cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SFTP Channel error: Read timed out

former_member309357
Participant

on ‎03-04-2015 11:44 AM

0 Kudos

Hello Experts,

     I am using PI version 7.11. I have a SFTP scenario in which I am getting error as below for both the sender and receiver SFTP channels:

               "Exception received: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketTimeoutException: Read timed out"

     Please provide your valuable inputs to sort this out.

Thanks

Ravi..

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

robert_warde4
Active Participant
‎03-27-2015 5:29 PM
0 Kudos

Always assume the worst 🙂

Is the SFTP server internal or external?

If external can you connect to the SFTP from the internet (try from home).

Try and connect from your desktop. Remember your company may have a proxy server that you must configure.

Does your PI system use the same proxy? In my oorganisationwe have one proxy for end users in each region and a central proxy for our systems in the datacentre. So run another test and use the proxy in the datacentre.

Regardless of how you are authenticating you should be at least able to connect and get a logon prompt (if using basic auth: user name of password) or an error is using certificates.

Does the vendor have a whilelist? Are they restricting access based upon a source IP address? Have you given them the right source IP addres? Remember, if you go through a proxy then the proxy server will be your source address and not PI.

If you are using a proxy server to connect from inside your company are you using the right proxy type? I use SOCKS5 and a very specific port.

Show replies
Show replies
former_member309357
Participant
‎04-09-2015 3:02 PM
0 Kudos

Hi Warde,

    Apologies for late response.

    The server is inside the client's network. And we are not using any proxy.

     But the user is able to connect through remote desktop. When we are trying using connection with remote desktop, unable to do so.

     Kindly suggest.

Ravi.

robert_warde4
Active Participant
‎04-10-2015 10:03 AM
0 Kudos

Hi

I am not sure I understand

So the server is in the clients network and I assume the PI server is too?

Can you connect to the SFTP server from a desktop using a SFTP client? I think you said yes but can you confirm?

Regards

Rob

JaySchwendemann
Active Contributor
‎04-10-2015 12:58 PM
0 Kudos

To get your ducks in a row I would suggest...

  1. Telnet from PI host to desired sFTP server:port. If you don't use a proxy in your environment this should either give you a success or a fail
    1. You said above that you get a "connection refused". This is probably due to FW. There could  be multiple FWs in the way. Check if you have a FW and it allows your PI host to communicate with the sFTP host. Check also with the sFTP provider if they have a FW in place and it allows your communication
  2. If you are using a proxy on your side you need to use something like proxychains to involve the proxy into your telnet command. Alternatively you could telnet to the proxy and from there go further to the sFTP server just like PI server would do.
  3. You said the user (are you referring to the user you would be using for sFTP?) is able to connect to the through remote desktop. Are you saying that you can connect from a client in your network to the sFTP servers' OS using remote desktop? If so, this is a plus but remote desktop connection ain't sFTP connection. With remote desktop you'll get OS level access to a host, you don't automatically get access to any services running on that host (in your case: you don't automatically get access to the sFTP server running on that host). That means for you: You still need to verify that the PI host is able to connect to the sFTP Server (using its port).
  4. You could also give infamous XPI Inspector a shot, however, I'm pretty sure it can not help you really further at that point as you are not even able to connect to the target host.

Bottom line: Most probably a FW issue at the provider (sFTP) side. Could also be a FW issue at your side (a FW you don't know about, yet).

HTH

Cheers

Jens

former_member309357
Participant
‎04-10-2015 2:55 PM
0 Kudos

Hi Warde,

       I tried to connect using WinScp from my desktop, got the timed out error.                              

JaySchwendemann
Active Contributor
‎04-10-2015 4:48 PM
0 Kudos

Ok, this supports my assumption that there is a FW in between your corporate network and the providers corporate network even though failing to connect from your desktop client is not a 100% indicator that my assumption is right. Please see my suggestions in the post below how to narrow down the issue.

Cheers

robert_warde4
Active Participant
‎03-04-2015 4:17 PM
0 Kudos

It has to be connectivity, Its not authentication.

Either PO cannot reach the server or the call is being blocked by a firewall or proxy (make sure you configure the proxy if you need one and check you are using the correct port).

A simple test, if you can, is to use an SFTP client (I use WInSCP) and test it yourself.It has a nice logging feature so you can see where the problem occurs.

Also, speak to your partner and double check the connectivity details. Make sure they email you them so you have them in writing. Leads to less confusion.

Show replies
Show replies
former_member309357
Participant
‎03-27-2015 3:29 PM
0 Kudos

Hi Robert,

    Even with WinSCP, I am unable to connect to the SFTP server and while pinging from the OS level of PI system we are getting the below error: Please suggest :

fer-mdmdl01:~ # telnet XXXXXX 22

Trying XXXXXXX...

telnet: connect to address XXXXXX: Connection refused


Thanks

Ravi

Muniyappan
Active Contributor
‎04-05-2015 2:24 PM
0 Kudos

this means that there is firewall between pi and SFTP server. ask basis team to open firewall

former_member309357
Participant
‎04-09-2015 2:50 PM
0 Kudos

I have asked BASIS team. They told that they confirmed that they are not blocking any firewall.

former_member309357
Participant
‎04-09-2015 3:09 PM
0 Kudos

Do we need to share our IP address to register into their server  to connect to SFTP gate (Firewall change) ? Please confirm.

Ravi

Muniyappan
Active Contributor
‎04-10-2015 6:59 AM
0 Kudos

Yes. share your PI system ip(internetfacing). this is also called PI's source IP.

so that source SFTP will allow PI's source ip to connect to their system.

If you have network team, seek their help.they can help you better.

iaki_vila
Active Contributor
‎03-04-2015 3:52 PM
0 Kudos

Hi Ravi,

This error can be a problem with the connectivity. Talk with your basis team if the ports/firewall are open and PI can reach to endsystem.

Talk with the SFTP administrators if your PI user has the right to access to the SFTP destination.

Regards.

Show replies
Show replies
Ask a Question