FTP on IIS is not allowing FTPS connection

Don R

1/7/23, 10:21 PM

I am trying to set up an FTP site on Windows Server 2019/IIS running on an AWS EC2 instance. I have added the FTP service, added an FTP site, installed a TLS certificate and bound it to FTP, and selected the Require SSL connections option under FTP SSL Settings. But I obviously have missed something, because when I try to connect using FTPS (using FileZilla 3.55.1) the server returns the status 534 Local policy on server does not allow TLS secure connections. What does this message mean in this context, and how does one correct it? A Google search has not turned up anything I haven't already tried.

[Edit]
I'm sure this is not a firewall or edge security issue. This is the output I see in FileZilla:

Status:         Resolving address of www.example.com
Status:         Connecting to XX.XX.XX.XX...
Status:         Connection established, waiting for welcome message...
Response:   220 Microsoft FTP Service
Command:    AUTH TLS
Response:   534 Local policy on server does not allow TLS secure connections.
Command:    AUTH SSL
Response:   534 Local policy on server does not allow TLS secure connections.
Status:         Insecure server, it does not support FTP over TLS.

993

0 + 3

iis

ftps

Lex Li

1/8/23, 5:28 AM

The troubleshoot approach can be followed, https://serverfault.com/questions/288234/iis-7-5-ftps-external-access-534-policy-requires-ssl

Don R

1/8/23, 1:54 PM

Thanks, but this is not a firewall or edge security issue (see additional info I've added to the question). The only thing in any of those answers that sounds like it might be helpful is the mention of SSL "on the server" as distinct in some way from on the site, but the link provided for that is for a blog that no longer exists, and I have no idea what it means nor have I had any success in searching the web for clarification.

Don R

1/8/23, 7:59 PM

So I eventually found, by luck, the fact that there is a set of configuration apps that are essentially identical to the site configuration apps, on the *server* node of the tree view in IIS Manager. That seems to be what is meant, and reproducing some of the config at that level resolved the problem, though I'm still not sure exactly which change it was that made it work.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: FTP on IIS is not allowing FTPS connection

TH: FTP บน IIS ไม่อนุญาตให้เชื่อมต่อ FTPS

RO: FTP pe IIS nu permite conexiunea FTPS

RU: FTP на IIS не разрешает FTPS-соединение

VI: FTP trên IIS không cho phép kết nối FTPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.