%3CLINGO-SUB%20id%3D%22lingo-sub-994530%22%20slang%3D%22de-DE%22%3ESubject%3A%20FTP%20%22530%20User%20cannot%20log%20in%22%20error%20and%20solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-994530%22%20slang%3D%22de-DE%22%3E%3CP%3Edoes%20not%20work%20for%20me%2C%20the%20server%20responds%20no%20longer%20accepts%20changes%20in%20authorization%20whether%20standard%20or%20anonymous.%20no%20matter%20which%20configuration%20is%20selected.%20neither%20virtual%20directories%20nor%20static%20directories%20are%20possible.%3C%2FP%3E%3CP%3Eserver%20service%20restarted%20several%20times%2C%20unfortunately%20not%20possible%20to%20uninstall.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-995285%22%20slang%3D%22en-US%22%3ERe%3A%20FTP%20%E2%80%9C530%20User%20cannot%20log%20in%E2%80%9D%20error%20and%20solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-995285%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F451539%22%20target%3D%22_blank%22%3E%40Peter_Herzog%3C%2FA%3E%2C%20thanks%20for%20sharing%20your%20testing%20result.%20Please%20create%20a%20support%20request%20so%20that%20we%20can%20analyze%20IIS%20and%20FTP%20logs%20for%20further%20troubleshooting%3A%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-ca%2Fhub%2F4343728%2Fsupport-for-business%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-ca%2Fhub%2F4343728%2Fsupport-for-business%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1035430%22%20slang%3D%22en-US%22%3ERe%3A%20FTP%20%E2%80%9C530%20User%20cannot%20log%20in%E2%80%9D%20error%20and%20solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1035430%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F451539%22%20target%3D%22_blank%22%3E%40Peter_Herzog%3C%2FA%3E%20%3APlease%20allowthe%20svc%20host%20process%20in%26nbsp%3B%20the%20ftp%20server%20firewall.%20Allow%20the%20tcp%20port%2021%20and%20other%20passive%20ports%20which%20you%20have%20defined%20like%205000-6000%20in%20ftp%20server%20inbound%20and%20port%2020%20and%20passive%20ports%20on%20ftp%20server%20windows%20firewall%20outbound.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAllow%20the%20same%20in%20network%20firewall%20or%20any%20other%20nsg%2C%20then%20it%20should%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-364570%22%20slang%3D%22en-US%22%3EFTP%20%E2%80%9C530%20User%20cannot%20log%20in%E2%80%9D%20error%20and%20solution%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364570%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20trying%20to%20connect%20to%20your%20FTP%20server%20hosted%20by%20IIS%2C%20you%20may%20run%20into%20%E2%80%9C%3CSTRONG%3E530%20User%20cannot%20log%20in%2C%20home%20directory%20inaccessible%3C%2FSTRONG%3E%E2%80%9D%20error.%20This%20error%20occurs%20whether%20you%20are%20using%20anonymous%20access%20or%20basic%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20sample%20connection%20log%20from%20an%20FTP%20client%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%0A%3CP%3E530%20User%20cannot%20log%20in%2C%20home%20directory%20inaccessible.%3CBR%20%2F%3ECritical%20error%3A%20Could%20not%20connect%20to%20server%3C%2FP%3E%0A%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22post16.png%22%20style%3D%22width%3A%20638px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F86516i5E8B98435858834B%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22post16.png%22%20alt%3D%22post16.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20issue%20may%20appear%20as%20%E2%80%9CFailed%20to%20retrieve%20directory%20listing%E2%80%9D%20or%20%E2%80%9CHome%20directory%20inaccessible%E2%80%9D%20error%20as%20well.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDepending%20on%20the%20FTP%20client%2C%20you%20may%20not%20see%20the%20detailed%20error%20message%20right%20away.%20For%20instance%2C%20when%20I%20tried%20to%20connect%20to%20the%20same%20site%20with%20the%20same%20configuration%20by%20using%20WinSCP%2C%20I%20received%20%E2%80%9CAccess%20Denied%E2%80%9D%20error.%20If%20your%20FTP%20client%20doesn%E2%80%99t%20show%20the%20entire%20connection%20history%2C%20look%20for%20the%20log%20folder%20to%20get%20more%20information%20about%20the%20root%20cause.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1705686368%22%20id%3D%22toc-hId-1705686368%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId--846470593%22%20id%3D%22toc-hId--846470593%22%3ESolution%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20might%20be%20a%20few%20reasons%20for%20running%20into%20this%20error.%20Here%20are%20the%20most%20common%20root%20causes%20and%20their%20solutions%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22font-weight%3A%20400%3B%22%3E%3CSTRONG%3EThe%20user%20may%20not%20be%20have%20access%20to%20the%20home%20directory.%3C%2FSTRONG%3E%20Go%20to%20%E2%80%9CIIS%20%26gt%3B%20FTP%20site%20%26gt%3B%20FTP%20User%20Isolation%E2%80%9D.%20Select%20the%20directory%20that%20your%20users%20can%20access.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fiis%2Fpublish%2Fusing-the-ftp-service%2Fconfiguring-ftp-user-isolation-in-iis-7%23examining-the-new-ftp-user-isolation-settings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMore%20information%20about%20User%20Isolation%20settings%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%20style%3D%22font-weight%3A%20400%3B%22%3E%3CSTRONG%3EIIS%20may%20not%20be%20configured%20to%20use%20passive%20mode%20FTP.%3C%2FSTRONG%3E%20%3CSPAN%3EThere%20are%20two%20types%20of%20FTP%20connections%3A%20Active%20mode%20and%20passive%20mode.%20In%20active%20mode%2C%20the%20client%20opens%20a%20port.%20The%20server%20connects%20to%20this%20port%20for%20transferring%20data.%20In%20passive%20mode%2C%20the%20server%20opens%20a%20port.%20The%20client%20connects%20to%20this%20port%20to%20transfer%20data.%26nbsp%3B%3C%2FSPAN%3EIn%20order%20to%20use%20passive%20mode%2C%20enter%20a%20port%20range%20and%20IP%20address%20in%20%E2%80%9CIIS%20%26gt%3B%20Server%20name%20%26gt%3B%20FTP%20Firewall%20Support%E2%80%9D%20page%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ftp-user-isolation-home-directory.png%22%20style%3D%22width%3A%20500px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F213283iFBD959A00771AABE%2Fimage-dimensions%2F500x321%3Fv%3D1.0%22%20width%3D%22500%22%20height%3D%22321%22%20title%3D%22ftp-user-isolation-home-directory.png%22%20alt%3D%22ftp-user-isolation-home-directory.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22passive-mode.png%22%20style%3D%22width%3A%20500px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F213280iAE19BA3030E5E6B3%2Fimage-dimensions%2F500x321%3Fv%3D1.0%22%20width%3D%22500%22%20height%3D%22321%22%20title%3D%22passive-mode.png%22%20alt%3D%22passive-mode.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ENote%3A%20%3C%2FSTRONG%3EYou%20can%20configure%20your%20FTP%20client%20to%20use%20only%20the%20active%20mode%20if%20you%20don%E2%80%99t%20want%20to%20turn%20on%20passive%20mode%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-896339742%22%20id%3D%22toc-hId-896339742%22%3ELess%20common%20reasons%20for%20530%20error%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20items%20below%20may%20cause%20%E2%80%9C530%20User%20cannot%20log%20in%2C%20home%20directory%20inaccessible%E2%80%9D%20as%20well.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EAuthorization%20rules.%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EMake%20sure%20to%20have%20an%20Authorization%20rule%20that%20allows%20the%20user%20or%20anonymous%20access.%20Check%20%E2%80%9CIIS%20%26gt%3B%20FTP%20site%20%26gt%3B%20FTP%20Authorization%20Rules%E2%80%9D%20page%20to%20allow%20or%20deny%20access%20for%20certain%20or%20all%20users.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ENTFS%20permissions.%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3EThe%20FTP%20users%20(local%20or%20domain%20users)%20should%20have%20permissions%20on%20the%20physical%20folder.%20Right%20click%20the%20folder%20and%20go%20to%20Properties.%20In%20the%20Security%20tab%2C%20make%20sure%20the%20user%20has%20required%20permissions.%20You%20can%20ignore%20Shared%20tab.%20It%20is%20not%20used%20for%20FTP%20access.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ELocked%20account.%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EIf%20you%20local%20or%20domain%20account%20is%20locked%20or%20expired%2C%20you%20may%20end%20up%20seeing%20%E2%80%9CUser%20cannot%20log%20in%E2%80%9D%20error.%20Check%20local%20user%20properties%20or%20Active%20Directory%20user%20settings%20to%20make%20sure%20the%20user%20account%20is%20active.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EOther%20permission%20issues.%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EThe%20user%20account%20may%20not%20have%20%E2%80%9CLog%20on%20locally%E2%80%9D%20or%20%E2%80%9CAllow%20only%20anonymous%20connections%20security%E2%80%9D%20rights.%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20still%20seeing%20the%20issue%2C%20check%20IIS%20and%20FTP%20logs%20(c%3A%5Cinetpub%5Clogs%5CLogFiles%5CFTPSVC2)%3CSPAN%3E%26nbsp%3Bbut%20don%E2%80%99t%20let%20it%20mislead%20you.%20IIS%20logs%20sometimes%20may%20show%20PASS.%20It%20doesn%E2%80%99t%20mean%20everything%20is%20well.%20It%E2%80%99s%20better%20to%20check%20FTP%20logs%20that%20IIS%20records%20for%20FTP%20connections%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22iis-ftp-logs.png%22%20style%3D%22width%3A%20501px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F213281iD9895C55D4764A42%2Fimage-dimensions%2F501x292%3Fv%3D1.0%22%20width%3D%22501%22%20height%3D%22292%22%20title%3D%22iis-ftp-logs.png%22%20alt%3D%22iis-ftp-logs.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3ENote%3A%26nbsp%3B%3C%2FSTRONG%3EIn%20a%20case%20with%20%E2%80%9C%3CSTRONG%3EConnection%20closed%20by%20the%20server%3C%2FSTRONG%3E%E2%80%9D%20error%20for%20FTP%20connection%2C%20we%20determined%20the%20root%20cause%20as%20the%20corruption%20of%20system%20files%20occurred%20during%20in-place%20server%20upgrade.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-364570%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20trying%20to%20connect%20to%20your%20FTP%20server%20hosted%20by%20IIS%2C%20you%20may%20run%20into%20%E2%80%9C%3CSTRONG%3E530%20User%20cannot%20log%20in%2C%20home%20directory%20inaccessible%3C%2FSTRONG%3E%E2%80%9D%20error.%20This%20error%20occurs%20whether%20you%20are%20using%20anonymous%20access%20or%20basic%20authentication.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

While trying to connect to your FTP server hosted by IIS, you may run into “530 User cannot log in, home directory inaccessible” error. This error occurs whether you are using anonymous access or basic authentication.

 

A sample connection log from an FTP client:

 

530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server

post16.png

This issue may appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well.

 

Depending on the FTP client, you may not see the detailed error message right away. For instance, when I tried to connect to the same site with the same configuration by using WinSCP, I received “Access Denied” error. If your FTP client doesn’t show the entire connection history, look for the log folder to get more information about the root cause.

 

Solution

 

There might be a few reasons for running into this error. Here are the most common root causes and their solutions:

  • IIS may not be configured to use passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data. In order to use passive mode, enter a port range and IP address in “IIS > Server name > FTP Firewall Support” page

ftp-user-isolation-home-directory.png

passive-mode.png

 

Note: You can configure your FTP client to use only the active mode if you don’t want to turn on passive mode

 

Less common reasons for 530 error

 

The items below may cause “530 User cannot log in, home directory inaccessible” as well.

  • Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
  • NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access. 
  • Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active. 
  • Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights. 

 

If you are still seeing the issue, check IIS and FTP logs (c:\inetpub\logs\LogFiles\FTPSVC2) but don’t let it mislead you. IIS logs sometimes may show PASS. It doesn’t mean everything is well. It’s better to check FTP logs that IIS records for FTP connections

 

iis-ftp-logs.png

 

Note: In a case with “Connection closed by the server” error for FTP connection, we determined the root cause as the corruption of system files occurred during in-place server upgrade.

3 Comments
Occasional Visitor

funktioniert bei mir nicht, der server reagiert akzeptiert keine änderungen mehr in der authorisierung egal ob standard oder anonym. egal welche konfiguration gewählt wird. keine nutzung weder virtuelle verzeichnisse noch statische verzeichnisse mehr möglich.

server-dienst mehrfach neu gestartet, deinstallation leider nicht möglich.

Microsoft

Hi @Peter_Herzog, thanks for sharing your testing result. Please create a support request so that we can analyze IIS and FTP logs for further troubleshooting: https://support.microsoft.com/en-ca/hub/4343728/support-for-business

New Contributor

@Peter_Herzog :Please allowthe svc host process in  the ftp server firewall. Allow the tcp port 21 and other passive ports which you have defined like 5000-6000 in ftp server inbound and port 20 and passive ports on ftp server windows firewall outbound.

 

Allow the same in network firewall or any other nsg, then it should work.