530 Valid hostname is expected when setting up IIS 10 for multiple sites

Question

I've configured IIS to have multiple FTP sites, using the instructions found here: https://docs.microsoft.com/en-us/iis/publish/using-the-ftp-service/using-ftp-virtual-host-names-in-iis-7

See the configuration I ended up with below.

In IIS I've configured basic authentication and use user mysite_ftp for 'Connect as', when testing settings I get green checkmarks on both Authenication and Authorization.

IIS settings:

When I use Filezilla to try to connect I get this logging:

Tried with VPS hostname: h2746286.stratoserver.net

Status: Resolving address of h2746286.stratoserver.net
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

Tried with hostname: www.telefonievergelijken.nl

Status: Resolving address of www.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

Tried with hostname: ftp.telefonievergelijken.nl

Status: Resolving address of ftp.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

applicationHost.config

<sectionGroup name="system.ftpServer">
    <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="providerDefinitions" overrideModeDefault="Deny" />
    <sectionGroup name="security">
        <section name="ipSecurity" overrideModeDefault="Deny" />
        <section name="requestFiltering" overrideModeDefault="Deny" />
        <section name="authorization" overrideModeDefault="Deny" />
        <section name="authentication" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
</sectionGroup>

<sites>
    <site name="othersite" id="2">
        <application path="/" applicationPool=".NET v4.5">
            <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" userName="othersite_web" password="[enc:IISCngProvider:b1dn9+We00KRNWUB6shbPm/hLtBOF2hOG9We5zVgaEmYL5C/fDLxDc3QH9Rnvi79SjeM+Rauk/bQWEBzJnw=:enc]" />
        </application>
        <bindings>
            <binding protocol="http" bindingInformation="*:80:www.othersite.nl" />
            <binding protocol="http" bindingInformation="*:80:othersite.nl" />
        </bindings>
    </site>
    <site name="telefonievergelijken" id="3">
        <application path="/" applicationPool=".NET v4.5">
            <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_web" password="[enc:IISCngProvider:x+PhGwZweUwR53tUgGTdEGui8k4gIJRASehxKVtsPoTtxNIA8aRe8WUwvdLuEdzSQicrJVDwen7e/C6x9qfiFyudqtZYwhXuo=:enc]" />
        </application>
        <bindings>
            <binding protocol="http" bindingInformation="*:80:www.telefonievergelijken.nl" />
            <binding protocol="http" bindingInformation="*:80:telefonievergelijken.nl" />
        </bindings>
        <traceFailedRequestsLogging enabled="true" directory="E:\IISData\LogFiles\FailedReqLogFiles" />
    </site>
    <site name="FTP-othersite" id="1">
        <application path="/">
            <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" />
        </application>
        <bindings>
            <binding protocol="ftp" bindingInformation="127.0.0.1:21:" />
        </bindings>
        <ftpServer>
            <security>
                <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                <authentication>
                    <basicAuthentication enabled="true" />
                </authentication>
            </security>
        </ftpServer>
    </site>
    <site name="FTP-TV" id="4">
        <application path="/">
            <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_ftp" password="[enc:IISCngProvider:xYxqamuKq02/xUcvZGTdEGui8gh3w6XT0hEegnCMZbVIxeWIOypRIZ1u8UAOG/AJg=:enc]" />
        </application>
        <bindings>
            <binding protocol="ftp" bindingInformation="127.0.0.1:21:www.telefonievergelijken.nl" />
        </bindings>
        <ftpServer>
            <security>
                <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                <authentication>
                    <basicAuthentication enabled="true" />
                </authentication>
            </security>
        </ftpServer>
    </site>
    <siteDefaults>
        <logFile logFormat="W3C" directory="E:\IISData\LogFiles" />
        <traceFailedRequestsLogging directory="E:\IISData\LogFiles\FailedReqLogFiles" />
        <ftpServer>
            <logFile directory="E:\IISData\LogFiles\FTPLogs" />
            <security>
                <authentication>
                    <basicAuthentication enabled="false" />
                </authentication>
            </security>
        </ftpServer>
    </siteDefaults>
    <applicationDefaults applicationPool="DefaultAppPool" />
    <virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>

UPDATE 1

Ah, I've changed the 127.0.0.1 IP address to my VPS's external IP address. When I try to connect with ftp.telefonievergelijken.nl|tv_ftp I get logging errors:

Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.telefonievergelijken.nl|tv_ftp
Status: Connection attempt failed with "EAI_NONAME - Neither nodename nor servname provided, or not known".

UPDATE 2

Changed username settings for connection:

I don't see any site that has HTTPS enabled (Using port 443)? — Davidw, Dec 10 '17 at 16:38
I don't have HTTPS enabled for these yet (no certificate yet), so just over HTTP is fine, or are you saying I misconfigured something? Basicauthentiaction just means a username/password should be provided and allowssl is just to indicate that if I were to access it via https it should be possible (but not required) right? — Adam, Dec 11 '17 at 01:31
in my case, it was because I shared a host name between a website and a FTP website, once I used a unique host name for the FTP site it worked. — Reza Abolfathi, Jun 30 '19 at 07:21

Dre · Answer 1 · 2020-07-03T20:29:46.043

12

When configured with two or more hostnames, the correct virtual host name and username must both be sent in the username by the ftp client. Separate the site name and user with the vertical line symbol: |

www.example.com|MyUser

So, in your FTP Client use this for the username:

ftp.telefonievergelijken.nl|tv_ftp

edited Jul 03 '20 at 20:29

answered Dec 13 '17 at 23:42

Dre

1,710
7
12

"When configured this way..." - how to configure the ftp-site so that I don't have to include the host name also in the username, additionally to the host name itself? – simaglei Jul 03 '20 at 09:19
1

@simaglei When configured with two or more hostnames. If you only host one hostname, it will require only the username. – Dre Jul 03 '20 at 20:28
1

I had to make two changes, both learned in this thread: adding the binding to my internal IP in inetsrv, and logging in with the hostname|username format. Thank you to all how contributed here :) – Mick Jan 04 '23 at 22:16

BE77Y · Accepted Answer · 2017-12-14T10:43:32.287

It appears that you're attempting to connect to the FTP site using a hostname which is not currently configured in any of the bindings to the FTP site within IIS.

I base this only on the error output from Filezilla which you have included, as you have censored the hostname (even in example form) from the output, so there isn't much more to go on.

You'll need to configure a binding on the FTP site which matches the hostname you are using to connect to the FTP site (whether that be from Filezilla or any other FTP client).

EDIT: From your updated post information, I notice that your bindings for the FTP site are indeed incorrectly configured - you have currently only got the FTP site bound to the localhost loopback address (127.0.0.1). You will need to bind it to a non-loopback address, which is externally routable. Depending on your environment, this is likely to either be your external IP address (if mapped directly to the server) or an internal IP address (if you have NAT configured). My guess based on the current information is that you must have another FTP site configured, which is intercepting these requests and showing you the invalid hostname error. Once you configure this FTP site correctly, all should function as intended.

Additionally, @Dre's answer is also crucial (so you should also upvote it) - if you have more than one FTP site bound to the same IP address, you will need to specify the hostname in the 'user' field of your FTP client in the format hostname|user

Ah, fair enough! :-) I added more details...does this help to narrow down the issue? — Adam, Dec 13 '17 at 18:07
@Flo - ah, yes it definitely does. I've updated my answer accordingly. — BE77Y, Dec 14 '17 at 10:20
Alright, see my update 1, I'm still getting an error, although different now. After a few Google searches I understand there's still a hostname issue...but why? — Adam, Dec 14 '17 at 15:37
I did misunderstand. Changed accordingly and added update 2. Still getting an error on the hostname: `530 valid hostname is expected.` — Adam, Dec 14 '17 at 20:59
It looks like the hostname on your binding starts `www.` but the hostname you’re trying to connect to in your client starts `ftp.` You need to connect to the correct hostname configured on the site binding (or change the site binding to `ftp.`) — BE77Y, Dec 14 '17 at 22:53

score 1 · Answer 3 · answered May 31 '22 at 11:11

1

I received this error having configured the IIS 10.0 instance to bind on the external URL only. My correction was to add an additional binding to the internal IP. FTP connections to the external URL resolved successfully.

answered May 31 '22 at 11:11

Alocyte

131
5

I had to make two changes, both learned in this thread: adding the binding to my internal IP in inetsrv, and logging in with the hostname|username format. Thank you to all how contributed here :) – Mick Jan 04 '23 at 22:12

score 0 · Answer 4 · answered Apr 28 '19 at 11:31

If you are not hosting multiple hosts on port 21 (or whatever port you are using), you can also just remove the binding under IIS settings, i.e. clear out the "Host Name" field under "Site Bindings" >> "Edit Site Binding". It should work thereafter, provided your app pool as relevant permissions.

530 Valid hostname is expected when setting up IIS 10 for multiple sites

4 Answers4

Linked