I am attempting a FTP connection, Require Implicit FTP over TLS, cannot connect using the ftptransferWinform client. .

0 votes
asked Feb 16 by DavidB (120 points)

14:00:51.093 Debug Proxy: Resolving '******'.
14:00:51.093 Debug Proxy: Connecting to none proxy at *******:990.
14:00:51.170 Debug Info: Connection succeeded.
14:00:51.170 Debug Info: Upgrading control connection to TLS/SSL.
14:00:51.170 Info TLS: State StateChange:Negotiating
14:00:51.170 Debug TLS: HandshakeMessage:ClientHello was sent.
14:00:51.229 Debug TLS: HandshakeMessage:ServerHello was received.
14:00:51.245 Info TLS: Using TLS 1.2.
14:00:51.245 Debug TLS: The server supports secure renegotiation.
14:00:51.245 Debug TLS: HandshakeMessage:Certificate was received.
14:00:51.245 Debug TLS: HandshakeMessage:ServerKeyExchange was received.
14:00:51.245 Debug TLS: HandshakeMessage:ServerHelloDone was received.
14:00:51.245 Debug TLS: Verifying server certificate (**********************).
14:00:51.276 Debug TLS: Certificate verification result: Accept
14:00:51.276 Debug TLS: Using ephemeral ECDH public key exchange with NIST P-256 curve.
14:00:51.276 Debug TLS: HandshakeMessage:ClientKeyExchange was sent.
14:00:51.276 Debug TLS: CipherSpec:ChangeCipherSpec was sent.
14:00:51.276 Debug TLS: HandshakeMessage:Finished was sent.
14:00:51.341 Debug TLS: CipherSpec:ChangeCipherSpec was received.
14:00:51.341 Debug TLS: HandshakeMessage:Finished was received.
14:00:51.341 Info TLS: State StateChange:Secured
14:00:51.341 Info TLS: Connection secured using cipher: TLS 1.2, RSA with ephemeral Elliptic Curve Diffie-Hellman, AES with 256-bit key in CBC mode, SHA384
14:00:51.341 Debug TLS: Session ID:
0000 |B9-33-00-00-D9-86-72-CD 35-EA-A9-61-8B-F4-CD-D9| .3....r.5..a....
0010 |13-4C-5F-C8-94-7F-A7-7F D6-3C-27-85-DD-2D-48-6E| .L_......<'..-Hn
14:00:51.341 Debug Info: Control connection upgraded to TLS/SSL.
14:00:51.341 Info Response: 220 Microsoft FTP Service
14:00:51.387 Info Command: USER **********
14:00:51.460 Info Response: 331 Password required
14:00:51.460 Info Command: PASS **********
14:00:54.028 Info Response: 530 User cannot log in.
14:00:54.029 Error Info: Rebex.Net.FtpException: User cannot log in (530).
at Rebex.Net.Ftp.IH(String D, String J, String L)
14:00:54.030 Debug TLS: Closing TLS socket.
14:00:54.030 Info TLS: Alert Alert:Alert was sent.
14:00:54.030 Info TLS: State StateChange:Closed

I have used verbose logging and found the password is the correct one.

commented Feb 19 by Lukas Matyska (47,950 points)
Are you able to log in to the server (with the same user and password ) using other FTP/SSL client (e.g. FileZilla, WinSCP, Cyberduck)?

Can you please check that the client certificate is not required by the server (in server settings)?
commented Feb 19 by DavidB (120 points)
I am able to log in with filezilla, i do put a certificate in Filezilla when setting it up.  I can move files successfully in filezilla.  
connection log filezilla:

Resolving address of ******.****.com
Status:    Connecting to ***.***.***.***:990...
Status:    Connection established, initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established, waiting for welcome message...
Response:    220 Microsoft FTP Service
Command:    USER mookstr_syn_walmart
Response:    331 Password required
Command:    PASS ********
Response:    230 User logged in.
Command:    SYST
Response:    215 Windows_NT
Command:    FEAT
Response:    211-Extended features supported:
Response:     LANG EN*
Response:     UTF8
Response:     AUTH TLS;TLS-C;SSL;TLS-P;
Response:     PBSZ
Response:     PROT C;P;
Response:     CCC
Response:     HOST
Response:     SIZE
Response:     MDTM
Response:     REST STREAM
Response:    211 END
Command:    OPTS UTF8 ON
Response:    200 OPTS UTF8 command successful - UTF8 encoding now ON.
Command:    PBSZ 0
Response:    200 PBSZ command successful.
Command:    PROT P
Response:    200 PROT command successful.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful
Status:    Connection closed by server
Status:    Resolving address of *******.******.com
Status:    Connecting to ***.***.***.***:990...
Status:    Connection established, initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established, waiting for welcome message...
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful
commented Feb 19 by DavidB (120 points)
Just put filezilla on a different machine, and when connecting to the server I get a Unknown Certificate warning.  
after I trust the certificate then I get connection,  How do i accept the certificate in Rebex is the question i think.
commented Feb 19 by Lukas Matyska (47,950 points)
It seems that the problem is not related to the certificate. The "Unknown Certificate warning." refers to server certificate, not the client one.

In Rebex log we can see that the TLS was successfully established, so the server certificate was validated and accepted.

Please, check 4 things:

1. you are connecting to the same server (same IP address).
  In Rebex log, line: Connecting to none proxy at *******:990.
  In FileZilla log, line:  Connecting to ***.***.***.***:990...
2. you are using the same username
3. you are using the same password
4. username and password contains only ASCII characters (non-ASCII characters can be encoded differently)

Please, let us know the result.
commented Feb 19 by DavidB (120 points)
You were correct that the user name was misspelled.   I hate computers.   Now I can go see why i am having trouble in my code.  See what else I messed up that day.  I had looked hard at these already.

1 Answer

0 votes
answered Feb 20 by Lukas Matyska (47,950 points)

OK, great that you were able to find the cause of the issue.

...