Topic "WinSCP 5.1.3 FTPS error- The supplied message is incomplete."

Author Message
Westenkirchner
[View user's profile]

Joined: 2013-01-23
Posts: 4
I am running the latest version of WinSCP and when I try to connect to IIS 7.5 FTP site using SSL Explict encryption I get an error "The supplied message is incomplete. The signature was not verified."


WinSCP version: 5.1.3(Build 2881)

OS WinSCP is running on - Windows 7

Transfer protocol - FTP
Remote system = Windows_NT
Session protocol = FTP
Compression = No
------------------------------------------------------------
Certificate fingerprint
b3:69:84:a6:39:b1:b7:57:c0:f4:e7:45:11:4e:da:76:fe:0f:9b:ff
------------------------------------------------------------
Can change permissions = Yes
Can change owner/group = No
Can execute arbitrary command = Protocol commands only
Can create symlink/hardlink = No/No
Can lookup user groups = No
Can duplicate remote files = No
Can check available space = No
Can calculate file checksum = No
Native text (ASCII) mode transfers = No
------------------------------------------------------------
Additional information
The server supports these FTP additional features:
LANG EN*
UTF8
AUTH TLS;TLS-C;SSL;TLS-P;
PBSZ
PROT C;P;
CCC
HOST
SIZE
MDTM
REST STREAM

I am using GUI interface in Commander Style

Error Message - Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

Steps- login to site
drag file from my documents to test folder on server
file starts transfer but at the completion stage error appears.
I have options of aborting, retrying, or skipping.

Sever uploading too - Server is Windows 2008 R2 IIS 7.5

LOG:
2013-01-23 14:12:54.540 WinSCP Version 5.1.3 (Build 2881) (OS 6.1.7601 Service Pack 1)
. 2013-01-23 14:12:54.540 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-01-23 14:12:54.541 Local account: Removed for Security
. 2013-01-23 14:12:54.541 Working directory: C:\Downloaded Applications
. 2013-01-23 14:12:54.541 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2013-01-23 14:12:54.541 Time zone: Current: GMT-6, Standard: GMT-6, DST: GMT-5, DST Start: 3/10/2013, DST End: 11/3/2013
. 2013-01-23 14:12:54.541 Login time: Wednesday, January 23, 2013 2:12:54 PM
. 2013-01-23 14:12:54.541 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.541 Session name: (Removed for Security) (Modified stored session)
. 2013-01-23 14:12:54.541 Host name: (Removed for Security)
. 2013-01-23 14:12:54.541 User name: (Removed for Security) (Password: Yes, Key file: No)
. 2013-01-23 14:12:54.541 Tunnel: No
. 2013-01-23 14:12:54.542 Transfer Protocol: FTP
. 2013-01-23 14:12:54.542 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-23 14:12:54.542 Proxy: none
. 2013-01-23 14:12:54.542 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-01-23 14:12:54.542 Local directory: C:\Users\kevinw\Documents, Remote directory: /test, Update: Yes, Cache: Yes
. 2013-01-23 14:12:54.542 Cache directory changes: Yes, Permanent: Yes
. 2013-01-23 14:12:54.542 DST mode: 1
. 2013-01-23 14:12:54.542 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.627 Connecting to (Removed for Security) ...
. 2013-01-23 14:12:54.815 Connected with (Removed for Security), negotiating SSL connection...
< 2013-01-23 14:12:54.815 220 Microsoft FTP Service
> 2013-01-23 14:12:54.815 AUTH SSL
< 2013-01-23 14:12:54.825 234 AUTH command ok. Expecting TLS Negotiation.
. 2013-01-23 14:12:55.069 SSL connection established. Waiting for welcome message...
> 2013-01-23 14:12:55.070 USER (Removed for Security)
< 2013-01-23 14:12:55.111 331 Password required for (Removed for Security).
> 2013-01-23 14:12:55.111 PASS ********
< 2013-01-23 14:12:55.174 230 User logged in.
> 2013-01-23 14:12:55.174 SYST
< 2013-01-23 14:12:55.235 215 Windows_NT
> 2013-01-23 14:12:55.235 FEAT
< 2013-01-23 14:12:55.297 211-Extended features supported:
< 2013-01-23 14:12:55.297 LANG EN*
< 2013-01-23 14:12:55.297 UTF8
< 2013-01-23 14:12:55.297 AUTH TLS;TLS-C;SSL;TLS-P;
< 2013-01-23 14:12:55.297 PBSZ
< 2013-01-23 14:12:55.297 PROT C;P;
< 2013-01-23 14:12:55.297 CCC
< 2013-01-23 14:12:55.297 HOST
< 2013-01-23 14:12:55.297 SIZE
< 2013-01-23 14:12:55.297 MDTM
< 2013-01-23 14:12:55.297 REST STREAM
< 2013-01-23 14:12:55.297 211 END
> 2013-01-23 14:12:55.297 OPTS UTF8 ON
< 2013-01-23 14:12:55.360 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2013-01-23 14:12:55.360 PBSZ 0
< 2013-01-23 14:12:55.422 200 PBSZ command successful.
> 2013-01-23 14:12:55.422 PROT P
< 2013-01-23 14:12:55.485 200 PROT command successful.
. 2013-01-23 14:12:55.525 Connected
. 2013-01-23 14:12:55.525 --------------------------------------------------------------------------
. 2013-01-23 14:12:55.525 Using FTP protocol.
. 2013-01-23 14:12:55.526 Doing startup conversation with host.
> 2013-01-23 14:12:55.581 PWD
< 2013-01-23 14:12:55.643 257 "/" is current directory.
. 2013-01-23 14:12:55.688 Changing directory to "/test".
> 2013-01-23 14:12:55.688 CWD /test
< 2013-01-23 14:12:55.750 250 CWD command successful.
. 2013-01-23 14:12:55.750 Getting current directory name.
> 2013-01-23 14:12:55.750 PWD
< 2013-01-23 14:12:55.812 257 "/test" is current directory.
. 2013-01-23 14:12:55.996 Retrieving directory listing...
> 2013-01-23 14:12:55.996 TYPE A
< 2013-01-23 14:12:55.998 200 Type set to A.
> 2013-01-23 14:12:55.998 PASV
< 2013-01-23 14:12:56.062 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.062 LIST -a
< 2013-01-23 14:12:56.126 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.204 SSL connection established
< 2013-01-23 14:12:56.244 226 Transfer complete.
. 2013-01-23 14:12:56.245 <Empty directory listing>
. 2013-01-23 14:12:56.263 Directory listing successful
. 2013-01-23 14:12:56.324 Retrieving directory listing...
> 2013-01-23 14:12:56.324 TYPE A
< 2013-01-23 14:12:56.326 200 Type set to A.
> 2013-01-23 14:12:56.326 PASV
< 2013-01-23 14:12:56.387 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.387 LIST
< 2013-01-23 14:12:56.457 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.537 SSL connection established
< 2013-01-23 14:12:56.564 226 Transfer complete.
. 2013-01-23 14:12:56.567 <Empty directory listing>
. 2013-01-23 14:12:56.598 Directory listing successful
. 2013-01-23 14:12:56.698 Startup conversation with host finished.
. 2013-01-23 14:12:56.846 Disconnected from server
. 2013-01-23 14:13:02.857 Copying 1 files/directories to remote directory "/test/"
. 2013-01-23 14:13:02.857 PrTime: Yes; PrRO: No; Rght: rw-r--r--; PrR: No (No); FnCs: N; RIC: 0100; Resume: S (102400); CalcS: Yes; Mask: *.*
. 2013-01-23 14:13:02.857 TM: B; ClAr: No; CPS: 0; InclM:
. 2013-01-23 14:13:02.857 AscM: *.*html; *.htm; *.txt; *.php; *.php3; *.cgi; *.c; *.cpp; *.h; *.pas; *.bas; *.tex; *.pl; *.js; .htaccess; *.xtml; *.css; *.cfg; *.ini; *.sh; *.xml
. 2013-01-23 14:13:02.857 File: "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf"
. 2013-01-23 14:13:02.859 Copying "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf" to remote directory started.
. 2013-01-23 14:13:02.859 Binary transfer mode selected.
. 2013-01-23 14:13:02.859 Starting upload of C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf
> 2013-01-23 14:13:02.859 TYPE I
< 2013-01-23 14:13:02.924 200 Type set to I.
> 2013-01-23 14:13:02.924 PASV
< 2013-01-23 14:13:02.988 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:02.989 STOR ChatLog GUI overview_demo 2012_10_02 14_39.rtf
< 2013-01-23 14:13:03.053 150 Opening BINARY mode data connection.
. 2013-01-23 14:13:03.114 SSL connection established
< 2013-01-23 14:13:03.181 550 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.181 Copying files to remote side failed.
* 2013-01-23 14:13:03.182 (ExtException) Copying files to remote side failed.
* 2013-01-23 14:13:03.182 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.182 Asking user:
. 2013-01-23 14:13:03.182 Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'. ("Copying files to remote side failed.","The supplied message is incomplete. The signature was not verified. ")
* 2013-01-23 14:13:04.696 (EScpSkipFile) Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'.
* 2013-01-23 14:13:04.696 Copying files to remote side failed.
* 2013-01-23 14:13:04.696 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:04.697 Retrieving directory listing...
> 2013-01-23 14:13:04.697 TYPE A
< 2013-01-23 14:13:04.759 200 Type set to A.
> 2013-01-23 14:13:04.760 PASV
< 2013-01-23 14:13:04.821 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:04.821 LIST
< 2013-01-23 14:13:04.890 150 Opening ASCII mode data connection.
. 2013-01-23 14:13:04.940 SSL connection established
< 2013-01-23 14:13:05.004 226 Transfer complete.
. 2013-01-23 14:13:05.006 <Empty directory listing>
. 2013-01-23 14:13:05.006 Directory listing successful
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
The error message comes from the server. I have no idea what does it mean.
_________________
Martin Prikryl
Westenkirchner
[View user's profile]

Joined: 2013-01-23
Posts: 4
It appears to be an issue with WinSCP and a GnuTLS error related to the TLS 1.1 & TLS 1.2 changes that come from IIS prevention of the BEAST attack.

On the server I get "An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."

WinSCP and Filezilla both throw the same error but CoreFTP has no problems.
Westenkirchner
[View user's profile]

Joined: 2013-01-23
Posts: 4
Update:

It appears to be an issues with newer WinSCP clients. I got WinSCP Version 4.3.3 (Build 1340) and connected to the exact same server and it worked perfectly. I guess I am stuck on older versions until a bug is fixed.
Westenkirchner
[View user's profile]

Joined: 2013-01-23
Posts: 4
Versions that I confirm work:
WinSCP 437 and WinSP 433

Versions that fail:
WinSCP 510, and WinSCP 513
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Thanks for the details.
Can you attach a complete session log file showing session opening using both 4.3.7 and 5.1.3?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Can you please provide me the logs?
jskel1
[View user's profile]

Joined: 2013-05-08
Posts: 3
Location: Texas
prikryl wrote:
Can you please provide me the logs?



I am having the same problem. Do you still need logs?
I can send them to a private address.

Thanks
Jeff
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
jskel1 wrote:
I am having the same problem. Do you still need logs?
I can send them to a private address.

Yes please.
arencambre
[View user's profile]

Joined: 2010-10-01
Posts: 5
We're running into the same problem with FTPS on IIS 8.0 (Windows Server 2012). Let me know if I can help with diagnosis.
zaza
[View user's profile]

Joined: 2013-05-25
Posts: 2
I have 5.1.3 and am experiencing‎ same problem.
Does upgrading to version 5.1.5 help at all?
I have never done an upgrade and am worried I might lose my saved sessions.

Last edited by zaza on 2013-07-14 10:18; edited 1 time in total
arencambre
[View user's profile]

Joined: 2010-10-01
Posts: 5
zaza wrote:
I have 5.1.3 and am experiencing‎ same problem.
Does upgrading to version 5.1.5 help at all?
I have never done an upgrade and am worried I might lose my saved sessions.
We had to downgrade to one of the working versions mentioned above. Something broke with a newer version.
helge

Guest


I have the same problem. WinSCP 5.1.5 says:

Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

This is when I try to copy a file to an Azure FTPS site.
arni

Guest


I solved the problem on Windows Server 2012 using the recommendations here:
http://forums.iis.net/t/1163993.aspx

Probably also applies to Windows Server 2008.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
arni wrote:
I solved the problem on Windows Server 2012 using the recommendations here:
http://forums.iis.net/t/1163993.aspx

Probably also applies to Windows Server 2008.

Thanks for sharing this!
_________________
Martin Prikryl
arencambre
[View user's profile]

Joined: 2010-10-01
Posts: 5
arni wrote:
I solved the problem on Windows Server 2012 using the recommendations here:
http://forums.iis.net/t/1163993.aspx

Probably also applies to Windows Server 2008.
That is a terrible solution as it leaves your vulnerable to attacks like this one: https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack. It is a bad idea to disable newer versions of TLS.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
arencambre wrote:
That is a terrible solution as it leaves your vulnerable to attacks like this one: https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack. It is a bad idea to disable newer versions of TLS.

If you read it to the end, you will see that their solution is to disable SSL 2.0, not newer versions of TLS.
_________________
Martin Prikryl
jskel1
[View user's profile]

Joined: 2013-05-08
Posts: 3
Location: Texas
prikryl wrote:
arencambre wrote:
That is a terrible solution as it leaves your vulnerable to attacks like this one: https://en.wikipedia.org/wiki/Transport_Layer_Security#BEAST_attack. It is a bad idea to disable newer versions of TLS.

If you read it to the end, you will see that their solution is to disable SSL 2.0, not newer versions of TLS.


So will the next version you publish have ssl 2.0 off by default?
jskel1
[View user's profile]

Joined: 2013-05-08
Posts: 3
Location: Texas
prikryl wrote:
jskel1 wrote:
I am having the same problem. Do you still need logs?
I can send them to a private address.

Yes please.


Sorry for the delay.. I sent logs via email.

thanks
Jeff
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
jskel1 wrote:
So will the next version you publish have ssl 2.0 off by default?

If I understand it correctly, it won't help. You need to disable in on server-side. But note that this hack is likely specific to a theirs server only.
Anyway, yes, the next beta release will allow you to configure TLS/SSL version to use.
_________________
Martin Prikryl
karimelm

Guest


Hey, i solved the issue by pushing TLS_RSA_WITH_RC4_128_SHA to the top of the chain, and disabling SSL2.0 with IISCrypto 4
arencambre
[View user's profile]

Joined: 2010-10-01
Posts: 5
karimelm wrote:
Hey, i solved the issue by pushing TLS_RSA_WITH_RC4_128_SHA to the top of the chain, and disabling SSL2.0 with IISCrypto 4
I feel that this is a workaround, and if IIS is acting according to spec, then clients ought to work correctly with the spec.
karimelm

Guest


That might be, but a lot of clients dont work with IIS FTPSSL. I've been reading too much about standard this, standard that, and while it might be the case, it didnt help me solve the connection issue.

Btw, I seem not to be able to connect with RDP anymore, not sure if this is what caused it.
rds

Guest


Hi all,

If you're using Windows 2012 (R2) as FTP server, please check out this hotfix - this worked for me!
https://support.microsoft.com/en-us/kb/2888853
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
rds wrote:
If you're using Windows 2012 (R2) as FTP server, please check out this hotfix - this worked for me!
https://support.microsoft.com/en-us/kb/2888853

Thanks for sharing this information.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
This has been documented:
http://winscp.net/eng/docs/message_supplied_message_incomplete
cfreear

Guest


The MS hotfix is only applicable to Server 2012 though, anyone had any luck with Server 2008 R2? We've tried disabling SSL 2.0 (only have SSL3.0 and TLS 1.0, 1.1 and 1.2 selected)
djgrazzy

Guest


"anyone had any luck with Server 2008 R2"

The second screen on the download page shows other hotfixes, i have not used these





Windows 7/Windows Server2008 R2 SP1 All (Global) x64 Fix514846
Windows 8.1/Windows Server 2012 R2 All (Global) x64 Fix486154
Windows 8 RTM All (Global) x64 Fix471881
target

Guest


you can do 2 things

1. select WinSCP to use TLS1.0
2. enable on IIS "RC4 128/128" cipher with "IIS Crypto"

both solutions are bad ..
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License