ActiveTransfer user blocked: Is there some kind of dynamic blacklist?

What product/components do you use and which version/fix level are you on?

webMethods ActiveTransfer Server 10.15

What are you trying to achieve? Please describe it in detail.

A specific user fails to connect via FTP from a specific source IP address. Connecting from a different source is possible. Firewall settings have been inspected and nothing suspicious has been found.

A deeper look into the connection process reveals that the welcome message of the server is delivered to the client, the TLS connection is successfully established (we are using FTP with explicit TLS), and finally there is a timeout after the client sends the USER command. Hence I suspect that something decides to ignore this login.

Does ActiveTransfer Server (or Common Directory Services or Integration Server or something else involved in the background) have a dynamic blacklisting functionality that can block spefic useres from specific locations (maybe after they had some wrong password trials)? If yes, where can I inspect and configure this blacklisting feature?

Do you get any error messages? Please provide a full error message screenshot and log file.

No error message seen on the client side. Nothing relevant shows up in the Integration Server logs (as shown in the Integration Server web UI, corresponding to the file <InstallDir>/IntegrationServer/instances/<InstanceName>/logs/server.log; I don’t know whether other log files could give better insights). By contrast, successful logins and password failures show up there.

If this is happening for a specific IP, one possibility is that the IP is banned. There are some configurations specific to IP banning in Server Preferences screen. However in this case the client should get message saying your IP is banned.

The other possibility is for some reason the client is not able to connect to data port. Please try other protocol like SFTP or HTTP.

Client detailed log and ActiveTransfer.log file will help understand the issue better.

Thanks,
Bhaskar

Dear Bhaskar,

thank you for your help. I think I’ve found the Server Preferences you’ve mentioned in the MFT configuration UI under “Settings” → “Listener preferences”. I guess, all settings were at their defaults.

  • Bans against hammering are short (5 min).
  • The user list of “Ban IP addresses of users after the first incorrect password attempt” is empty.
  • “Ban specified IP addresses” was set to “permanently”, but I don’t see a UI element for inspecting/specifying the IP addresses for this setting. I’ve changed the ban duration in this place to 1 minute; not sure whether this will affect potential past bans.
  • General “IP restrictions” are not set, i. e. all IP addresses are allowed.

Thus only the setting “Ban specified IP addresses” could be an issue, but I don’t know which IP addresses are affected by this.

The project partner with the access problem did not report that he had received messages regarding being banned.

Trying other protocols is a good idea, but, I’m afraid, there are some constraints. The partner who is hosting the server is pretty restrictive regarding his network configuration, and opening the network for FTPS already required much efforts at persuasion. The partner who is accessing the server requires/prefers FTPS for his production system, while manual tests could be done with other protocols.

I will provide client logs and ActiveTransfer.log to you in a private email. Now I’ve located the latter file at <InstallDir>/profiles/IS_<InstanceName>/logs.

Best regards,
Christian