While trying to connect to your FTP server hosted by IIS, you may run into “530 User cannot log in, home directory inaccessible” error. This error occurs whether you are using anonymous access or basic authentication.
A sample connection log from an FTP client:
530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server
This issue may appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well.
Depending on the FTP client, you may not see the detailed error message right away. For instance, when I tried to connect to the same site with the same configuration by using WinSCP, I received “Access Denied” error. If your FTP client doesn’t show the entire connection history, look for the log folder to get more information about the root cause.
Solution
There might be a few reasons for running into this error. Here are the most common root causes and their solutions:
- The user may not be have access to the home directory. Go to “IIS > FTP site > FTP User Isolation”. Select the directory that your users can access. More information about User Isolation settings
- IIS may not be configured to use passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data. In order to use passive mode, enter a port range and IP address in “IIS > Server name > FTP Firewall Support” page
Note: You can configure your FTP client to use only the active mode if you don’t want to turn on passive mode
Less common reasons for 530 error
The items below may cause “530 User cannot log in, home directory inaccessible” as well.
- Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
- NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
- Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
- Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
If you are still seeing the issue, check IIS and FTP logs (c:inetpublogsLogFilesFTPSVC2) but don’t let it mislead you. IIS logs sometimes may show PASS. It doesn’t mean everything is well. It’s better to check FTP logs that IIS records for FTP connections
Note: In a case with “Connection closed by the server” error for FTP connection, we determined the root cause as the corruption of system files occurred during in-place server upgrade.
I’ve been tasked with setting up an FTP directory for a client of ours. I’m working from a Windows 2008 Server with IIS 7 installed.
To create the FTP user directory I’ve followed this eHow tutorial.
The FTP site is already set up on IIS 7, so I skipped that bit and followed the rest exactly. However, when I try to connect via FileZilla, I get the following errors:
Status: Connecting to xxx.xx.xx.xx:21... Status: Connection established, waiting for welcome message... Response: 220 Microsoft FTP Service Command: USER userFTP Response: 331 Password required for userFTP. Command: PASS ******** Response: 530 User cannot log in, home directory inaccessible. Error: Critical error Error: Could not connect to server
I’ve double checked the permissions of the user and everything appears to be as it should. If anyone has any advice, I’d be so grateful.
asked Oct 14, 2010 at 11:26
4
It’s not clear to me from reading your post and the link you provided as to whether or not you’re using user isolation. My suggestion would be to determine whether or not you want to use user isolation or not and then start from scratch.
Here’s a link that may help:
http://learn.iis.net/page.aspx/305/configuring-ftp-75-user-isolation/
answered Oct 14, 2010 at 12:39
joeqwertyjoeqwerty
109k6 gold badges80 silver badges171 bronze badges
3
I just hit this issue and for anyone googling the error would like to add the solution that worked on Windows Server 2012 IIS 8.0. It was very simple in the end you have to create a LocalUser folder in the FTP root you specified when creating the FTP site. Then create your username folders under this folder.
For e.g. D:ftp-rootLocalUseruser1
sebix
4,2932 gold badges28 silver badges46 bronze badges
answered Jun 10, 2015 at 17:49
ramjet666ramjet666
811 silver badge2 bronze badges
0
It is the user isolation setting.
You will need change it to «do not isolate users, start users in «user name directory» «
answered Jun 6, 2014 at 4:28
cherry Jeecherry Jee
611 silver badge1 bronze badge
1
Another cause of this error can be the use of FTP IPv4 Address and Domain Restrictions.
If your IIS FTP Site, or one of its parents including the Default site, is using IPv4 Address Restrictions then you’ll need to ensure that your IP address is allowed.
I had this same issue you’ve described, with the exact same Error returned to FileZilla. Here’s how I fixed it:
- Open the IIS Manager
- Click on the Sites > Default FTP Site settings
- Open FTP IPv4 Address and Domain Restrictions
- Ask Google what is my ip
- Add your public IP address to the allowed list under FTP IPv4 Address and Domain Restrictions
- Open Services from the Start Menu
- Find the Microsoft FTP Service in the Started Services list
- Restart the Microsoft FTP Service
answered Mar 8, 2017 at 23:51
We had the same issue . (530 user cannot log in, home directory inaccessible)The problem was a new opening (To allow more sessions) in our firewall allowed another IP to our FTP server (We have IP restrictions setup)
Solution was to add the IP to the IPRestrictions ALLOW LIST
answered Jan 28, 2020 at 18:04
Check the FTP logs recorded by IIS. The status and sub-status codes will give you more information about the issue. Here is a list of the status codes: The FTP status codes in IIS 7.0 and later versions
In my case, this issue occured because my IIS wasn’t configured for passive mode. After entering a port range and external IP address in FTP Firewall Support feature, the error message disappeared:
In this blog post, it mentions a few more root causes: 530 User cannot log in, home directory inaccessible
Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access.
Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active.
Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights.
answered Feb 22, 2019 at 5:23
I had the exact same issue as the OP after adding a new user and associated user folder to an existing FTPS site. The solution in the end was simply to restart the site in IIS. After that I could connect with the new user account successfully.
answered Sep 29, 2021 at 9:21
Adding the following to this excellent source of unusual things that need to be checked:
When using ‘User name directory (disable global virtual directories)’ with local computer accounts The first folder in the FTP site should be ‘LocalUser’, this however experiences a problem when the machine has a computer name longer than 15 characters.
If that is the case:
Rename LocalUser to the first 15 characters of the computer name. Not sure if basic auth also had to be alerted to set the default domain as the same string, would be great if someone could test and revert.
PS: I was a little perplexed, when first setting this up, but with user isolation enabled (disabled global virtual directories) the FTP site’s first directory (LocalUser or the first 15 chars of the computer name, when longer) can either be a physical directory or a virtual directory, goes without saying that this is true for the username directories as well (no length limit on these).
answered Feb 5 at 11:54
You will need to verify the Physical Path of the FTP. Following is the steps to check.
Go to IIS.
Right, Click on Default FTP site. Manage FTP Sit >> Advance
Settings >> Physical Path.
It must be correct or you will find home directory inaccessible.
answered Dec 18, 2017 at 14:01
Are you receiving FTP error 530 user cannot log in home directory inaccessible? We can help you fix it.
While trying to connect to the FTP server we may run into this error message. In most cases, this error occurs only when FTP authorization rules for default FTP site are not set.
At Bobcares, we often get requests from our customers regarding FTP errors as part of our Server Management Services.
Today, let’s get into the details on how our Support Engineers fix the FTP error for our customers.
Why FTP shows 530 user cannot log in home directory inaccessible error?
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network. FTP built on Cilent-Server Architecture and it uses separate connections for control and data.
When connecting locally from Windows Server via FTP using a subscription FTP user, the operation fails with the below error.
Depending on the FTP client the error message appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well. There might be a few reasons for running into this error.
Now, it’s time to see the reasons that cause 530 FTP anonymous messages.
Top causes for “530 User cannot log in, home directory inaccessible”
From our experience in managing servers, we often see customers experiencing problems like “530 User cannot log in, home directory inaccessible”.
Let’s check the common reasons one by one and see how our Support Engineers fix it.
1. Authorization rules
In most cases, this error occurs only when FTP authorization rules for default FTP site are not set. For that, we set the Authorization rule by the following the below steps.
a. Initially, we log in to the VPS via Remote Desktop connection as an Administrator user.
b. Then we open IIS and expand Sites option from left pane.
c. After that we select the default FTP site in site list and click the FTP Authorization Rules option.
d. From the right pane, we click on Add Allow Rule.
e. Then we select the option of All Users and tick the check box of Read and Write permission.
f. Finally, we click on Ok button to save the changes and Restart Microsoft FTP Services to reflect them.
2. The user is not able to access to the home directory.
This is the another root cause of the error. We make sure to select the directory that the users can access by selecting IIS > FTP site > FTP User Isolation and select the FTP root directory.
3. NTFS permissions
We make sure that the FTP users have permissions on the physical folder. For that, we right click the folder > Properties > Security tab and check the user permissions.
Even after making the changes, sometimes to reflect the changes we need to restart Microsoft FTP Services. Here is the steps to restart the FTP service.
1. Open Services and select the service named Microsoft FTP Service.
2. Then click on Restart link from the left pane option.
After that we log in to the FTP account. If everything is fine, then no error will appear while connecting to the FTP account.
[Need assistance in fixing the error? – We will fix it for you.]
Conclusion
To be more accurate, “530 User cannot log in, home directory inaccessible” error happens due to various reasons like incorrect rules, permissions and many more. Today, we saw common causes for the error and also saw how our Support Engineers fixed it.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
GET STARTED
var google_conversion_label = «owonCMyG5nEQ0aD71QM»;
I spent long time looking for a solution, I’ve tried every shared answer on the internet and nothing could solve the issue. It is an issue I was ignoring for years and I never could fix.
Ok, I’ve Plesk installed and I’m not sure if it has some effect on IIS FTP to do the following behavior …
Using Process Monitor tool, and making ftp login request and watching the tool and doing your investigation using this tool, you can get a hint about the REAL reason of the problem.
For me, I found out that IIS FTP was trying to access the ftp folder from a path DIFFERENT than the actual ftp path I’ve set, I do not know why, but maybe Plesk has some effect on this.
The actual ftp path is
C:inetpubvhostszidapp
The path that IIS FTP was trying to access DURING the login process is
C:inetpubvhostsServers7localuserzid_app_ftp_user
I fixed the issue by creating a folder link from ‘actual’ folder path to the path IIS was trying to access — using the tool mklink tool
CMD command
mklink /d C:inetpubvhostsServers7localuserzid_app_ftp_user "C:inetpubvhostszidapp"
I’ve fixed the issue that way, so wen FTP is trying to access the folder from the wrong path, it is now goes to the correct one.
Please note doing folder shortcut wont work for this, you need a link like linux, not a shortcut …
I hope it will help you 
Users can upload and download files by using FTP (File Transfer Protocol) clients such as FileZilla or WinSCP. These clients connect to an FTP server hosted by IIS (Internet Information Server) or other web server technologies. In most cases, it is easy to set up and maintain an FTP server. However, you may run into issues like “530 User cannot log in, home directory inaccessible” error while trying to connect your FTP server. In this post, I will explain how to solve this issue in IIS.
No matter if you are using anonymous access or basic authentication, you may come across this error message. Here is the full connection log from FileZilla:
Connecting to 192.168.83.82:21…
Connection established, waiting for welcome message…
Insecure server, it does not support FTP over TLS.
USER anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS *
530 User cannot log in, home directory inaccessible.
Critical error: Could not connect to server
This issue may appear as “Failed to retrieve directory listing” or “Home directory inaccessible” error as well.
Depending on the FTP client, you may not see the detailed error message right away. For instance, when I tried to connect to the same site with the same configuration by using WinSCP, I received “Access Denied” error. If your FTP client doesn’t show the entire connection history, look for the log folder to get more information about the root cause.
It is not always easy to choose an FTP client that fits your requirements. Check my related post for a comparison of FTP clients: Which FTP client is better: FileZilla, CuteFTP or TotalCommander?
Root causes and solutions for “530 User cannot log in, home directory inaccessible” error
There might be a few reasons for running into this error. Here are the most common root causes and their solutions:
- The user is not able to access to the home directory. This is by far the most common root casue of “home directory inaccessible” error. Go to “IIS > FTP site > FTP User Isolation”. Make sure to select the directory that your users can access to. If you are not sure about what to select, select “FTP root directory”. More information: User Isolation Settings.
- IIS is not supporting passive mode FTP. There are two types of FTP connections: Active mode and passive mode. In active mode, the client opens a port. The server connects to this port for transferring data. In passive mode, the server opens a port. The client connects to this port to transfer data (More information: Active and Passive FTP). In order to configure IIS for supporting passive mode, enter a port range and external IP address in “IIS > Server name > FTP Firewall Support” page (More information: Using a single port for IIS FTP in passive mode).
- NTFS permissions. The issue might be simply caused by a missing NTFS permission on the FTP folder in Windows. Make sure the account you are using to connect to FTP server has permission on the folder that has FTP files.
Note: If you don’t want to turn on passive mode in IIS, you can force your FTP client to use only the active mode. In order to do this, go to “Edit > Settings > FTP” and choose “Active” in FileZilla.
Less common reasons for 530 error and how to fix them
The items below may cause “530 User cannot log in, home directory inaccessible” as well.
- Authorization rules. Make sure to have an Authorization rule that allows the user or anonymous access. Check “IIS > FTP site > FTP Authorization Rules” page to allow or deny access for certain or all users.
- NTFS permissions. The FTP users (local or domain users) should have permissions on the physical folder. Right click the folder and go to Properties. In the Security tab, make sure the user has required permissions. You can ignore Shared tab. It is not used for FTP access. A related post: Combining AD permissions with FTP.
- Locked account. If you local or domain account is locked or expired, you may end up seeing “User cannot log in” error. Check local user properties or Active Directory user settings to make sure the user account is active. A related topic: Microsoft Support.
- Other permission issues. The user account may not have “Log on locally” or “Allow only anonymous connections security” rights. More information: Microsoft Support.
Still having the issue?
It’s time to dive deep. Check IIS logs but don’t let it mislead you. IIS logs sometimes may show PASS. It doesn’t mean everything is well. It’s better to check FTP logs that IIS records for FTP connections. It is located in c:inetpublogsLogFilesFTPSVC2
In FTP logs, you will see a status and sub-status code. Here is a list of the most common FTP status codes:
4xx- Transient Negative Completion Reply
The command was not successful, but the error is temporary. If the client retries the command, it may succeed.421 – Service not available, closing control connection. This may be a reply to any command if the service knows it must shut down.
425 – Cannot open data connection.
426 – Connection closed; transfer aborted.
431 – Need some unavailable resource to process security.
450 – Requested file action not taken. File unavailable (e.g., file busy).
451 – Requested action aborted. Local error in processing.
452 – Requested action not taken. Insufficient storage space in system.5xx- Permanent Negative Completion Reply
The command was not successful, and the error is permanent. If the client retries the command, it receives the same error.500 – Syntax error, command unrecognized. This may include errors such as command line too long.
501 – Syntax error in parameters or arguments.
502 – Command not implemented.
503 – Bad sequence of commands.
504 – Command not implemented for that parameter.
521 – Data connection cannot be opened with this PROT setting.
522 – Server does not support the requested network protocol.
530 – Not logged in.
532 – Need account for storing files.
533 – Command protection level denied for policy reasons.
534 – Request denied for policy reasons.
535 – Failed security check (hash, sequence, and so on).
536 – Requested PROT level not supported by mechanism.
537 – Command protection level not supported by security mechanism.
550 – Requested action not taken. File unavailable (for example, file not found, or no access).
551 – Requested action aborted: Page type unknown.
552 – Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 – Requested action not taken. File name not allowed.Source
Note 1: In a case with “Connection closed by the server” error for FTP connection, we determined the root cause as the corruption of system files occurred during in-place server upgrade.
Note 2: If your FTP server is behind Azure Firewall, please check the known-issues page. For example, passive FTP may not work based on FTP configuration.
Are you trying to upload files to FTP server programmatically? Check this post out: How to upload a file via FTP in C#