I've made an interesting discovery that is mentioned in part on other posts in other forums.  This involves IIS; however, I believe the issue rests with the Windows Server 2012 OS.

Here's the scenario.

Client:

• Windows 8
• almost any FTP client

Server:

• Windows Server 2012
• FTP site hosted in IIS 8

Problem:

The client connects to the FTP site via FTPS (regular FTP works).  The connection is successful, and the client is able to list the directories and download content. However, the client cannot upload anything to the FTP site.

Error: 550 The supplied message is incomplete. The signature was not verified.

Any of the following modifications to the scenario will allow the client to upload content:

• changing the client OS to Windows 7
• changing the server OS to Windows 2008 or 2008 R2 (IIS7+)
• changing the FTP client to CoreFTP (I've tried FileZilla, the Microsoft FTP client, SmartFTP, and WinSCP)

I found this post regarding FileZilla that states there is an SSL cipher ordering issue with Windows Server 2012 and IIS8 for FTP clients using explicit TLS:http://trac.filezilla-project.org/ticket/7910

Their "solution" points to an MSDN blog post here: http://blogs.msdn.com/b/kaushal/archive/2011/10/03/taming-the-beast-browser-exploit-against-ssl-tls.aspx

This states that you need to reorder the SSL ciphers with TLS_RSA_WITH_RC4_128_SHA as the highest priority; however, there is a limitation to the text file where you order the ciphers, 1023 characters, which is less than the total number of characters for all ciphers.  This means you must know which ciphers will be needed and in which order as to not break anything else.  That's not a viable workaround.

Does anyone know if there is a patch coming down to fix this, or are there any more viable workarounds?  One would think a Windows 8 client should be able to connect via FTP with explicit TLS to an FTP hosted in IIS8 on Windows Server 2012 to upload content.

• Edited by TSJeff Thursday, October 10, 2013 8:08 PM

Same issue - I would appreciate any solution/workaround very much!

Hi,

As the MSDN blog mentioned, that currently we can only workaround the issue with provided settings. As FTP settings are now included in IIS, it is still recommended to post to IIS forum to see if there is any known suggestion regarding this.

http://forums.iis.net/

Microsoft provides a fix for the problem:
http://support.microsoft.com/kb/2888853

Greetings
Joerg

• Marked as answer by TSJeff Tuesday, November 26, 2013 9:43 PM

Microsoft provides a fix for the problem:
http://support.microsoft.com/kb/2888853

Greetings
Joerg

I've tested this on multiple servers and workstations.  The hotfix works.

Note:

• When it says Windows 8 or 8.1 in the download, these correspond to Windows Server 2012 and Windows Server 2012 R2 respectively.
• Even though the web page for the hot fix says it doesn't require a reboot.  The hot fix installation prompts you to reboot.

For some reason I'm getting 404 on link to hotfix for windows 8.1 (both x86 and x64) in the email. Do you maybe have the correct one?

Thanks.

I get the error "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable." when trying to download the hotfix.  Was anyone able to get the hotfix??  It appears the link is broken.

I have exactly the same problem.

Fix that MS. Fast.

You can get the update from the Windows update catalog:

http://catalog.update.microsoft.com/

• Edited by jtwaddle Friday, January 10, 2014 5:00 PM

EDIT: Never mind, fixed it!

You can get the update from the Windows update catalog:

http://catalog.update.microsoft.com/

Thanks for the hint.

I'm running Win 8.1 x64, so I downloaded the hotfix for Win 8.1 x64 (AMD64-all-windows8.1-kb2888853-x64_9c71ef4880971095842772fc0d76d44cfebc7ad5.msu to be exact).

However, when I try to install it, installer tells me that this patch is not applicable for my computer.
Error Log shows: Windows update  could not be installed because of error 2149842967, windowsupdate.log looks fine actually.

Ideas? Thanks!

• Edited by mhasling Friday, January 10, 2014 9:11 PM problem solved already

EDIT: Never mind, fixed it!

Can you share what you did to fix it? Thanks.

Oh it was my own fault. I thought the hotfix was intended for the client, but it was for the server of course. On the server the install worked and the error was gone.

However, I've switched to FileZilla server in the meanwhile, IIS FTP wasn't configurable enough for my demands. No problems now ;)

Thank for the quick response! I thought the same thing :)

Unfortunately my server is hosted elsewhere. 

Our WS 2012 Std running IIS 8 does not accept the hotfix for KB2888853, says it does not apply to this computer.

FTPS works fine with CuteFTP, but not with FileZilla or Win SCP, all tested on Win 8.1

Same problem here: 'does not apply to this computer' for both windows 8.1 pro client and for windows 2012 R2 server edition ? What next?

Same as Quantis001, the fix will not install on either the server (2012 R2) or the client (8.1).