IIS 10 – 530 Valid Hostname Expected for Multiple Sites Setup

ftpiiswindows-server-2016

I've configured IIS to have multiple FTP sites, using the instructions found here: https://docs.microsoft.com/en-us/iis/publish/using-the-ftp-service/using-ftp-virtual-host-names-in-iis-7

See the configuration I ended up with below.

In IIS I've configured basic authentication and use user mysite_ftp for 'Connect as', when testing settings I get green checkmarks on both Authenication and Authorization.

IIS settings:
enter image description here

When I use Filezilla to try to connect I get this logging:

Tried with VPS hostname: h2746286.stratoserver.net

Status: Resolving address of h2746286.stratoserver.net
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

Tried with hostname: www.telefonievergelijken.nl

Status: Resolving address of www.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

Tried with hostname: ftp.telefonievergelijken.nl

Status: Resolving address of ftp.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

applicationHost.config

<sectionGroup name="system.ftpServer">
    <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
    <section name="providerDefinitions" overrideModeDefault="Deny" />
    <sectionGroup name="security">
        <section name="ipSecurity" overrideModeDefault="Deny" />
        <section name="requestFiltering" overrideModeDefault="Deny" />
        <section name="authorization" overrideModeDefault="Deny" />
        <section name="authentication" overrideModeDefault="Deny" />
    </sectionGroup>
    <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
</sectionGroup>

<sites>
    <site name="othersite" id="2">
        <application path="/" applicationPool=".NET v4.5">
            <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" userName="othersite_web" password="[enc:IISCngProvider:b1dn9+We00KRNWUB6shbPm/hLtBOF2hOG9We5zVgaEmYL5C/fDLxDc3QH9Rnvi79SjeM+Rauk/bQWEBzJnw=:enc]" />
        </application>
        <bindings>
            <binding protocol="http" bindingInformation="*:80:www.othersite.nl" />
            <binding protocol="http" bindingInformation="*:80:othersite.nl" />
        </bindings>
    </site>
    <site name="telefonievergelijken" id="3">
        <application path="/" applicationPool=".NET v4.5">
            <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_web" password="[enc:IISCngProvider:x+PhGwZweUwR53tUgGTdEGui8k4gIJRASehxKVtsPoTtxNIA8aRe8WUwvdLuEdzSQicrJVDwen7e/C6x9qfiFyudqtZYwhXuo=:enc]" />
        </application>
        <bindings>
            <binding protocol="http" bindingInformation="*:80:www.telefonievergelijken.nl" />
            <binding protocol="http" bindingInformation="*:80:telefonievergelijken.nl" />
        </bindings>
        <traceFailedRequestsLogging enabled="true" directory="E:\IISData\LogFiles\FailedReqLogFiles" />
    </site>
    <site name="FTP-othersite" id="1">
        <application path="/">
            <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" />
        </application>
        <bindings>
            <binding protocol="ftp" bindingInformation="127.0.0.1:21:" />
        </bindings>
        <ftpServer>
            <security>
                <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                <authentication>
                    <basicAuthentication enabled="true" />
                </authentication>
            </security>
        </ftpServer>
    </site>
    <site name="FTP-TV" id="4">
        <application path="/">
            <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_ftp" password="[enc:IISCngProvider:xYxqamuKq02/xUcvZGTdEGui8gh3w6XT0hEegnCMZbVIxeWIOypRIZ1u8UAOG/AJg=:enc]" />
        </application>
        <bindings>
            <binding protocol="ftp" bindingInformation="127.0.0.1:21:www.telefonievergelijken.nl" />
        </bindings>
        <ftpServer>
            <security>
                <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                <authentication>
                    <basicAuthentication enabled="true" />
                </authentication>
            </security>
        </ftpServer>
    </site>
    <siteDefaults>
        <logFile logFormat="W3C" directory="E:\IISData\LogFiles" />
        <traceFailedRequestsLogging directory="E:\IISData\LogFiles\FailedReqLogFiles" />
        <ftpServer>
            <logFile directory="E:\IISData\LogFiles\FTPLogs" />
            <security>
                <authentication>
                    <basicAuthentication enabled="false" />
                </authentication>
            </security>
        </ftpServer>
    </siteDefaults>
    <applicationDefaults applicationPool="DefaultAppPool" />
    <virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>

UPDATE 1

Ah, I've changed the 127.0.0.1 IP address to my VPS's external IP address. When I try to connect with ftp.telefonievergelijken.nl|tv_ftp I get logging errors:

Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.telefonievergelijken.nl|tv_ftp
Status: Connection attempt failed with "EAI_NONAME - Neither nodename nor servname provided, or not known".

UPDATE 2

Changed username settings for connection:
enter image description here

Best Answer

It appears that you're attempting to connect to the FTP site using a hostname which is not currently configured in any of the bindings to the FTP site within IIS.

I base this only on the error output from Filezilla which you have included, as you have censored the hostname (even in example form) from the output, so there isn't much more to go on.

You'll need to configure a binding on the FTP site which matches the hostname you are using to connect to the FTP site (whether that be from Filezilla or any other FTP client).

EDIT: From your updated post information, I notice that your bindings for the FTP site are indeed incorrectly configured - you have currently only got the FTP site bound to the localhost loopback address (127.0.0.1). You will need to bind it to a non-loopback address, which is externally routable. Depending on your environment, this is likely to either be your external IP address (if mapped directly to the server) or an internal IP address (if you have NAT configured). My guess based on the current information is that you must have another FTP site configured, which is intercepting these requests and showing you the invalid hostname error. Once you configure this FTP site correctly, all should function as intended.

Additionally, @Dre's answer is also crucial (so you should also upvote it) - if you have more than one FTP site bound to the same IP address, you will need to specify the hostname in the 'user' field of your FTP client in the format hostname|user

Related Topic