Yesterday is was trying to setup a small FTP server to test some things out for my 70-643 exam. Spend several hours on the following error : “530 user cannot login”. Turned out i’ve forgot to execute a few commands which will set the appropriate permissions on administration.config and redirection.config.
(In this example i have my windows firewall disabled)
Below is a short tutorial to setup an FTP site in IIS 7.5
Step 1, install roles
-Install the following role services : IIS management service / FTP server
Step 2, set appropriate permissions for the config folder and administration config and redirection.config (This important, else the following error will appear : 530 user cannot login)
ICACLS “%SystemDrive%\Windows\System32\inetsrv\config” /Grant “Network Service”:R /T (One folder will fail : config/schema)
ICACLS “%SystemDrive%\Windows\System32\inetsrv\config\administration.config” /Grant “Network Service”:R
ICACLS “%SystemDrive%\Windows\System32\inetsrv\config\redirection.config” /Grant “Network Service”:R
Step 3, configure IIS to accept IIS manager credentials
-Open IIS manager
-Browse to the server
-Open management service
-Select the following : windows credentials or IIS manager credentials
-Click apply in the action pane
Step 4, adding users who can acces the FTP site
-With the server-level node still opened click “IIS manager users” to add an user
-Click ”add” in the action pane
-Type in the name of the user and password
Step 5, after adding the user add a new FTP site
-browse to the site node and right click sites and select : add FTP site
-Type in the site name (for example : ftp.contoso.local) and select a folder which the users will be accessing. Click next
-In the next step of the wizzard select if you want to use SSL, in this example click : allow SSL. Change the binding if you have multiple network cards, select the one on which you want the FTP service to listen. (you don’t have to enable virtual host if you are using one site, if you’re using multiple sites type in a name for example : ftp.contoso.local. Also set the appropriate DNS records). After setting up the appropriate configuration click next.
-In the next step dont setup the authentication yet, this will be done later . Then set ”allow acces to” specified users and type in the user name you’ve set under IIS manager users. Select the permissions you want (read/write or both). Click Finish
Step 6, setting the authentication method to Iismanagerauth
-Expand your FTP site and select FTP authentication
-In the action pane click : custom providers
-In the custom providers screen select : Iismanagerauth, then click ok
If you’ve completed the steps above use for example filezilla client to connect to your FTP server (Host : ipaddress of the server / Username : user you’ve created earlier / Password : password you’ve created for the selected user)
If you’re are using a single ftp site without the virtual host name just type in the username. If you’re are using virtual hostnames type the following fpt.contoso.local|username (ftp.contoso.local is the virtual hostname of the FTP site)
If you’re are running into some problems , check the following :
-are the permissions set on the system32/config folder, redirection.config,administration.config (networkservice)
-Check your FTP authorization rules to check wether or user is allowed to acces the content
-Check your FTP authentication to check if the appropriate authentication is selected
If you’re going use a windows local account, you dont have to create a user in IIS. Just create the user in windows, setup you ftp site, select the created user, and set authentication method to basic. But remember, basic authentication will send the password in cleartext. Use SSL if you’re going to use basic authentication
Link to a site with really great video’s to setup FTP : http://weblogs.asp.net/owscott/archive/2012/02/13/ftp-firewall-settings-active-vs-passive-and-ftps-explicit-vs-implicit-week-47.aspx
bruunit 
Merci 🙂