While trying to upload a file via FTPS, you may come across “550 supply message incomplete” error. In my case, the file upload was working fine via FTP. However, FTPS didn’t work for any IIS server and any FTP client.
Here is the entire error message:
550 supply message incomplete, signature was not verified
FTP log:
2019-06-13 20:28:26 134.165.112.56 SERVER\user 134.45.232.24 21 STOR test.txt 550 2148074264 0 05edb0d4-756e-4509-8d5e-4f566cae5bfb /test.txt
Root Cause
The FTP log for a failed attempt shows 2148074264 as sc-win32-status. This error code maps to SEC_E_INCOMPLETE_MESSAGE which translates into “The supplied message is incomplete. The signature was not verified”.
There is a known issue in Windows Server 2008, 2008 R2, 2012, and 2012 R2 that causes this error while using FTPS due to a bug in TLS communication.
Solution for “550 supply message incomplete” error
Here is the hot-fix page to fix this bug. The download link in this page is broken but you can try downloading it via this page or this one. Install the hot-fix and restart the server.
If you get “This update is not applicable” error while trying to install the hot-fix:
- Extract the KB (MSU file) using the below command.
Expand –F:* <path of downloaded KB> <Destination folder where you need to extract> - Run the below command to install the patch on the currently running system:
DISM.exe /Online /Add-Package /PackagePath:<path of the extracted file (select.cab file)>
Looking for instructions to enable Passive Mode in IIS FTP? Here is a simple step to enable it: Using a single port for IIS FTP in passive mode
It didn’t work?
Make sure that you applied the correct update for your server’s OS version. If you are still seeing “550 supply message incomplete, signature was not verified” error, try the following steps.
Connect to FTP server via IP
If you are using a hostname such as ftp.domain.com to connect to FTP, perform the following instructions:
- In your client machine, open hosts file (
C:\Windows\System32\drivers\etc\hosts) - Enter the line below and save it (Enter your IIS server’s IP address instead of 192.168.1.100)
- 192.168.1.100 ftp.domain.com
- In command prompt, run
ipconfig /flushdns - Try to connect to FTP server again. If it doesn’t work, continue with the next sub-section below. If it works, it means there is a firewall blocking the FTPS port between client and server
Try using SFTP instead of FTPS
FTPS uses two channels: Command Channel and Data Channel. Some firewalls and routers allow Data Channel communication after reading the Command Channel data. If they can’t decrypt the Command Channel data when FTPS is used, they may block Data Channel communication.
SFTP uses only one channel. Therefore, this issue may not occur if you use SFTP. If it still occurs, continue with sub-section below.
I took the screenshot below in FileZilla. Your FTP client may have a similar setting.
Try disabling TLS 1.2 in IIS server
It is not recommended to disable TLS 1.2 but this test would help you narrowing the issue down. In order to disable TLS 1.2:
- Go to registry. Follow this path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client - Add two new D-Words:
DisabledByDefault =1Enabled = 0 - Restart the server
Are you receiving “530 User cannot log in” error while trying to connect to FTP? Check this post out: 530 User cannot log in, home directory inaccessible
Thank you so much for this. I have been trying to fix this for a long time! I just decided to look back into it!
Appreciate the fix, I can finally upload files!!