While trying to connect to your FTP server hosted by IIS, you may run into “530 User cannot log in, home directory inaccessible” error. This error occurs whether you are using anonymous access or basic authentication.
A sample connection log from an FTP client:
530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server
This issue may appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well.
Depending on the FTP client, you may not see the detailed error message right away. For instance, when I tried to connect to the same site with the same configuration by using WinSCP, I received “Access Denied” error. If your FTP client doesn’t show the entire connection history, look for the log folder to get more information about the root cause.
Solution
There might be a few reasons for running into this error. Here are the most common root causes and their solutions:
- The user may not be have access to the home directory. Go to “IIS > FTP site > FTP User Isolation”. Select the directory that your users can access. More information about User Isolation settings
- IIS may not be configured to use passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data. In order to use passive mode, enter a port range and IP address in “IIS > Server name > FTP Firewall Support” page
Note: You can configure your FTP client to use only the active mode if you don’t want to turn on passive mode
Less common reasons for 530 error
The items below may cause “530 User cannot log in, home directory inaccessible” as well.
- Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
- NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
- Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
- Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
If you are still seeing the issue, check IIS and FTP logs (c:\inetpub\logs\LogFiles\FTPSVC2) but don’t let it mislead you. IIS logs sometimes may show PASS. It doesn’t mean everything is well. It’s better to check FTP logs that IIS records for FTP connections
Note: In a case with “Connection closed by the server” error for FTP connection, we determined the root cause as the corruption of system files occurred during in-place server upgrade.