on 06-03-2008 5:08 PM
Hi,
I am trying to send a file over FTPS (FTP using SSL/TLS) .
But in the actual file transfer process, it fails with connection time out .
I have increased the timeout FTP paremeters to 1200 seconds (20 mins). Still it always fails in approximately 4 minutes with time out.
My suspicion is that when it is attempting to write the file in the destination directory, there is either a write access issue or encoding issue which I am not sure what exactly it is :
Here is the runtime workbench log for the failing step.
2008-06-03 10:01:07 Success Connecting to FTP server "<server-name>"
2008-06-03 10:01:09 Success Write to FTP server "<server-name>", directory "/172182", file "xi_output20080603-100109-147.dat"
2008-06-03 10:01:09 Success Transfer: "TXT" mode, size 392 bytes, character encoding UTF-8
2008-06-03 10:04:54 Error Attempt to process file failed with java.net.ConnectException: Connection timed out
2008-06-03 10:04:54 Error MP: Exception caught with cause com.sap.aii.af.ra.ms.api.RecoverableException: Connection timed out: java.net.ConnectException: Connection timed out
2008-06-03 10:04:54 Error Exception caught by adapter framework: Connection timed out
2008-06-03 10:04:54 Error Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Connection timed out: java.net.ConnectException: Connection timed out.
Our PI version is :
Version
Release:
645_VAL_RE
Service pack:
13
The scenario is File to File : (from NFS to FTPS).
Did anyone run into this problem?
Any help to resolve the issue is appreciated.
Dharmasiri Amith
Edited by: Amith Dharmasiri on Jun 3, 2008 6:09 PM
Hi,
A couple of things to check:
1. Check if CN name on the certificate matches with FTPS server name. n the communication channel, use server name instead of IP address .
2. In PI Unix server, check /etc/hosts file and add an entry there like below:
ip address server name
eg.
1.1.1.1 abc.com
Please check these two and adjust if necessary and let us know if it works.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fatsah,
It has been a while since we resolved this problem. But these were the basic steps that we had taken.
The receiver was configured a File adatpter with FTP:
Port: 10021
Connection security : FTPS (FTP using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS,USER,PASS,PBSZ,PROT
Problem: The message was blocked in our firewall.
FTPS in this case used 10021 as the control port and the firewall allowed to pass the control request.
Once the connection was accepted at the control level, it generated a random port number to pass data on the channel.
This random port number was blocked in the firewall.
We monitored the data port numbers generated at firewall. Then we configured the firewall to open any port number between the specific IP addresses of the sender and the receiver. That resolved the problem.
Hope this helps!
Please give points if this is helpful.
Thank you.
Dharmasiri Amith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
though question is already marked answered but for the one's who will come to it later.
in simple words:
e.g. when you are doing a passive connection to a server:
they will normally tell you:
1) connect on port e.g. 21
2) user/pwd
3) however they would or should also tell you what port range their server is going to serve the data in. e.g 300000 - 3000100
and you would need this range open in your firewall for that IP.
good luck.
Hi,
Try to generate the file xi_output20080603-100109-147.dat with out '-'.
Bcoz some of operating systems will not support hyphen.
Regards,
Rao.Mallikarjuna
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We figured out and resolved the problem:
Here is the explanation:
When "Secure Control and Data connection" option is taken from FTPS protocol, the connection to remote server is established using the given port on the comm. channel. However, the process generates a random port number for "data " connection once the control is established. Our firewall blocked the generated random port number (for Data). That was the issue.
Resolution:
We added a rule to the firewall setup to open up any port number between specific IP addresses. Then it worked.
Thank you.
Even if you change the time sometimes it picks up the old configuration, can u try refreshing the cache content or deleting the communication channel configuration and re do it.
Award points if helpful.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have already done that a couple of times.
But the timeout remained the same (around 4 mins) between start of file processing and the failing.
I wonder if this is a destinations access or file writing issue.
To make it sure, I need to find a way to increase the timeout value.
The other problem is that this location is an external one. (a company outside of our firewall).
Inside our firewall we don't have a FTPS test location. If I can find a freeware FTP with SSL/TLS enabled, I can setup a test FTPS site locally for testing. Do you know any?
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.