Home » IIS » (Solved) 550 supply message incomplete, signature was not verified

(Solved) 550 supply message incomplete, signature was not verified

While trying to upload a file via FTPS, you may come across “550 supply message incomplete” error. In my case, the file upload was working fine via FTP. However, FTPS didn’t work for any IIS server and any FTP client.

Here is the entire error message:

550 supply message incomplete, signature was not verified

FTP log:

2019-06-13 20:28:26 134.165.112.56 SERVER\user 134.45.232.24 21 STOR test.txt 550 2148074264 0 05edb0d4-756e-4509-8d5e-4f566cae5bfb /test.txt

Root Cause

The FTP log for a failed attempt shows 2148074264 as sc-win32-status. This error code maps to SEC_E_INCOMPLETE_MESSAGE which translates into “The supplied message is incomplete. The signature was not verified”.

There is a known issue in Windows Server 2008, 2008 R2, 2012, and 2012 R2 that causes this error while using FTPS due to a bug in TLS communication.

Solution for  “550 supply message incomplete” error

Here is the hot-fix page to fix this bug. The download link in this page is broken but you can try downloading it via this page or this one. Install the hot-fix and restart the server.

If you get “This update is not applicable” error while trying to install the hot-fix:

  • Extract the KB (MSU file) using the below command.
    Expand –F:* <path of downloaded KB>  <Destination folder where you need to extract>
  • Run the below command to install the patch on the currently running system:
    DISM.exe /Online /Add-Package /PackagePath:<path of the extracted file (select.cab file)>

Looking for instructions to enable Passive Mode in IIS FTP? Here is a simple step to enable it: Using a single port for IIS FTP in passive mode

It didn’t work?

Make sure that you applied the correct update for your server’s OS version. If you are still seeing “550 supply message incomplete, signature was not verified” error, try the following steps.

Connect to FTP server via IP

If you are using a hostname such as ftp.domain.com to connect to FTP, perform the following instructions:

  1. In your client machine, open hosts file (C:\Windows\System32\drivers\etc\hosts)
  2. Enter the line below and save it (Enter your IIS server’s IP address instead of 192.168.1.100)
  3. 192.168.1.100 ftp.domain.com
  4. In command prompt, run ipconfig /flushdns
  5. Try to connect to FTP server again. If it doesn’t work, continue with the next sub-section below. If it works, it means there is a firewall blocking the FTPS port between client and server

Try using SFTP instead of FTPS

FTPS uses two channels: Command Channel and Data Channel. Some firewalls and routers allow Data Channel communication after reading the Command Channel data. If they can’t decrypt the Command Channel data when FTPS is used, they may block Data Channel communication.

SFTP uses only one channel. Therefore, this issue may not occur if you use SFTP. If it still occurs, continue with sub-section below.

I took the screenshot below in FileZilla. Your FTP client may have a similar setting.

Use SFTP as a workaround for 550 supply message incomplete error

Try disabling TLS 1.2 in IIS server

It is not recommended to disable TLS 1.2 but this test would help you narrowing the issue down. In order to disable TLS 1.2:

  1. Go to registry. Follow this path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
  2. Add two new D-Words:
    DisabledByDefault =1
    Enabled = 0
  3. Restart the server

Are you receiving “530 User cannot log in” error while trying to connect to FTP? Check this post out: 530 User cannot log in, home directory inaccessible

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.

2 thoughts on “(Solved) 550 supply message incomplete, signature was not verified”

Leave a Comment