Cyberduck Mountain Duck CLI

#8002 closed defect (worksforme)

Upload to Windows 2008 IIS FTP Fails Without Error

Reported by: Ctruxaw Owned by:
Priority: normal Milestone:
Component: ftp Version: 4.4.4
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description (last modified by Ctruxaw)

Uploading to IIS 7 on Windows 2008 results in the Cyberduck log saying that the upload is complete, but the file is immediately deleted (and not shown when LIST is called). This does not work in 4.4.4

This issue only occurs when TLS 1.1 and 1.2 are enabled in Windows 2008. Both are disabled by default, but can be enabled using the registry. To enable such, see: http://www.adminhorror.com/2011/10/enable-tls-11-and-tls-12-on-windows_1853.html

Change History (11)

comment:1 Changed on Jun 9, 2014 at 5:30:00 PM by dkocher

Can you please post the transcript from the log drawer (⌘-L) of the Transfers window.

comment:2 Changed on Jun 9, 2014 at 6:13:25 PM by Ctruxaw

Here is the log:

220 Microsoft FTP Service
AUTH TLS
234 AUTH command ok. Expecting TLS Negotiation.
USER username
331 Password required for username.
PASS ********
230 User logged in.
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
FEAT
211-Extended features supported:
 LANG EN*
 UTF8
 AUTH TLS;TLS-C;SSL;TLS-P;
 PBSZ
 PROT C;P;
 CCC
 HOST
 SIZE
 MDTM
 REST STREAM
211 END
OPTS UTF8 ON
200 OPTS UTF8 command successful - UTF8 encoding now ON.
SYST
215 Windows_NT
PWD
257 "/" is current directory.
CWD /
250 CWD command successful.
TYPE A
200 Type set to A.
PORT ''REDACTED''
501 Server cannot accept argument.
PASV
227 Entering Passive Mode (''REDACTED'').
LIST -a
125 Data connection already open; Transfer starting.
226 Transfer complete.
CWD /
250 CWD command successful.
TYPE A
200 Type set to A.
PORT ''REDACTED''
501 Server cannot accept argument.
PASV
227 Entering Passive Mode (''REDACTED'').
LIST
125 Data connection already open; Transfer starting.
226 Transfer complete.
NOOP
200 NOOP command successful.
CWD /
250 CWD command successful.
TYPE A
200 Type set to A.
PORT ''REDACTED''
501 Server cannot accept argument.
PASV
227 Entering Passive Mode (''REDACTED'').
LIST -a
125 Data connection already open; Transfer starting.
226 Transfer complete.
CWD /
250 CWD command successful.
TYPE A
200 Type set to A.
PORT ''REDACTED''
501 Server cannot accept argument.
PASV
227 Entering Passive Mode (''REDACTED'').
LIST
125 Data connection already open; Transfer starting.
226 Transfer complete.

As you can see, it says "Transfer complete". In fact, if the upload is a large file, I can see the file on the server being created and starting to be populated with data. Then, as soon as the transfer completes, the file disappears and is no longer listed in the file system or by CyberDuck. It's like something is failing at the last second causing the file to be deleted because IIS thinks the transfer failed.

comment:3 Changed on Jun 9, 2014 at 9:34:47 PM by dkocher

  • Resolution set to worksforme
  • Status changed from new to closed

Make sure to set the connect mode to Passive.

comment:4 Changed on Jun 9, 2014 at 9:34:54 PM by dkocher

  • Component changed from core to ftp

comment:5 follow-ups: Changed on Jun 10, 2014 at 1:02:03 AM by Ctruxaw

Yes, of course Passive connection mode was being used.

Sniffing things out, the issue appears to be something related to TLS 1.1 / 1.2 usage not being compatible with Windows Server.

I'd appreciate you reopening this ticket and looking at the issue again with TLS 1.1 / 1.2 being enabled on Windows 2008 R2, see: http://www.adminhorror.com/2011/10/enable-tls-11-and-tls-12-on-windows_1853.html

comment:6 Changed on Jun 10, 2014 at 1:12:29 AM by Ctruxaw

  • Description modified (diff)
  • Resolution worksforme deleted
  • Status changed from closed to reopened

comment:7 in reply to: ↑ 5 Changed on Jun 10, 2014 at 7:57:11 AM by dkocher

Replying to Ctruxaw:

Yes, of course Passive connection mode was being used.

I see that a passive data connection is only used as a fallback after the PORT command (active data connection) fails. Check your settings in Network → Advanced... → Proxies → Use Passive FTP Mode (PASV) and the bookmark setting Connect Mode.

Last edited on Jun 10, 2014 at 7:57:23 AM by dkocher (previous) (diff)

comment:8 in reply to: ↑ 5 Changed on Jun 10, 2014 at 7:58:20 AM by dkocher

Replying to Ctruxaw:

Sniffing things out, the issue appears to be something related to TLS 1.1 / 1.2 usage not being compatible with Windows Server.

If this was a TLS issue the connection would fail much earlier. From the transcript above, the TLS negotiation succeeds.

comment:9 Changed on Jun 10, 2014 at 9:44:55 AM by dkocher

  • Resolution set to worksforme
  • Status changed from reopened to closed

comment:10 follow-up: Changed on Jun 10, 2014 at 4:09:06 PM by Ctruxaw

This appears to be an issue no isolated to Cyberduck. If I disable TLS 1.1 / 1.2, the upload works just fine. Reenabling, it fails.

It appears to be a variant of: http://support.microsoft.com/kb/2888853 But for Windows 2008 R2, not 2012. Yes, the initial TLS negotiation works. But the upload TLS connection appears to be the issue.

I'm using the Windows version, so there is now "Network - Advanced" section. I assure you the bookmark is set to use Passive. It's possible the log I provided was from when it was in active mode, while trying various things to resolve the issue. But I've also tried it in passive without success.

I've opened a ticket with Microsoft, but I can't help but wonder if there is a way to mitigate this client side.

comment:11 in reply to: ↑ 10 Changed on Jun 11, 2014 at 8:04:40 AM by dkocher

Replying to Ctruxaw:

I'm using the Windows version, so there is now "Network - Advanced" section. I assure you the bookmark is set to use Passive. It's possible the log I provided was from when it was in active mode, while trying various things to resolve the issue. But I've also tried it in passive without success.

Passive mode is the default when running Cyberduck on Windows and can be overridden in the bookmark setting.

Note: See TracTickets for help on using tickets.
swiss made software