 530 User cannot log in, home directory inaccessible

Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.

NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.

Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.

Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.

Community
  • 1
  • 1
Ned
  • 1,055
  • 9
  • 34
  • 58
0

I spent long time looking for a solution, I've tried every shared answer on the internet and nothing could solve the issue. It is an issue I was ignoring for years and I never could fix.

Ok, I've Plesk installed and I'm not sure if it has some effect on IIS FTP to do the following behavior ...

Using Process Monitor tool, and making ftp login request and watching the tool and doing your investigation using this tool, you can get a hint about the REAL reason of the problem.

For me, I found out that IIS FTP was trying to access the ftp folder from a path DIFFERENT than the actual ftp path I've set, I do not know why, but maybe Plesk has some effect on this.

The actual ftp path is

C:\inetpub\vhosts\zidapp

The path that IIS FTP was trying to access DURING the login process is

C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user

I fixed the issue by creating a folder link from 'actual' folder path to the path IIS was trying to access - using the tool mklink tool

CMD command

mklink /d C:\inetpub\vhosts\Servers\7\localuser\zid_app_ftp_user "C:\inetpub\vhosts\zidapp"

I've fixed the issue that way, so wen FTP is trying to access the folder from the wrong path, it is now goes to the correct one.

Please note doing folder shortcut wont work for this, you need a link like linux, not a shortcut ...

I hope it will help you :)

Adel Mourad
  • 1,351
  • 16
  • 13
0

i tried to setup user isolation via FTP User isolation -> User name directory. all over the internet, there is specified to make a mainfolder called LocalUser, with subfolders per Username. Then i got this error: 530 User cannot log in, home directory inaccessible. finally with Processmonitor i was able to capture the problem: capture in ProcessMonitor

In my case FTP was not looking for the C:\FTPS\LocalUser mainfolder, but instead it was looking for C:\FTPS\Hostname which didn't exist ofcourse. is this new in Win2022?

so instead of:

C:\FTPS\LocalUser\Username

use

C:\FTPS\Hostname\Username

Where Hostname is the actual hostname of the server.

WhiteEagle
  • 46
  • 3
-1

You can check the reference account you are using to log in. Mine happened to be locked out causing the 530 error.

rnxfod
  • 907
  • 2
  • 8
  • 14