cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FTPS Transfer Failing with Connection Timeout

Former Member

on ‎06-03-2008 5:08 PM

0 Kudos

Hi,

I am trying to send a file over FTPS (FTP using SSL/TLS) .

But in the actual file transfer process, it fails with connection time out .

I have increased the timeout FTP paremeters to 1200 seconds (20 mins). Still it always fails in approximately 4 minutes with time out.

My suspicion is that when it is attempting to write the file in the destination directory, there is either a write access issue or encoding issue which I am not sure what exactly it is :

Here is the runtime workbench log for the failing step.

2008-06-03 10:01:07 Success Connecting to FTP server "<server-name>"

2008-06-03 10:01:09 Success Write to FTP server "<server-name>", directory "/172182", file "xi_output20080603-100109-147.dat"

2008-06-03 10:01:09 Success Transfer: "TXT" mode, size 392 bytes, character encoding UTF-8

2008-06-03 10:04:54 Error Attempt to process file failed with java.net.ConnectException: Connection timed out

2008-06-03 10:04:54 Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: Connection timed out: java.net.ConnectException: Connection timed out

2008-06-03 10:04:54 Error Exception caught by adapter framework: Connection timed out

2008-06-03 10:04:54 Error Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Connection timed out: java.net.ConnectException: Connection timed out.

Our PI version is :

Version

Release:

645_VAL_RE

Service pack:

13

The scenario is File to File : (from NFS to FTPS).

Did anyone run into this problem?

Any help to resolve the issue is appreciated.

Dharmasiri Amith

Edited by: Amith Dharmasiri on Jun 3, 2008 6:09 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎03-15-2012 2:48 PM
0 Kudos

Hi,

A couple of things to check:

1. Check if CN name on the certificate matches with FTPS server name. n the communication channel, use server name  instead of IP address .

2. In PI Unix server, check /etc/hosts file and add an entry there like below:

ip address    server name

eg.

1.1.1.1      abc.com

Please check these two and adjust if necessary and let us know if it works.

Show replies
Show replies
Former Member
‎03-15-2012 4:12 PM
0 Kudos

In most cases with FTPS, we don't have to import the certificates explicitely. It will be automatically imported  at the handshakes between servers. Can you get rid of the certificate from service_ssl and try.

Former Member
‎04-28-2010 8:15 PM
0 Kudos

Hi Fatsah,

It has been a while since we resolved this problem. But these were the basic steps that we had taken.

The receiver was configured a File adatpter with FTP:

Port: 10021

Connection security : FTPS (FTP using SSL/TLS) for Control and Data Connection

Command Order: AUTH TLS,USER,PASS,PBSZ,PROT

Problem: The message was blocked in our firewall.

FTPS in this case used 10021 as the control port and the firewall allowed to pass the control request.

Once the connection was accepted at the control level, it generated a random port number to pass data on the channel.

This random port number was blocked in the firewall.

We monitored the data port numbers generated at firewall. Then we configured the firewall to open any port number between the specific IP addresses of the sender and the receiver. That resolved the problem.

Hope this helps!

Please give points if this is helpful.

Thank you.

Dharmasiri Amith

Show replies
Show replies
Former Member
‎05-07-2010 10:03 AM
0 Kudos

Thank for ure response

I formard this issue for my backend. and I still witing for their response.

Former Member
‎05-09-2010 5:32 AM
0 Kudos

though question is already marked answered but for the one's who will come to it later.

in simple words:

e.g. when you are doing a passive connection to a server:

they will normally tell you:

1) connect on port e.g. 21

2) user/pwd

3) however they would or should also tell you what port range their server is going to serve the data in. e.g 300000 - 3000100

and you would need this range open in your firewall for that IP.

good luck.

former_member189354
Contributor
‎06-04-2008 4:27 AM
0 Kudos

Hi,

Try to generate the file xi_output20080603-100109-147.dat with out '-'.

Bcoz some of operating systems will not support hyphen.

Regards,

Rao.Mallikarjuna

Show replies
Show replies
Former Member
‎06-04-2008 3:08 PM
0 Kudos

That is the date/time stamp added from Communication Channel Definition option "Add Time Stamp".

Anyway I got rid of it and still have the same error.

Former Member
‎06-13-2008 11:02 PM
0 Kudos

We figured out and resolved the problem:

Here is the explanation:

When "Secure Control and Data connection" option is taken from FTPS protocol, the connection to remote server is established using the given port on the comm. channel. However, the process generates a random port number for "data " connection once the control is established. Our firewall blocked the generated random port number (for Data). That was the issue.

Resolution:

We added a rule to the firewall setup to open up any port number between specific IP addresses. Then it worked.

Thank you.

Former Member
‎04-14-2010 11:22 PM
0 Kudos

can you please explain to me step by step how you do it.

i have same issue. and i am debating for week without success.

thank in advance.

Former Member
‎06-03-2008 7:00 PM
0 Kudos

Even if you change the time sometimes it picks up the old configuration, can u try refreshing the cache content or deleting the communication channel configuration and re do it.

Award points if helpful.

Show replies
Show replies
Former Member
‎06-03-2008 8:30 PM
0 Kudos

I have already done that a couple of times.

But the timeout remained the same (around 4 mins) between start of file processing and the failing.

I wonder if this is a destinations access or file writing issue.

To make it sure, I need to find a way to increase the timeout value.

The other problem is that this location is an external one. (a company outside of our firewall).

Inside our firewall we don't have a FTPS test location. If I can find a freeware FTP with SSL/TLS enabled, I can setup a test FTPS site locally for testing. Do you know any?

Ask a Question