Disconnection during FTP / Synchronize Dirs

English support forum

Moderators: white, Hacker, petermad, Stefan2

Post Reply
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Disconnection during FTP / Synchronize Dirs

Post by *gt13 »

Hello,
I get FTP disconnections when I try to synchronize the local original version of my website with its online copy (hosted on infomaniak). The disconnection occurs after about 10 seconds, while TotalCommander is listing the directory.

I am not able to diagnose the origin of the disconnection: size of the directory to synchronize (4.7 GB in 3700 files in 235 subdirectories)? Time out due to something? Error due to something? SSL error?

The disconnection occurs in the same way when I am at home using ADSL, and when I am at work on a university network.
The disconnection seams to occur always in the same subdirectory, but when I start the synchronization just above this directory in the tree (i.e. with much less files to synchronize than when it fails), the synchronization works without problem.

Here is the log file (I have replaced some private data by xxx):

Code: Select all

----------
SSL: Libraries loaded OK! C:\totalcmd\libeay32.dll
Connect to: (12/06/2017 17:36:47)
hostname=crfg.ftp.infomaniak.com
username=xxxxxxxxxxxxxxx
startdir=/web
crfg.ftp.infomaniak.com=xxx.xx.xxx.xx
220 ProFTPD 1.3.4e Server (ProFTPD) [xxx.xx.xxx.xx]
AUTH TLS
234 AUTH TLS successful
Method: TLSv1
Cert subject: /C=CH/ST=Geneva/L=Carouge/O=Infomaniak Network SA/CN=*.ftp.infomaniak.com
Cert issuer: /C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 3 OV Server CA
Chain verification: Subject: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 3 OV Server CA
Chain verification: Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
Chain verification (2): OK
USER xxxxxxxxxxxxxxx
331 Password required for xxxxxxxxxxxxxxx
PASS ***********
230 User xxxxxxxxxxxxxxx logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 MFMT
 TVFS
 LANG bg-BG;en-US*;es-ES;fr-FR;it-IT;ru-RU;zh-CN;zh-TW
 UTF8
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
OPTS UTF8 ON
200 UTF8 set to on
CWD /web
250 CWD command successful
Connect ok!
PWD
257 "/web" is the current directory
Lire le répertoire
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,168,213).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD photo
250 CWD command successful
PWD
257 "/web/photo" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,165,19).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD /web/photo
250 CWD command successful
PWD
257 "/web/photo" is the current directory
CWD chrono
250 CWD command successful
PWD
257 "/web/photo/chrono" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,170,2).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
.
.
.
I have suppressed a lot of lines here, because there is nothing special to notice.
TotalCommander changes from one directory to the following.
Here is the end of the file, where the error occurs:
.
.
.
226 Transfer complete
CWD res
250 CWD command successful
PWD
257 "/web/photo/photos/0703_50_ans_Jean/res" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,168,186).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD actions
250 CWD command successful
PWD
257 "/web/photo/photos/0703_50_ans_Jean/res/actions" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,166,201).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD dark-matte
250 CWD command successful
PWD
257 "/web/photo/photos/0703_50_ans_Jean/res/actions/dark-matte" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,167,23).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD /web/photo/photos/0703_50_ans_Jean/res/actions
SSL_read returned -1, SSL_get_error=5, ERR_get_error=0
OFFLINE2, error=0
This is very annoying since I cannot synchronize my website anymore. Up to some time ago, the synchronizations were still working...
Any idea to solve this problem?
Thanks
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

You could try TC9 without the OpenSSL dlls, it supports the internal Windows SSL functions on Windows Vista and newer.
Author of Total Commander
https://www.ghisler.com
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Post by *gt13 »

Thanks Christian,

According to your advice, I have deleted some old files that were probably in my TC directory since a long time. This directory:
c:\totalcmd\plugins\wfx\sftpplug\
and also these two files:
c:\totalcmd\ssleay32.dll
c:\totalcmd\libeay32.dll

Then I have reinstalled TotalCommander on top of my previous installation.
Here is the new content of my TC directory (use DiskDir Extended plugin for Total Commander to see the tree in a nice way):
https://www.dropbox.com/s/gye2b0ga9jp7dfo/170615_totalcmd_02.lst?dl=0

It seems a little better than before: the FTP listing go farther than before (about 70 seconds), but it still disconnects before the end and does not allow me to synchronize the directories.

Here is the log file:

Code: Select all

----------
Using sChannel (Secur32.dll) for SSL/TLS connection.
Connect to: (15/06/2017 12:36:14)
hostname=crfg.ftp.infomaniak.com
username=xxxxxxxxxxxxxxx
startdir=/web
crfg.ftp.infomaniak.com=xxx.xx.xxx.xx
220 ProFTPD 1.3.4e Server (ProFTPD) [xxx.xx.xxx.xx]
AUTH TLS
234 AUTH TLS successful
Method: TLSv1.2
Cert subject: C=CH, S=Geneva, L=Carouge, O=Infomaniak Network SA, CN=*.ftp.infomaniak.com
Cert issuer: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 3 OV Server CA
Chain verification: Subject: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 3 OV Server CA
Chain verification: Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
Chain verification (2): OK
USER xxxxxxxxxxxxxxx
331 Password required for xxxxxxxxxxxxxxx
PASS ***********
230 User xxxxxxxxxxxxxxx logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 MFMT
 TVFS
 LANG bg-BG;en-US*;es-ES;fr-FR;it-IT;ru-RU;zh-CN;zh-TW
 UTF8
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
OPTS UTF8 ON
200 UTF8 set to on
CWD /web
250 CWD command successful
Connect ok!
PWD
257 "/web" is the current directory
Lire le répertoire
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,168,127).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD photo
250 CWD command successful
PWD
257 "/web/photo" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,169,133).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD /web/photo
250 CWD command successful
PWD
257 "/web/photo" is the current directory
CWD chrono
250 CWD command successful
PWD
257 "/web/photo/chrono" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,170,164).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
.
.
.
I have suppressed a lot of lines here, because there is nothing special to notice.
TotalCommander changes from one directory to the following.
Here is the end of the file, where the error occurs:
.
.
. 
226 Transfer complete
CWD /web/photo/photos/misc/res/topbars
250 CWD command successful
PWD
257 "/web/photo/photos/misc/res/topbars" is the current directory
CWD khaki
250 CWD command successful
PWD
257 "/web/photo/photos/misc/res/topbars/khaki" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,166,129).
MLSD
150 Opening ASCII mode data connection for MLSD
Téléchargé¦s
En attente du serveur...
226 Transfer complete
CWD /web/photo/photos/misc/res/topbars
250 CWD command successful
PWD
257 "/web/photo/photos/misc/res/topbars" is the current directory
CWD light-green
250 CWD command successful
PWD
257 "/web/photo/photos/misc/res/topbars/light-green" is the current directory
Lire le répertoire
PASV
227 Entering Passive Mode (xxx,xx,xxx,xx,164,143).
MLSD
OFFLINE2, error=10054
Thanks,
Gerard
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Post by *gt13 »

Something is quite strange, and still happens now (with only the internal SSL functions):

When I synchronize on my home computer using ADSL, and on my work computer using a university network, the synchronization hangs exactly on the same sub-directory, which is the 125th directory in this tree of 235 directories starting in my tree at:
/web/photo/
You can compare the two logs obtained on these two computers to check that. There are here:
https://www.dropbox.com/s/1vixjl1m1aroilk/tcftp_gt653_mask.log?dl=0
https://www.dropbox.com/s/ji06unsr58a0eo5/tcftp_gt400_mask.log?dl=0

The connection fails in the directory
/web/photo/photos/misc/res/topbars/light-green

Moreover, if I start the synchronization in the directory
/web/photo/photos/
the synchronization goes through the directory where I previously got a failure without any problem now!!! The log is there:
https://www.dropbox.com/s/xpwjumt7ok45d8i/tcftp_gt400_photo_photos_mask.log?dl=0

I am wondering if the disconnection does not come from the hosting side (infomaniak)...
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Yes, it looks like it comes from the hosting site - it may be running out of connections or file handles.
Author of Total Commander
https://www.ghisler.com
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Post by *gt13 »

OK, I will contact Infomaniak.
Thanks for your help
joey33
Junior Member
Junior Member
Posts: 4
Joined: 2019-01-24, 09:08 UTC

Re: Disconnection during FTP / Synchronize Dirs

Post by *joey33 »

I found the reason & solution! :)

After days of headache, reading blogs, forums (this one included), tampering with pureFtpd & UFW firewall config on my VPS,
exchanging Win10 secur.dll with openssl libraries and carrying out tests, studying logs both from VPS and TotalCmd I've discovered that:

1. The problem only occurs when a lengthy synchronization operation is being processed (>1min of reading folders)
2. Only Ftp over Tsl
3. TotalCmd loses connection in ~1 min no matter the Ftp server and version (tested a few accounts - ProFtd, PureFtpd, dif versions)
4. And now - did tests and WinScp has exactly the same issue when Ftp over Tsl (not Scp) mode is used. That's how I traced the reason.

/My system: Win10 x64, latest TotalCmd, native win ssl libs/

The point is when Ftp is over Ssl/tsl you need to disable stateful mode in Windows firewall. Run console as admin, type and run:

Code: Select all

netsh advfirewall set global StatefulFTP disable
Enjoy your uninterrupted ftp sessions:)
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Re: Disconnection during FTP / Synchronize Dirs

Post by *gt13 »

Hi joey33,
Great news !!!!
THANK YOU very much for this information.
I just implemented your solution and it also works perfectly in my case!

I have spent so many hours with that problem, slicing my synchronizations in small parts, doing and re-doing them many times when then failed, looking for a solution, etc...
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Disconnection during FTP / Synchronize Dirs

Post by *ghisler(Author) »

Thanks for finding that! Stateful mode for FTP cannot work when using SSL/TLS. Why? The firewall looks at the command connection (the one sending commands like LIST or STOR), and sees the IP addresses, and then allow them through. But the command connection is encrypted, so it cannot see the addresses. But this doesn't explain why the firewall would kill a connection afterr one minute. :(
Author of Total Commander
https://www.ghisler.com
joey33
Junior Member
Junior Member
Posts: 4
Joined: 2019-01-24, 09:08 UTC

Re: Disconnection during FTP / Synchronize Dirs

Post by *joey33 »

Just because I understand the pains you've been through
I've registered on the forum only to let you know the solution:)
Glad it also works in your case!

In case you're interested in details that's where I found it (on ISS though):
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd421710(v=ws.10)

must warn you though that I'm not yet absolutely sure as to potential risk your pc may be subject to
when firewall does not monitor the state of packages - on one hand your session is over Tsl but on the other hand the firewall lets everything else through no matter the origin of packets. Must check it out:)

edit: while I was typing my answer, Ghisler(Auhtor) posted his reply. Reasonable question, I'll post back in case I find sth out.
joey33
Junior Member
Junior Member
Posts: 4
Joined: 2019-01-24, 09:08 UTC

Re: Disconnection during FTP / Synchronize Dirs

Post by *joey33 »

If I understand correctly - when the command connection is encrypted, the firewall (in stateful) mode should not allow the connection at all, whereas it is kept for almost a minute. Why does it work for some time?

One more thing I've discovered in my tests is when studying '/var/log/messages' file on my VPS I've noticed a certain pattern during the PureFtpd session when TotalCmd was synchronizing files. There were always ca 100 entries before the connection was lost and user logged out:

Code: Select all

Jan 24 07:51:53 xxx pure-ftpd: (xxx@ip) [INFO] TLS: Enabled TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384, 256 secret bits cipher
 ....(>90-100 same lines)
Jan 24 07:51:53 xxx pure-ftpd: (xxx@ip) [INFO] Logout.
It looks like firewall runs out of some pool after receiving the series of CWD, PWD, get directory etc. commands from TotalCmd and then breaks the connection.. My guess..
gt13
Junior Member
Junior Member
Posts: 37
Joined: 2004-02-12, 07:38 UTC
Location: France

Re: Disconnection during FTP / Synchronize Dirs

Post by *gt13 »

joey33 wrote: 2019-01-24, 10:47 UTC Just because I understand the pains you've been through
I've registered on the forum only to let you know the solution:)
Glad it also works in your case!
I appreciate. Thanks again !
joey33 wrote: 2019-01-24, 10:47 UTC must warn you though that I'm not yet absolutely sure as to potential risk your pc may be subject to
when firewall does not monitor the state of packages - on one hand your session is over Tsl but on the other hand the firewall lets everything else through no matter the origin of packets. Must check it out:)
I have no time today to check, but probably there is another command that cancels this one

Code: Select all

netsh advfirewall set global StatefulFTP disable
and could be sent just after the synchronization operation is finished.
joey33
Junior Member
Junior Member
Posts: 4
Joined: 2019-01-24, 09:08 UTC

Re: Disconnection during FTP / Synchronize Dirs

Post by *joey33 »

sure there is, I've checked immediately after disabling the mode - just change 'disable' to 'enable':)
But it's inconvenient to manually reset it every time...
Post Reply