IIS FTP on domain will not authenticate with local user accounts.

Karl Pedersen 5 Reputation points
2024-02-13T20:43:19.18+00:00

I need to setup an FTP server on my domain to replace an old one. Server is 2019 and I configured standard IIS with FTP without issue (no isolation) and Basic Authentication. I can connect via FTP on port 21 using my domain account. I created a local computer account to the server and gave it Modify on the FTP root folder, but everytime I try to logon with the local user and password I get: 220 Microsoft FTP Service 200 OPTS UTF8 command successful - UTF8 encoding now ON. User (x.x.x.x:(none)): ftpupload 331 Password required Password: 530 User cannot log in. Login failed. ftp> I've tried changing permissions, resetting password setting to logon as service and can not figure it out.

Windows development Internet Information Services
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2024-02-14T02:08:06.44+00:00

    Hi @Karl Pedersen,

    While trying to connect to your FTP server hosted by IIS, there might be a few reasons for running into this error you are currently experiencing.

    Here are the most common root causes and their solutions:

    • The user may not be have access to the home directory. Go to “IIS > FTP site > FTP User Isolation”. Select the directory that your users can access. More information about User Isolation settings
    • IIS may not be configured to use passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data. In order to use passive mode, enter a port range and IP address in “IIS > Server name > FTP Firewall Support” page.
    • Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
    • NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access. 
    • Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active. 
    • Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights. 

    Please check whether the above situations are the same or similar to your problem. If you are still seeing the issue, check IIS and FTP logs (c:\inetpub\logs\LogFiles\FTPSVC2).

    Best regards,

    Xudong Peng


    If the answer is the right solution, please click "Accept Answer" and kindly upvote. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.