Here's the problem, from the log (ip & dns names sanitized):
FTP Service Log
2013-03-26 01:25:07 ORIGIN.IP - DESTINATION.IP 21 ControlChannelOpened - - 0 0 4ba4c190-09ca-45e3-a2ae-b19117d33b80 -
2013-03-26 01:25:07 ORIGIN.IP - DESTINATION.IP 21 AUTH TLS 234 0 0 4ba4c190-09ca-45e3-a2ae-b19117d33b80 -
2013-03-26 01:25:10 ORIGIN.IP - DESTINATION.IP 21 ControlChannelOpened - - 0 0 e6d0e58c-f555-41aa-9164-a29c5ba8f9bb -
2013-03-26 01:25:10 ORIGIN.IP - DESTINATION.IP 21 AUTH TLS 234 0 0 e6d0e58c-f555-41aa-9164-a29c5ba8f9bb -
FTP Service 1 Log
2013-03-26 01:25:08 ORIGIN.IP - DESTINATION.IP 21 USER ftp.foo.bar.com|WDeployAdmin 331 0 0 4ba4c190-09ca-45e3-a2ae-b19117d33b80 -
2013-03-26 01:25:08 ORIGIN.IP MACHINE-NAME\WDeployAdmin DESTINATION.IP 21 PASS *** 530 183 18 4ba4c190-09ca-45e3-a2ae-b19117d33b80 /
2013-03-26 01:25:10 ORIGIN.IP - DESTINATION.IP 21 ControlChannelClosed - - 0 0 4ba4c190-09ca-45e3-a2ae-b19117d33b80 -
(developer moonlighting as sysadmin here; I have no idea why there are two different services that are doing the logs.)
According to MS doc, FTP log codes:
183 ??? (not in doc, can't find win32-substatus code table)
234 Security data exchange complete.
331 User name okay, need password.
530 Not logged in.
18 Invalid configuration.
IIS Config
Default Web Site, FTP Publishing enabled.
Bindings:
*:21:ftp.foo.bar.com
Physical path: %SystemDrive%\inetpub\wwwroot
Specified Users:
Allow WDeployAdmin read write
FTP Authentication: Basic enabled, no Default domain
Windows User
WDeployAdmin
has full control
over %SystemDrive%\inetpub\wwwroot
FTP Client
Visual Studio 2012, Copy Web Site
Server: ftps://foo.bar.com
Port: 21
Passive Mode
Username: ftp.foo.bar.com|WDeployAdmin
Error message:
The username or password you have entered is incorrect, or you do not
have authorization to perform this action.
Error message 2 (after declining to attempt connection again):
Unable to open the Web site 'ftps://foo.bar.com'. You are not
authorized to perform the current operation.
Diagnostic Steps Taken
I tried appending a sub-folder of wwwroot to the connection, eg ftps://foo.bar.com/baz
, same error.
I've reset the password of WDeployAdmin
to verify that it is correct.
I've restarted IIS, and refreshed the Default Web Site http and ftp services.
Best Answer
These changes resolved the problem. My retroactive hypothesis is that the extra hostheader binding was messing up user authentication somehow.