Error message in IIS: "530 User cannot log in. Login failed

Resolution 4
Try using the command line FTP utility and specify the FTP username in DOMAIN\Username format when you log into the FTP Site. If this works, then you can either instruct all users to log on by using DOMAIN\Username format, or you can specify the default authentication domain that the FTP Service should use when authenticating accounts that do not exist locally and that were not entered in the DOMAIN\Username format. To do this you must make changes to the Metabase.
To specify a default logon domain so users do not have to type DOMAIN\Username when logging on to the FTP Server, you can either use the Windows Script Host (if it was installed during the Windows NT Option Pack setup) or the NTOP utility Mdutil.exe.
Both methods are described below.
To use the Windows Script Host method, use one of the following methods depending on the version of IIS that you are running:
Note In IIS 6.0, you can resolve this issue by modifying the metabase only when the FTP isolation type is "Isolated (Active Directory)" or if the UserIsolationMode property is set to 2.
IIS 6.0
  1. Change to the %Systemroot%\Inetpub\Adminscripts directory.
  2. Type the following:

    Adsutil Set MSFTPSVC/DefaultLogonDomain "Domain Name"

    Make sure when you type in the Domain Name that it is enclosed in quotation marks.

  3. Stop and restart the FTP Service.

Finding the property of UserIsolationMode:

The property is defined in the Metabase MBSchema.XML file which is in
c:\windows\system32\inetsrv
<Property InternalName="UserIsolationMode" ID="5012" Type="DWORD"
UserType="IIS_MD_UT_SERVER" Attributes="INHERIT"
MetaFlagsEx="CACHE_PROPERTY_MODIFIED" DefaultValue="0" EndingNumber="2" />
It is defined for IIsFtpService, and IIsFtpServer
You get get the value using this syntax using adsutil.vbs
cscript adsutil.vbs get MSFTPSVC/321282784/UserIsolationMode
This should return an integer value (0=Do Not Isolate, 1=Isolate Users,
2=Isolate using AD)
You can set it via
cscript adsutil.vbs set MSFTPSVC/321282784/UserIsolationMode Value
Where Value is (0=Do Not Isolate, 1=Isolate Users, 2=Isolate using AD)
Note: The value 321282784 used above is the FTP Site Instance ID which you
can obtain by looking at the Log Filename in the FTP site properties dialog
(click properties)
Note: You will need to Stop and Start the FTP site or do an IISRESET to get
the FTP Service to accept the new value.

Comments

Popular posts from this blog

vRA/vRO workflows

How to generate HPS Report for Windows