While trying to upload a file via FTPS, you may come across “550 supply message incomplete” error. In my case, the file upload was working fine via FTP. However, FTPS didn’t work for any IIS server and any FTP client.
Here is the entire error message:
550 supply message incomplete, signature was not verified
2019-06-13 20:28:26 18.104.22.168 SERVER\user 22.214.171.124 21 STOR test.txt 550 2148074264 0 05edb0d4-756e-4509-8d5e-4f566cae5bfb /test.txt
The FTP log for a failed attempt shows
sc-win32-status. This error code maps to
SEC_E_INCOMPLETE_MESSAGE which translates into “The supplied message is incomplete. The signature was not verified”.
There is a known issue in Windows Server 2008, 2008 R2, 2012, and 2012 R2 that causes this error while using FTPS due to a bug in TLS communication.
Solution for “550 supply message incomplete” error
If you get “This update is not applicable” error while trying to install the hot-fix:
- Extract the KB (MSU file) using the below command.
Expand –F:* <path of downloaded KB> <Destination folder where you need to extract>
- Run the below command to install the patch on the currently running system:
DISM.exe /Online /Add-Package /PackagePath:<path of the extracted file (select.cab file)>
Looking for instructions to enable Passive Mode in IIS FTP? Here is a simple step to enable it: Using a single port for IIS FTP in passive mode
It didn’t work?
Make sure that you applied the correct update for your server’s OS version. If you are still seeing “550 supply message incomplete, signature was not verified” error, try the following steps.
Connect to FTP server via IP
If you are using a hostname such as ftp.domain.com to connect to FTP, perform the following instructions:
- In your client machine, open hosts file (
- Enter the line below and save it (Enter your IIS server’s IP address instead of 192.168.1.100)
- 192.168.1.100 ftp.domain.com
- In command prompt, run
- Try to connect to FTP server again. If it doesn’t work, continue with the next sub-section below. If it works, it means there is a firewall blocking the FTPS port between client and server
Try using SFTP instead of FTPS
FTPS uses two channels: Command Channel and Data Channel. Some firewalls and routers allow Data Channel communication after reading the Command Channel data. If they can’t decrypt the Command Channel data when FTPS is used, they may block Data Channel communication.
SFTP uses only one channel. Therefore, this issue may not occur if you use SFTP. If it still occurs, continue with sub-section below.
I took the screenshot below in FileZilla. Your FTP client may have a similar setting.
Try disabling TLS 1.2 in IIS server
It is not recommended to disable TLS 1.2 but this test would help you narrowing the issue down. In order to disable TLS 1.2:
- Go to registry. Follow this path:
- Add two new D-Words:
Enabled = 0
- Restart the server
Are you receiving “530 User cannot log in” error while trying to connect to FTP? Check this post out: 530 User cannot log in, home directory inaccessible