While trying to connect to your FTP server hosted by IIS, you may run into “530 User cannot log in, home directory inaccessible” error. This error occurs whether you are using anonymous access or basic authentication.
A sample connection log from an FTP client:
530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server
This issue may appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well.
Depending on the FTP client, you may not see the detailed error message right away. For instance, when I tried to connect to the same site with the same configuration by using WinSCP, I received “Access Denied” error. If your FTP client doesn’t show the entire connection history, look for the log folder to get more information about the root cause.
There might be a few reasons for running into this error. Here are the most common root causes and their solutions:
- The user may not be have access to the home directory. Go to “IIS > FTP site > FTP User Isolation”. Select the directory that your users can access. More information about User Isolation settings
- IIS may not be configured to use passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data. In order to use passive mode, enter a port range and IP address in “IIS > Server name > FTP Firewall Support” page
Note: You can configure your FTP client to use only the active mode if you don’t want to turn on passive mode
The items below may cause “530 User cannot log in, home directory inaccessible” as well.
- Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
- NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
- Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
- Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
If you are still seeing the issue, check IIS and FTP logs (c:\inetpub\logs\LogFiles\FTPSVC2) but don’t let it mislead you. IIS logs sometimes may show PASS. It doesn’t mean everything is well. It’s better to check FTP logs that IIS records for FTP connections
Note: In a case with “Connection closed by the server” error for FTP connection, we determined the root cause as the corruption of system files occurred during in-place server upgrade.
При подключении к ftp-сайту (IIS) ошибка «530 user cannot login in, home directory inaccessible»
Сделал, но при подключении получил ошибку «530 user cannot login in, home directory inaccessible».
Сначала на сервере проверил наличие пользователя ftp_user_00 в оснастке «Управление компьютером/Локальные пользователи». Пользователь присутствует.
Потом стал проверять права доступа на каталоги, — всё нормально, пользователь ftp_user_00 с соответствующими правами в свойствах каталогов есть, а доступа по-прежнему нет.
Добавил в каталог пользователя «Все», — ничего не изменилось.
Залез в групповые политики. Всё, вроде, нормально.
Потом в диспетчере IIS на начальной странице ftp-сайта стал просматривать встроенные возможности начиная с «Проверки подлинности FTP» и далее, пока не открыл «Правила авторизации FTP», а его там нет (пользователя ftp_user_00).
Добавил разрешающее правило для ftp_user_00 на чтение и запись.
Соединение пошло. Вот надо было сразу лезть в «Правила авторизации FTP», а не ковыряться по каталогам. Видимо, когда менял логин (а по сути, — это новый локальный пользователь), то добавил его в оснастке «Управление компьютером/Локальные пользователи», но при этом забыл добавить в «Правила авторизации FTP» на ftp-сайте.
Вывод. Одна из причин (если не первая) ошибки «530 user cannot login in, home directory inaccessible» при подключении к ftp-сайту (IIS), — отсутствие пользователя, под которым идет подключение, в «Правилах авторизации FTP» в Диспетчере служб IIS.
Are you receiving FTP error 530 user cannot log in home directory inaccessible? We can help you fix it.
While trying to connect to the FTP server we may run into this error message. In most cases, this error occurs only when FTP authorization rules for default FTP site are not set.
At Bobcares, we often get requests from our customers regarding FTP errors as part of our Server Management Services.
Today, let’s get into the details on how our Support Engineers fix the FTP error for our customers.
Why FTP shows 530 user cannot log in home directory inaccessible error?
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network. FTP built on Cilent-Server Architecture and it uses separate connections for control and data.
When connecting locally from Windows Server via FTP using a subscription FTP user, the operation fails with the below error.
Depending on the FTP client the error message appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well. There might be a few reasons for running into this error.
Now, it’s time to see the reasons that cause 530 FTP anonymous messages.
Top causes for “530 User cannot log in, home directory inaccessible”
From our experience in managing servers, we often see customers experiencing problems like “530 User cannot log in, home directory inaccessible”.
Let’s check the common reasons one by one and see how our Support Engineers fix it.
1. Authorization rules
In most cases, this error occurs only when FTP authorization rules for default FTP site are not set. For that, we set the Authorization rule by the following the below steps.
a. Initially, we log in to the VPS via Remote Desktop connection as an Administrator user.
b. Then we open IIS and expand Sites option from left pane.
c. After that we select the default FTP site in site list and click the FTP Authorization Rules option.
d. From the right pane, we click on Add Allow Rule.
e. Then we select the option of All Users and tick the check box of Read and Write permission.
f. Finally, we click on Ok button to save the changes and Restart Microsoft FTP Services to reflect them.
2. The user is not able to access to the home directory.
This is the another root cause of the error. We make sure to select the directory that the users can access by selecting IIS > FTP site > FTP User Isolation and select the FTP root directory.
3. NTFS permissions
We make sure that the FTP users have permissions on the physical folder. For that, we right click the folder > Properties > Security tab and check the user permissions.
Even after making the changes, sometimes to reflect the changes we need to restart Microsoft FTP Services. Here is the steps to restart the FTP service.
1. Open Services and select the service named Microsoft FTP Service.
2. Then click on Restart link from the left pane option.
After that we log in to the FTP account. If everything is fine, then no error will appear while connecting to the FTP account.
[Need assistance in fixing the error? – We will fix it for you.]
Conclusion
To be more accurate, “530 User cannot log in, home directory inaccessible” error happens due to various reasons like incorrect rules, permissions and many more. Today, we saw common causes for the error and also saw how our Support Engineers fixed it.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
[Solved] 530 User Cannot Log In, home directory inaccessible
Operating system and webserver requirements for a secure FTP Server.
- Applied Operating system – Microsoft Windows Server 2012, 2016, 2019
- Web Server – IIS10
- TLS Server certificate
- Microsoft Windows and any perimeter firewall configuration for FTP inbound ports like 21 etc.
Secure FTP servers are basic requirements for a setup where you need to share the files with the customer and receive the log files. Working with Integrated Windows environment can be problem some time as it comes with many issues related to design, documentation and implementation methods available on vendor websites. Secure FTP server can be configured on IIS10 for Microsoft Windows based environment using the TLS server authentication and TLS/SSL explicit Encryption. This can create lots of problems while configuration when you follow each and every instructions from the above URL and still getting and error “530 User Cannot Log In, home directory inaccessible”.
Above error can occur if you are configuring FTP server on windows 2012 and 2016 server. All the rights and other settings are defined as described in windows official website but still the FTP server is not working. Home directory assigned in FTP server have all the required rights for the user trying to access the FTP server. After searching the Google for around 1 hour I found this solution to assign rights on under given path:
%SystemDrive%\Windows\System32\inetsrv\config
but still no luck.
I deleted the FTP site from IIS and recreated it. after that I restarted the FTP service from windows services and this method worked for me but this might not work for others as at first it didn’t worked for me as well. There is another thing which is not listed on any Microsoft FTP server configuration documentation that when you configure the Secure FTP server with user directory isolation you need to take care of the user name and directory name which must be identical (Same).
e.g. If you have created an account like secure.ftp you must create a directory with the same name otherwise it will not work and give the error “530 User Cannot Log In, home directory inaccessible” while the user try to access the FTP account from any FTP client.
I hope this will help someone and save a valuable time.
сегодня вот нарвался, микрософт, нутудыжвашу,совсемисервиспаками!!!
h t t p://xpertnotes.net/blog/2014/03/21/iis-7-5-ftp-530-user-cannot-log-in-home-directory-inaccessible/
все было правильно и не пахало. мне сразу же помогло.
IIS 7.5 FTP 530 User cannot log in, home directory inaccessible.
Posted on March 21, 2014 by Frank McCourry
There are a ton of articles out there addressing this issue. I’m not going to repeat them here. What I am going to share is what to do when you’ve followed all of those articles and it still does not seem to work.
Let me review the problem. Since the introduction of IIS 7.0 and now with 7.5, Microsoft has changed ftp authentication and authorization. This can be confusing because there are two critical steps that must be performed to ensure that a user will actually gain the access they need. First you must set the permissions on the folder they will be accessing then authorize the user in IIS under FTP authorization rules.
Here’s the kicker. If you do this in the wrong order, everything will appear correct but you will get an “Error 530 User cannot log in, home directory inaccessible.”
To correct this problem:
Remove FTP publishing from the site.
Restart IIS
Verify that the users have proper permissions to the folder you want them to use.
Add FTP publishing back to the site.
Add the user to the ftp authorization rules.
This problem does not happen every time and I have yet to understand if there is any pattern to it other than the order that permissions and authorization are set. Even when they are set in the right order, I have seen this break when adding a new user.