0

I am trying to set up an FTP site on Windows Server 2019/IIS running on an AWS EC2 instance. I have added the FTP service, added an FTP site, installed a TLS certificate and bound it to FTP, and selected the Require SSL connections option under FTP SSL Settings. But I obviously have missed something, because when I try to connect using FTPS (using FileZilla 3.55.1) the server returns the status 534 Local policy on server does not allow TLS secure connections. What does this message mean in this context, and how does one correct it? A Google search has not turned up anything I haven't already tried.

[Edit]
I'm sure this is not a firewall or edge security issue. This is the output I see in FileZilla:

Status:         Resolving address of www.example.com
Status:         Connecting to XX.XX.XX.XX...
Status:         Connection established, waiting for welcome message...
Response:   220 Microsoft FTP Service
Command:    AUTH TLS
Response:   534 Local policy on server does not allow TLS secure connections.
Command:    AUTH SSL
Response:   534 Local policy on server does not allow TLS secure connections.
Status:         Insecure server, it does not support FTP over TLS.
Don R
  • 143
  • 2
  • 11
  • The troubleshoot approach can be followed, https://serverfault.com/questions/288234/iis-7-5-ftps-external-access-534-policy-requires-ssl – Lex Li Sep 08 '21 at 05:28
  • Thanks, but this is not a firewall or edge security issue (see additional info I've added to the question). The only thing in any of those answers that sounds like it might be helpful is the mention of SSL "on the server" as distinct in some way from on the site, but the link provided for that is for a blog that no longer exists, and I have no idea what it means nor have I had any success in searching the web for clarification. – Don R Sep 08 '21 at 13:54
  • So I eventually found, by luck, the fact that there is a set of configuration apps that are essentially identical to the site configuration apps, on the *server* node of the tree view in IIS Manager. That seems to be what is meant, and reproducing some of the config at that level resolved the problem, though I'm still not sure exactly which change it was that made it work. – Don R Sep 08 '21 at 19:59

0 Answers0