Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

target

This is how I solved this

You can do 2 things:

  1. select WinSCP to use TLS 1.0
  2. enable on IIS "RC4 128/128" cipher with "IIS Crypto"

Both solutions are bad ..
djgrazzy

2008

anyone had any luck with Server 2008 R2

The second screen on the download page shows other hotfixes, i have not used these

Windows 7/Windows Server2008 R2 SP1 All (Global) x64 Fix514846
Windows 8.1/Windows Server 2012 R2 All (Global) x64 Fix486154
Windows 8 RTM All (Global) x64 Fix471881
cfreear

Server 2008?

The MS hotfix is only applicable to Server 2012 though, anyone had any luck with Server 2008 R2? We've tried disabling SSL 2.0 (only have SSL3.0 and TLS 1.0, 1.1 and 1.2 selected)
martin

Re: Hotfix available

@rds: Thanks for sharing this information.
karimelm

That might be, but a lot of clients dont work with IIS FTPSSL. I've been reading too much about standard this, standard that, and while it might be the case, it didnt help me solve the connection issue.

Btw, I seem not to be able to connect with RDP anymore, not sure if this is what caused it.
arencambre

Re: Solved the issue

@karimelm: I feel that this is a workaround, and if IIS is acting according to spec, then clients ought to work correctly with the spec.
karimelm

Solved the issue

Hey, i solved the issue by pushing TLS_RSA_WITH_RC4_128_SHA to the top of the chain, and disabling SSL2.0 with IISCrypto 4
martin

Re: next version

@jskel1: If I understand it correctly, it won't help. You need to disable it on server-side. But note that this hack is likely specific to theirs server only.
Anyway, yes, the next beta release will allow you to configure TLS/SSL version to use.
jskel1

next version

@martin: So will the next version you publish have SSL 2.0 off by default?
martin

@arencambre: If you read it to the end, you will see that their solution is to disable SSL 2.0, not newer versions of TLS.
martin

@arni: Thanks for sharing this!
helge

Same problem with Azure

I have the same problem. WinSCP 5.1.5 says:
Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

This is when I try to copy a file to an Azure FTPS site.
arencambre

We had to downgrade to one of the working versions mentioned above. Something broke with a newer version.
zaza

I have 5.1.3 and am experiencing‎ same problem.
Does upgrading to version 5.1.5 help at all?
I have never done an upgrade and am worried I might lose my saved sessions.
arencambre

We're running into the same problem with FTPS on IIS 8.0 (Windows Server 2012). Let me know if I can help with diagnosis.
martin

Re: are logs still needed?

@jskel1: Yes please.
jskel1

are logs still needed?

I am having the same problem. Do you still need logs?
I can send them to a private address.

Thanks
Jeff
martin

Can you please provide me the logs?
martin

Thanks for the details.
Can you attach a complete session log file showing session opening using both 4.3.7 and 5.1.3?
Westenkirchner

Versions that I confirm work:
WinSCP 437 and WinSP 433

Versions that fail:
WinSCP 510, and WinSCP 513
Westenkirchner

Update:

It appears to be an issues with newer WinSCP clients. I got WinSCP Version 4.3.3 (Build 1340) and connected to the exact same server and it worked perfectly. I guess I am stuck on older versions until a bug is fixed.
Westenkirchner

It appears to be an issue with WinSCP and a GnuTLS error related to the TLS 1.1 & TLS 1.2 changes that come from IIS prevention of the BEAST attack.

On the server I get:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

WinSCP and Filezilla both throw the same error but CoreFTP has no problems.
martin

Re: WinSCP 5.1.3 FTPS error- The supplied message is incomplete.

The error message comes from the server. I have no idea what does it mean.
Westenkirchner

WinSCP 5.1.3 FTPS error- The supplied message is incomplete.

I am running the latest version of WinSCP and when I try to connect to IIS 7.5 FTP site using SSL Explict encryption I get an error
The supplied message is incomplete. The signature was not verified.

WinSCP version: 5.1.3(Build 2881)

OS WinSCP is running on - Windows 7

Transfer protocol - FTP
Remote system = Windows_NT
Session protocol = FTP
Compression = No
------------------------------------------------------------
Certificate fingerprint
b3:69:84:a6:39:b1:b7:57:c0:f4:e7:45:11:4e:da:76:fe:0f:9b:ff
------------------------------------------------------------
Can change permissions = Yes
Can change owner/group = No
Can execute arbitrary command = Protocol commands only
Can create symlink/hardlink = No/No
Can lookup user groups = No
Can duplicate remote files = No
Can check available space = No
Can calculate file checksum = No
Native text (ASCII) mode transfers = No
------------------------------------------------------------
Additional information
The server supports these FTP additional features:
LANG EN*
UTF8
AUTH TLS;TLS-C;SSL;TLS-P;
PBSZ
PROT C;P;
CCC
HOST
SIZE
MDTM
REST STREAM

I am using GUI interface in Commander Style

Error Message:
Copying files to remote side failed.
The supplied message is incomplete. The signature was not verified.

Steps- login to site
drag file from my documents to test folder on server
file starts transfer but at the completion stage error appears.
I have options of aborting, retrying, or skipping.

Sever uploading too - Server is Windows 2008 R2 IIS 7.5

LOG:
2013-01-23 14:12:54.540 WinSCP Version 5.1.3 (Build 2881) (OS 6.1.7601 Service Pack 1)
. 2013-01-23 14:12:54.540 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-01-23 14:12:54.541 Local account: Removed for Security
. 2013-01-23 14:12:54.541 Working directory: C:\Downloaded Applications
. 2013-01-23 14:12:54.541 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2013-01-23 14:12:54.541 Time zone: Current: GMT-6, Standard: GMT-6, DST: GMT-5, DST Start: 3/10/2013, DST End: 11/3/2013
. 2013-01-23 14:12:54.541 Login time: Wednesday, January 23, 2013 2:12:54 PM
. 2013-01-23 14:12:54.541 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.541 Session name: (Removed for Security) (Modified stored session)
. 2013-01-23 14:12:54.541 Host name: (Removed for Security)
. 2013-01-23 14:12:54.541 User name: (Removed for Security) (Password: Yes, Key file: No)
. 2013-01-23 14:12:54.541 Tunnel: No
. 2013-01-23 14:12:54.542 Transfer Protocol: FTP
. 2013-01-23 14:12:54.542 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-01-23 14:12:54.542 Proxy: none
. 2013-01-23 14:12:54.542 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-01-23 14:12:54.542 Local directory: C:\Users\kevinw\Documents, Remote directory: /test, Update: Yes, Cache: Yes
. 2013-01-23 14:12:54.542 Cache directory changes: Yes, Permanent: Yes
. 2013-01-23 14:12:54.542 DST mode: 1
. 2013-01-23 14:12:54.542 --------------------------------------------------------------------------
. 2013-01-23 14:12:54.627 Connecting to (Removed for Security) ...
. 2013-01-23 14:12:54.815 Connected with (Removed for Security), negotiating SSL connection...
< 2013-01-23 14:12:54.815 220 Microsoft FTP Service
> 2013-01-23 14:12:54.815 AUTH SSL
< 2013-01-23 14:12:54.825 234 AUTH command ok. Expecting TLS Negotiation.
. 2013-01-23 14:12:55.069 SSL connection established. Waiting for welcome message...
> 2013-01-23 14:12:55.070 USER (Removed for Security)
< 2013-01-23 14:12:55.111 331 Password required for (Removed for Security).
> 2013-01-23 14:12:55.111 PASS ********
< 2013-01-23 14:12:55.174 230 User logged in.
> 2013-01-23 14:12:55.174 SYST
< 2013-01-23 14:12:55.235 215 Windows_NT
> 2013-01-23 14:12:55.235 FEAT
< 2013-01-23 14:12:55.297 211-Extended features supported:
< 2013-01-23 14:12:55.297  LANG EN*
< 2013-01-23 14:12:55.297  UTF8
< 2013-01-23 14:12:55.297  AUTH TLS;TLS-C;SSL;TLS-P;
< 2013-01-23 14:12:55.297  PBSZ
< 2013-01-23 14:12:55.297  PROT C;P;
< 2013-01-23 14:12:55.297  CCC
< 2013-01-23 14:12:55.297  HOST
< 2013-01-23 14:12:55.297  SIZE
< 2013-01-23 14:12:55.297  MDTM
< 2013-01-23 14:12:55.297  REST STREAM
< 2013-01-23 14:12:55.297 211 END
> 2013-01-23 14:12:55.297 OPTS UTF8 ON
< 2013-01-23 14:12:55.360 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2013-01-23 14:12:55.360 PBSZ 0
< 2013-01-23 14:12:55.422 200 PBSZ command successful.
> 2013-01-23 14:12:55.422 PROT P
< 2013-01-23 14:12:55.485 200 PROT command successful.
. 2013-01-23 14:12:55.525 Connected
. 2013-01-23 14:12:55.525 --------------------------------------------------------------------------
. 2013-01-23 14:12:55.525 Using FTP protocol.
. 2013-01-23 14:12:55.526 Doing startup conversation with host.
> 2013-01-23 14:12:55.581 PWD
< 2013-01-23 14:12:55.643 257 "/" is current directory.
. 2013-01-23 14:12:55.688 Changing directory to "/test".
> 2013-01-23 14:12:55.688 CWD /test
< 2013-01-23 14:12:55.750 250 CWD command successful.
. 2013-01-23 14:12:55.750 Getting current directory name.
> 2013-01-23 14:12:55.750 PWD
< 2013-01-23 14:12:55.812 257 "/test" is current directory.
. 2013-01-23 14:12:55.996 Retrieving directory listing...
> 2013-01-23 14:12:55.996 TYPE A
< 2013-01-23 14:12:55.998 200 Type set to A.
> 2013-01-23 14:12:55.998 PASV
< 2013-01-23 14:12:56.062 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.062 LIST -a
< 2013-01-23 14:12:56.126 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.204 SSL connection established
< 2013-01-23 14:12:56.244 226 Transfer complete.
. 2013-01-23 14:12:56.245 <Empty directory listing>
. 2013-01-23 14:12:56.263 Directory listing successful
. 2013-01-23 14:12:56.324 Retrieving directory listing...
> 2013-01-23 14:12:56.324 TYPE A
< 2013-01-23 14:12:56.326 200 Type set to A.
> 2013-01-23 14:12:56.326 PASV
< 2013-01-23 14:12:56.387 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:12:56.387 LIST
< 2013-01-23 14:12:56.457 150 Opening ASCII mode data connection.
. 2013-01-23 14:12:56.537 SSL connection established
< 2013-01-23 14:12:56.564 226 Transfer complete.
. 2013-01-23 14:12:56.567 <Empty directory listing>
. 2013-01-23 14:12:56.598 Directory listing successful
. 2013-01-23 14:12:56.698 Startup conversation with host finished.
. 2013-01-23 14:12:56.846 Disconnected from server
. 2013-01-23 14:13:02.857 Copying 1 files/directories to remote directory "/test/"
. 2013-01-23 14:13:02.857   PrTime: Yes; PrRO: No; Rght: rw-r--r--; PrR: No (No); FnCs: N; RIC: 0100; Resume: S (102400); CalcS: Yes; Mask: *.*
. 2013-01-23 14:13:02.857   TM: B; ClAr: No; CPS: 0; InclM:
. 2013-01-23 14:13:02.857   AscM: *.*html; *.htm; *.txt; *.php; *.php3; *.cgi; *.c; *.cpp; *.h; *.pas; *.bas; *.tex; *.pl; *.js; .htaccess; *.xtml; *.css; *.cfg; *.ini; *.sh; *.xml
. 2013-01-23 14:13:02.857 File: "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf"
. 2013-01-23 14:13:02.859 Copying "C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf" to remote directory started.
. 2013-01-23 14:13:02.859 Binary transfer mode selected.
. 2013-01-23 14:13:02.859 Starting upload of C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf
> 2013-01-23 14:13:02.859 TYPE I
< 2013-01-23 14:13:02.924 200 Type set to I.
> 2013-01-23 14:13:02.924 PASV
< 2013-01-23 14:13:02.988 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:02.989 STOR ChatLog GUI overview_demo 2012_10_02 14_39.rtf
< 2013-01-23 14:13:03.053 150 Opening BINARY mode data connection.
. 2013-01-23 14:13:03.114 SSL connection established
< 2013-01-23 14:13:03.181 550 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.181 Copying files to remote side failed.
* 2013-01-23 14:13:03.182 (ExtException) Copying files to remote side failed.
* 2013-01-23 14:13:03.182 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:03.182 Asking user:
. 2013-01-23 14:13:03.182 Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'. ("Copying files to remote side failed.","The supplied message is incomplete. The signature was not verified. ")
* 2013-01-23 14:13:04.696 (EScpSkipFile) Error transferring file 'C:\Users\kevinw\Documents\ChatLog GUI overview_demo 2012_10_02 14_39.rtf'.
* 2013-01-23 14:13:04.696 Copying files to remote side failed.
* 2013-01-23 14:13:04.696 The supplied message is incomplete. The signature was not verified.
. 2013-01-23 14:13:04.697 Retrieving directory listing...
> 2013-01-23 14:13:04.697 TYPE A
< 2013-01-23 14:13:04.759 200 Type set to A.
> 2013-01-23 14:13:04.760 PASV
< 2013-01-23 14:13:04.821 227 Entering Passive Mode (130,94,68,(Removed for Security)).
> 2013-01-23 14:13:04.821 LIST
< 2013-01-23 14:13:04.890 150 Opening ASCII mode data connection.
. 2013-01-23 14:13:04.940 SSL connection established
< 2013-01-23 14:13:05.004 226 Transfer complete.
. 2013-01-23 14:13:05.006 <Empty directory listing>
. 2013-01-23 14:13:05.006 Directory listing successful