Start a new topic

TLS Connection Timeout

I know this is for CrushFTP7, but I didn't see a forum for 8. I am need of assistance. Over the last week I have had a heck of a time with our FTP server. We were using CrushFTP5, but for some reason the "registration" on that version just disappeared, which caused us to go to the standard 5 concurrent users. We purchased CrushFTP8 and installed the new software, however the server started crashing every 30 minutes. My system engineer department pushed for creating a new server (Windows Server 2012), which we put CrushFTP8 on and got it setup. For the most part everything has been working fine with the exception of a handful of users. We have some users that are doing Explicit FTP connections, which they are receiving timeouts. If use WinSCP or FileZilla, I can connect without a problem (other than the self signed certificate prompt). I have dug through various forums and tools, but can't seem to figure anything out. Below is one of the connection errors I was provided.


Status: Connection established, waiting for welcome message...

Response: 220 CrushFTP Server Ready!

Command: AUTH TLS

Response: 234 Changing to secure mode...

Status: Initializing TLS...

Error: Connection timed out after 20 seconds of inactivity

Error: Could not connect to server


Don't forget our support@CrushFTP.com email is always available and will get faster replies than forums.


This issue appears like a firewall not allowing encrypted FTP...try using plain FTP.


Most FTP clients automatically try and change to encrypted FTP if the server supports it, and it does.  But some firewalls refuse to allow clients to do this as they can no longer sniff and inspect the traffic...so they block it intentionally, or due to misconfiguration.


This was a client trying to startup encryption and failing.  Test if this works on localhost, or where there is only LAN and no firewall to confirm things are working in CrushFTP.

Ben, thanks for the response. Just fyi, I had actually sent an email to support@crushftp.com shortly after posting this and still have not heard anything back. Actually, I had sent an email last week on the piece about our server crashing, but never heard back on that either.


We have made progress on 1 out of 2 of our user issues. One of ours users, was getting a timeout at the point of getting a directory listing after making the tls connection. We worked through various pieces and determined that their server was not supporting TLS 1.2. Once he enabled it, he was able to get in with their client, and is now making changes with their system so the automation piece can work.


However, the other user, which had the connection example on first post, I am still working through. I think it may have to do with them possibly having to trust the self signed cert. The reason I think this, is if I connect with a client and don't click anything once I get the prompt to trust the cert, the crush ftp log for that connection attempt looks like the example I provided. Am I possibly along the correct path with that? I will also have them look at the firewall piece as well. We have 100+ other users connecting fine, but I think most don't do explicit connections.

If you didn't get a reply...that indicates a spam filter blocked your email from us.  Replies are in less than an hour usually....often less than 15 minutes depending on time of day.


We handle a lot of support issues daily, none are left behind and not replied to.  I just checked our email on gmail, and I can't find any emails originating from your gmail address.  Its gmail to gmail...so its not being dropped, and we monitor the spam filter in gmail in realtime too, so anything caught there is allowed or deleted if truly spam.  Are you sure it sent? Are you sure your side din't block the email?



Not all clients prompt to trust a certificate...but if that client did prompt and they did nothing, that would indicate what you suggested.


--Ben

(support@CrushFTP.com is a Gmail Google Apps email account, so even though the domain is not gmail, it is still gmail handled.)

The email was actually sent from my work email ending in @procurementpartners.com

Didn't see anything caught by spam, but going forward I will use my gmail to try and avoid that.

Yep, I see both of those emails, and both were replied to quickly by different staff.  If you didn't get them, then your corporate mail filters blocked our replies.  I would raise a concern for that...not much good having email if people can't reply to your emails due to over zealous email filtering...

Absolutely. I am glad to hear they were received and responded to. I will bring it up to them. Odd overall since I got the thanks for purchasing CrusFTP email from support to that email address. Thanks for your responses.

Login to post a comment