System.Net.Sockets.SocketException: A connection attempt...

Question

I'm able to connect to the server, make the SSL handshake, and even change the working directory as well as return it, but trying to upload a file, download a file, or even get a file listing fail with a SocketException. After reading through several posts in this forum concerning this issue, I've tried setting the AutoPassiveIPSubstitution to both TRUE and FALSE. I've tried both PASSIVE and ACTIVE connection modes. Below, I've attached my code (or the method that makes the successful and unsuccessfull EDT.FTP calls) and the resulting log. As a side note, I do receive the MessageBox with the working directory, but I do not receive a MessageBox displaying "not connected". If there's anything else you need, or would like me to try something else out, let me know.

Thanks in advance for your help,
Brad

public void FtpGetFileSecure(string ftpSite, string ftpUser, string ftpPwd, string remoteFile, string localFile, int port) 
{
   SecureFTPConnection ftp = new SecureFTPConnection();

   try 
   {
      Logger.CurrentLevel = EnterpriseDT.Util.Debug.Level.DEBUG; 
      EnterpriseDT.Util.Debug.FileAppender app = new EnterpriseDT.Util.Debug.FileAppender("log.txt"); 
      EnterpriseDT.Util.Debug.Logger.AddAppender(app);

      // Setup connection properties
      ftp.ServerAddress = ftpSite;
      ftp.ServerPort = port;
      ftp.ConnectMode = FTPConnectMode.PASV;
      ftp.TransferType = FTPTransferType.BINARY;
      ftp.SSLVersion = SSLFTPSSLVersion.SSL3;
      ftp.Protocol = FileTransferProtocol.FTPSExplicit;
      ftp.ServerValidation = SecureFTPServerValidationType.None;
      ftp.Timeout = this.Timeout;
      ftp.UserName = ftpUser;
      ftp.Password = ftpPwd;
      ftp.LicenseOwner = "*********";
      ftp.LicenseKey = @"***-****-****-****";
      ftp.AutoPassiveIPSubstitution = true;

      // Connect to FTPS server
      ftp.Connect();

      // The UserName is also the home directory
      ftp.ChangeWorkingDirectory("/" + ftp.UserName);
      MessageBox.Show(ftp.ServerDirectory);
      
      if ( ftp.IsConnected ) 
      {
         foreach ( FTPFile file in ftp.GetFileInfos() ) 
         {
            this.listBox1.Items.Add(file.Name);
         }
      }
      else { MessageBox.Show("not connected"); }
   }
   catch ( Exception ex ) { MessageBox.Show(ex.ToString()); }
   finally { if ( ftp != null && ftp.IsConnected ) { ftp.Close(false); } }
}

DEBUG [SSLFTPClient] 17 Jan 2007 09:42:36.254 : Connecting to xxx.xxx.com:20021
DEBUG [HostNameResolver] 17 Jan 2007 09:42:36.441 : xxx.xxx.com resolved to xxx.xxx.xxx.xxx
DEBUG [ExFTPControlSocket] 17 Jan 2007 09:42:36.457 : Connecting directly to ftp-server xxx.xxx.xxx.xxx:20021
DEBUG [ExFTPControlSocket] 17 Jan 2007 09:42:36.520 : Created control-socket: SocksContext=, RemoteHost=xxx.xxx.xxx.xxx, controlPort=20021, timeout=0
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:43.553 : 220 <<<CONNECT:Enterprise for UNIX 1.3.02 Secure FTP>>> at eros FTP server ready. Time = 08:42:43
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:43.553 : ---> AUTH SSL
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:43.584 : 234 AUTH TLS-P/SSL OK.
DEBUG [SSLFTPControlSocket] 17 Jan 2007 09:42:43.584 : Beginning Ssl3 handshake.
DEBUG [SSLFTPControlSocket] 17 Jan 2007 09:42:46.929 : Ssl3 handshake complete.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:46.929 : ---> PBSZ 0
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:46.976 : 200 PBSZ 0 OK.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:46.976 : ---> PROT P
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.007 : 200 PROT P OK, data channel will be secured.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.007 : ---> USER uuuuuuuuuu
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.038 : 331 Password required for dgounfnd.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.038 : ---> PASS **********
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.101 : 230 CONNECT:Enterprise for UNIX login ok, access restrictions apply.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.101 : ---> TYPE I
DEBUG [EnterpriseDT.Net.Ftp.ExFTPConnection] 17 Jan 2007 09:42:47.116 : Starting KeepAlive thread with period 30s
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.132 : 200 Type set to I.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.132 : ---> PWD
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.163 : 257 "/uuuuuuuuuu" is current directory.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.163 : ---> CWD /uuuuuuuuuu
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.210 : 250 CWD command successful.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.210 : ---> PWD
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.241 : 257 "/uuuuuuuuuu" is current directory.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.241 : ---> CWD /uuuuuuuuuu
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.273 : 250 CWD command successful.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.273 : ---> PWD
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.304 : 257 "/uuuuuuuuuu" is current directory.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.304 : ---> PWD
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:47.335 : 257 "/uuuuuuuuuu" is current directory.
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.618 : ---> SYST
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.649 : 215 UNKNOWN Type: L8
WARN [FTPFileFactory] 17 Jan 2007 09:42:51.649 : Unknown SYST 'UNKNOWN Type: L8' - defaulting to Unix parsing
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.665 : ---> PASV
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.696 : 227 Entering Passive Mode (yyy,yyy,yyy,yyy,249,97)
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.696 : Server supplied address=yyy.yyy.yyy.yyy
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.696 : Server supplied port=63841
DEBUG [FTPControlSocket] 17 Jan 2007 09:42:51.696 : Substituting server supplied IP (yyy.yyy.yyy.yyy) with remote host IP (xxx.xxx.xxx.xxx)
DEBUG [ExFTPControlSocket] 17 Jan 2007 09:42:51.696 : Connecting directly to ftp-server xxx.xxx.xxx.xxx:63841
ERROR [ExFTPControlSocket] 17 Jan 2007 09:43:12.859 : Failed to create connecting socket : System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at er.a(EndPoint A_0)
a

Answer 1

I should also add that I am able to connect to this FTPS site via Ipswitch WS_FTP Professional 2007 from the same machine with similar settings (passive, binary, no special firewall settings defined in WS_FTP's Options screen, etc.).

I'm using a trial version of the edtFTPnetPRO.dll (4.0.5.0).

Answer 2

Have you got a log from ws ftp? I assume you are using FTPS also. If we can see what it is doing it should be relatively straightforward to configure edtFTPnet/PRO to do the same thing.

From the log it looks like the FTP server didn't respond to the connection attempt. This is normally a firewall problem, but if ws ftp client can connect and do a directory listing, there must be a way around it.

PS If you are trialing edtFTPnet/PRO, please email support at enterprisedt dot com as we provide email support to all our trial users - you should get a faster response.

Answer 3

I've pasted the connection log from WS FTP below. If you need to know anything about the WS FTP setup, let me know. Also, if you'd rather continue this over email, we can, but it doesn't matter to me either way.

Thanks for your help.


Finding Host xxx.xxx.com ...
Connecting to xxx.xxx.xxx.xxx:20021
Connected to xxx.xxx.xxx.xxx:20021 in 0.031249 seconds, Waiting for Server Response
Initializing SSL Session ...
220 <<<CONNECT:Enterprise for UNIX 1.3.02 Secure FTP>>> at eros FTP server ready. Time = 05:52:14
AUTH TLS
234 AUTH TLS-C/TLS OK.
SSL session NOT set for reuse
SSL Session Started.
Host type (1): Unix (Standard)
USER uuuuuuuuuu
331 Password required for uuuuuuuuuu.
PASS (hidden)
230 CONNECT:Enterprise for UNIX login ok, access restrictions apply.
Host type (I): Unix (Standard)
PBSZ 0
200 PBSZ 0 OK.
PROT P
200 PROT P OK, data channel will be secured.
CCC
200 CCC Context Enabled.
Sending "FEAT" command to determine what features this server supports.
FEAT
500 'FEAT': command not understood.
Apparently, this server does not support the "FEAT" command for automatic discovery of features.
Sending the FEAT command is optional. You can disable it in the site options of the profile.
PWD
257 "/uuuuuuuuuu" is current directory.
TYPE A200 Type set to A.
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,184,86)
connecting data channel to xxx.xxx.xxx.xxx:184,86(47190)
data channel connected to xxx.xxx.xxx.xxx:184,86(47190)
LIST
150 Opening ASCII mode data connection for .
transferred 109 bytes in < 0.001 seconds, 851.563 Kbps ( 106.445 Kbps), transfer succeeded.
226 Transfer complete.

Answer 4

Aha. The difference here is that WS FTP is sending a CCC command. This makes the command channel non-encrypted, so that routers can inspect the packets and open the correct ports for data transfers (including directory listings). The data is still encrypted.

Is that the behaviour you want?

Answer 5

I've confirmed with out network admin that this is the behavior we desire, but I've tried setting the ServerCompatibility flag to SSLDisableDataClosure to no avail. Is there something else I should be doing to ensure the CCC command is sent?

Answer 6

The CCC command isn't supported currently so it isn't going to work.

We have wanted to implement it and not had much interest until now, so we'll aim to do this on Monday. That mightn't be soon enough for your purposes, I don't know.

The reason why people don't tend to use CCC much is that the control channel is no longer encrypted.

An alternative to using CCC is to use active mode is used, and a small port range that active mode should use is specified via ActivePortRange property and the ports opened in the firewall for communication with the particular host you want to connect to.

Answer 7

I'm not sure the reasoning behind it, but I'm required to use PASSIVE mode. I imagine the network admin doesn't want to deal with opening specific ports.

When do you anticipate releasing a new DLL with CCC command support? If it's in the next week or 2, that would probably fit well enough into our schedule.


Thanks for your help with this.

Answer 8

We've got CCC implemented today, we'll do some more testing over the next day or so. Please send us your email address (to support at enterprisedt dot com) and we'll give you a download link later this week for you to try it out.